Monitor User Events in the Cloud Administration Console

Document created by RSA Information Design and Development on Jul 13, 2016Last modified by RSA Information Design and Development on Feb 9, 2018
Version 22Show Document
  • View in full screen mode

You can display a list of the most recent user events for the Cloud Authentication Service. Use this information to monitor user behavior patterns and troubleshoot unsuccessful authentication attempts.


This report can list up to 100 events that occurred over the past seven days. You can filter the report results according to User ID, date range, and authentication methods.

The report output includes the following information related to the event:
  • Timestamp
  • User
  • Event Code
  • Description
  • Application
  • Method
  • Authentication Details
  • Assurance Level

Critical and error events are color-coded to help you quickly identify them.

Before you begin 

You must be a Super Admin or Help Desk Administrator in the Cloud Administration Console.


  1. In the Cloud Administration Console, click Users > User Event Monitor.
  2. (Optional) In the Filter field, type the User ID for which you want to display events. By default, all events within the specified time period are displayed.
  3. (Optional) Specify the time period to include in the report in hours (1 to 24) or days (1 to 7). The default is four hours.
  4. (Optional) Specify if you want to display only Success Events, Error Events, or Critical Events.
  5. Click Go to begin the search.
    By default, events appear in descending order by timestamp, with the most recent entry first. Critical and error events are color-coded for quick identification. You can sort a column by clicking its arrow.



You are here
Table of Contents > Logging > Monitor User Events in the Administration Console