Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
devel:documentation:audit [2019/02/01 13:01]
kotisovam admin guide section 		devel:documentation:audit [2019/03/18 09:39] (current)
kotisovam [Login audit] language edit
Line 22: Line 22:
  
 CzechIdM also audit all changes on relations between those entities, e.g. Identities and their Contracts. There is also an enhanced filter that is advised to use when searching for particular changes. CzechIdM also audit all changes on relations between those entities, e.g. Identities and their Contracts. There is also an enhanced filter that is advised to use when searching for particular changes.
 +
 +===== Login audit =====
 +
 +The audit for login contains information about users' successful and failed login attempts. Each audit record contains information about the following:
 +  * Identity (only in global agenda),
 +  * result from login (failed/success),
 +  * login date,
 +  * number of unsuccessful attempts,
 +  * required password change,
 +  * valid password from,
 +  * valid password to,
 +  * password blocked to.
 +
 +<note tip>When a user (not admin, or a user with special permissions to change passwords of other users) changes the password himself or herself, s/he is logged out and logged in upon making this change. This information is now available in audit of password changes, and in login audit.</note>
 +
 +{{ :devel:documentation:loginaudit.png |}}
 +
 +===== Password change audit =====
 +
 +Audit contains information about password changes. The audit is not composed by classic audit records but from password history records. Same history records are used for check history password.
 +
 +<note important>This audit store data only about password changes done against CzechIdM. When user change password only against end system (eq AD, LDAP, ...) the audit for password change will be empty</note>
 +
 +{{ :devel:documentation:passwordchangeaudit.png |}}
 +
 +===== Add or removed roles audit =====
 +
 +Audit contains information about added, removed and changed roles that is assigned to user. This audit agenda doesn't show role parameters.
 +
 +{{ :devel:documentation:identityroleaudit.png |}}
  
 ===== Provisioning audit ===== ===== Provisioning audit =====
Line 44: Line 74:
   * [[tutorial:adm:audit_workflow| Audit - what state is my workflow in?]]   * [[tutorial:adm:audit_workflow| Audit - what state is my workflow in?]]
  
-===== Admin guide (to be completed) ===== +===== Admin guide ===== 
-  * [[.adm:audit|Audit overview]]+(to be deleted)
  
 ===== Devel guide ===== ===== Devel guide =====
   * [[.audit:dev:audit|]]   * [[.audit:dev:audit|]]
   * [[.audit:dev:logging|]]   * [[.audit:dev:logging|]]
  • by kotisovam