Skip to content

User Guide: Admin Tab

Audit Logs

Overview

The Audit Logs subtab within Admin provides a record of Portal events, allowing an administrator to review and search for changes made to the the organization's Portal instance and profile.

View Audit Logs

The administrator is able to view the the timestamp of the action, the logged-in user who initiated the action, the kind of action performed, the section of Portal the action occurred in, and additional information as relevant to certain logs.

Audit Logs

Audit Logs defaults to showing all the logs for the filtered timeframe, or the most recent 100 logs. Pressing the Show More button at the bottom of the list will expand the list by 100 logs each time it is pressed if there are more logs to show within the filtered timeframe.

Some logs will have details of the changes that were made. These can be seen by selecting the expand function on that line item.

Expanding Changes

Events that are logged are labeled as actions. Below are the actions that are currently available in the Portal:

Action Definition
create A user has created a new instance of a Portal item.
delete A user has deleted a previously created instance of a Portal item.
update A user has edited a previously created instance of a Portal item.
login A user has logged into the Portal.
ssoLogin A user has logged in using their preferred Single Sign-On method.
changePassword A user has changed his/her own password.
activationRequest A user has sent an activation requests to a new, or previously created user.
passwordReset An administrator has reset someone's password.
TermsOfService A user has acknowledged the Terms of Service.
LockedOut A user has been locked out of his or her account.
Subscribed A user has subscribed to a report.
Unsubscribed A user has unsubscribed from a report.
FailedLogin A user attempted to login but entered an incorrect password.

Every action occurs in the context of a section, or table. The actions "create", "update", and "delete" occur in multiple sections. Below are the sections that are currently available in the Portal:

Section Definition
Configurations The action applies to the organization's settings (occurs in conjuction with Organizations).
DeploymentGroups The action applies to a deployment group.
Devices The action applies to an MDM device.
EmmDevices The action applies to an EMM device.
EmmEnrollmentTokens The action applies to an enrollment token for an EMM Console policy.
EmmPolicies The action applies to an EMM Console policy.
FileArtifactLocations The action applies to a cloud-hosted file.
FileArtifactMeta The action applies to the service for managing cloud-hosted files.
LauncherConfigurations The action applies to a launcher configuration file.
LoginAttempts The action applies to attempts by a user to login to the Portal.
Organizations The action applies to the organization's settings (occurs in conjuction with Configurations).
Playbooks The action applies to a playbook.
Plays The action applies to a play.
Roles The action applies to a role.
Reports The action applies to a report.
ReportSubscription The action applies to the subscription or unsubscription of user to a report.
SitesMeta The action applies to managing the site list files for the organization's dashboards (often in conjunction with SitesView).
SitesViews The action applies to managing the site list files for the organization's dashboards (often in conjunction with SitesMeta).
SSOConfigs The action applies to an SSO configuration.
Users The action applies to a user.

Filter Audit Logs

Audit Logs can be filtered to show a specific date/time range of logs, or logs relevant to specific users, actions, sections, or any combination thereof.

The default Date/Time filter is 24 hours. Three predefined filters can be selected: Past 30 Days, Past 7 Days, and Past 24 Hours. A custom filter can also be created where the administrator can select a date range from a calendar, a Start Time for the earlier date, and an End Time for the later date.

To use the other filters, expand the dropdown for the Users, Actions, or Sections filter and select specific items. Chips will display above the filter selectors to indicate what criteria is being filtered for in the query. These chips can be individually removed with their respective "X" buttons.

Audit Log Filter

Pressing Apply Filters applies the filters to the log queries, expanding or contracting the results accordingly.

Filtering for combinations that do not exist will display a message in the results section informing the user that no logs could be found matched the criteria that was filtered.

No Matching Logs

Pressing Clear All removes all Users, Actions, and Sections filters and returns the Date/Time range to the default filter of 24 hours.