How to run a Report showing Failed Authentication Attempts in RSA Identity Governance & Lifecycle

4 years ago

Originally Published: 2015-09-10

Article Number

000062099

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.x

Issue

How can failed authentication attempts be viewed in RSA Identity Governance & Lifecycle?

Resolution

Starting in RSA Identity Governance & Lifecycle 6.9.1, Audit Logging was added as a new feature to the RSA Identity Governance & Lifecycle application. Events that are audited are defined under Admin > System > Audit tab > Audit Log Event Configuration. All events are enabled by default.

To view failed authentication attempts and other audit events, there is an Out-of-the-box (OOTB) Tabular Report that reports audit events for the last 30 days. In the user interface go to Reports > Tabular > Audit Events for the Past 30 Days > Run Report button. Once the report results are available, peruse the results for the LOGIN audit event. The LOGIN audit event audits login-related changes including failed authentication attempts.

Below is a sample of report output with successful and failed login attempts. If you export the report results (bottom right corner) to a CSV file, you can then sort the report on any of the table columns. In this case you could sort on Event Name to see all the LoginFailureAttempt events grouped together.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles