Monitor User Events in the Cloud Administration Console - RSA Community - 623097

Register Now

Options

Subscribe to RSS Feed

Bookmark

Subscribe

Printer Friendly Page

Report Inappropriate Content

Versions

Collections

All Downloads

Table of Contents

Release Notes
- Release Notes
Product Basics
- SecurID Overview
- ID Plus Licenses
  - SecurID Licenses
  - SecurID Access Editions
- Cloud Authentication Service Overview
- Protect Resources with the Cloud Authentication Service
- High-Level Authentication Flows for the Cloud Authentication Service
- Videos
Quick Setup
- Getting Started with Quick Setup for the Cloud Authentication Service
- Quick Setup - POC
- Quick Setup - SAML Applications and Third-Party SSO Solutions
- Quick Setup - My Page SSO
- Quick Setup - IDR-Based SSO
- Quick Setup - RADIUS Clients
- Quick Setup - Connect RSA Authentication Manager to the Cloud Authentication Service with an Embedded Identity Router
Deployment Management
- Cloud Administration Console Dashboard
- Publishing Changes to the Identity Router and Cloud Authentication Service
- Supported Browsers for the Cloud Administration Console
Administrators
- Administrative Roles for the Cloud Administration Console
- Manage Administrators for the Cloud Administration Console
- Add, Edit, or Delete an Administrator for the Cloud Administration Console
- Change Your Account Name and Password in the Cloud Administration Console
- Reset Forgotten Password in the Cloud Administration Console
- Change the Identity Router Administrator Password Using the Identity Router Setup Console
Company Settings
- Configure Company Information and Certificates
- Protected Domain Name
- Customize and Configure Domain Name
- Configure Session and Authentication Method Settings
- Password Lockout Examples
- Protect the Cloud Administration Console with Additional (Step-Up) Authentication
Identity Routers
- Planning Your Identity Router Deployment
- Installing and Configuring Identity Routers
- Managing Identity Routers
Identity Sources
- Identity Sources for the Cloud Authentication Service
- LDAPv3 Server Requirements to Enable Expired Password Handling in the Application Portal
- LDAPv3 User Verification for the Cloud Authentication Service
- Add, Delete, and Test Connection for an Identity Source for the Cloud Authentication Service
- Directory Server Attributes Synchronized for Authentication
- Manually (Bulk) Synchronize an Identity Source for the Cloud Authentication Service
- Manage Identity Sources for the Cloud Authentication Service
- Unified Directory
My Page Web Applications (New)
- Manage My Page
- Add a SAML Application
- Add an Application Using HTTP Federation Proxy
- Add an Application Using Trusted Headers
- Add a Bookmark Link in the Application Portal
User Application Portal
- User Application Portal
- Configure the Standard Web Application Portal
- Configure a Custom Portal Page for Web Applications
- Configure a Standard or Custom Application Portal Page
- Adding a Custom Logo to Your Cloud Authentication Service Deployment
- User Session and Single Sign-On
- Develop Custom Web Portals (PDF)
Access Policies
- Planning Access Policies
- Configuring Access Policies
Clusters, High Availability, and Backups
- Clusters
- Cluster Relationships
- Load Balancer Requirements
- Manage Clusters
- Enable RADIUS on Identity Routers in a Cluster
- Configure High Availability for Cloud Authentication Service Deployments
- Backing Up User Profiles for HTTP Federation Applications
- Manage Cluster Backups
Relying Parties
- Relying Parties
- SAML 2.0 Requirements for Service Providers
- Add a Relying Party
- Add a Service Provider
- Add an OIDC Relying Party
- OIDC Relying Party Endpoints
- Manage Relying Parties
- Example: SAML IdP for Cloud Authentication Service Assertion
- Add Epic Hyperdrive Relying Party
RADIUS
- RADIUS for the Cloud Authentication Service Overview
- Deploying RADIUS for the Cloud Authentication Service
- Add a RADIUS Client for the Cloud Authentication Service
- Configure a RADIUS Profile for the Cloud Authentication Service
- Attributes for RADIUS Clients and Profiles for the Cloud Authentication Service
- Customize the RSA SecurID Access Web Interface for a Cisco Adaptive Security Appliance
- Manage RADIUS for the Cloud Authentication Service
Certificates
- Cloud Authentication Service Certificates
- Generate and Download a Certificate Bundle for Service Providers and Identity Providers for the SSO Agent
- List of Trusted Certificate Authorities for HFED and Trusted Headers Applications
- Upload Certificates for Trusted Certificate Authorities
- Delete a Trusted Certificate Authority Certificate
- Certificates and Keys for Service Providers and Identity Providers for the IDR SSO Agent
- Trusted Certificate Authorities for HFED or Trusted Headers Applications
Integrated Windows Authentication
- Integrated Windows Authentication
- Deploying Integrated Windows Authentication
- Configure User Browsers for Integrated Windows Authentication
Identity Providers
- Adding Identity Providers
- Manage Identity Providers
- Restricting Access to Automated SSO Agent IdPs Using Authentication Source Access Rules
- Add Cloud Identity Provider
- Add a SAML Version 2 SSO Agent Identity Provider
- Authentication Sources
- Manage Authentication Sources
- Add an Authentication Source
- Add Authentication Source Access Rules
- Reorder Authentication Sources
- Delete an Authentication Source
IDR-Based Web Applications (Legacy)
- Cloud Authentication Service Quick Setup Guide for IDR-Based SSO
- Manage the Application Catalog (IDR)
- Manage My Applications (IDR)
- Add an Application to My Applications (IDR)
- Delete an Application From My Applications (IDR)
- Choosing a Connection Method to Add an IDR SSO Agent Application
- SAML Applications (IDR)
- Application Availability and Visibility (IDR)
- Add a SAML Application
- Configure Advanced Settings for a SAML Connection (IDR)
- Export SAML Metadata From an Application on the Identity Router (IDR)
- HTTP Federation Proxy Applications (IDR)
- Planning to Add an Application Using HTTP Federation Proxy (IDR)
- HTTP Federation Proxy Planning Worksheet (IDR)
- Add an Application Using HTTP Federation Proxy
- Trusted Headers (IDR)
- Add an Application Using Trusted Headers
- Add a Bookmark Link in the Application Portal
- Deep Linking (IDR)
Authentication Methods and Emergency Access
- Authentication Methods for Cloud Authentication Service Users
- Authentication Method Lockout
- Emergency Access for Cloud Authentication Service Users
Users and Authenticators
- Cloud Authentication Service User System Requirements
- Authenticator Registration
- SecurID Hardware Tokens
- Configure Email Notifications
- Manage My Page
- Getting Started with FIDO-Certified Security Keys with SecurID
- SecurID and Yubico
- Using RSA Security Key Utility
- Registering Devices with SecurID Authenticate App
- Manage Users for the Cloud Authentication Service
- Run User Reports
- Deploying the SecurID Authenticate App in EMM Environment
- Deploying the SecurID Authenticate for Windows 10 App Using DISM
- Deploying the SecurID Authenticator 6.0.1 for Windows Using DISM
- Deploying SecurID Authenticator 6.1.1 for Windows Using DISM
- Deploying SecurID Authenticator 6.1.2 for Windows Using DISM
- Deploying SecurID Authenticator 6.1.3 for Windows Using DISM
- SecurID App Permissions
End User Rollout
- Educating Your Users
- Cloud Authentication Service Rollout to Users
- Sample Rollout Email for SecurID Access Users
- Configure Browsers to Trust the Cloud Authentication Service
Authentication Manager Integration
- Select an Integration Path for SecurID Authentication Manager and the Cloud Authentication Service
- Quick Setup - Connect SecurID Authentication Manager to the Cloud Authentication Service with an Embedded Identity Router
- Connect Your Cloud Authentication Service Deployment to Authentication Manager
- Enable High Availability Tokencode in the Cloud Authentication Service
- Test the SecurID Authentication Manager Connection
- Update the Connection between the Cloud Authentication Service and SecurID Authentication Manager
- Delete the Connection Between the Cloud Authentication Service and Authentication Manager
Cloud Administration APIs
- Using the Cloud Administration APIs
- Manage the Cloud Administration API Keys
- Determining Access Requirements for High-Risk Users in the Cloud Authentication Service
- Authentication for the Cloud Administration APIs
- Cloud Administration Event Log API
- Cloud Administration User Search API
- Cloud Administration Synchronize User API
- Cloud Administration User Details API
- Cloud Administration Delete User Device API
- Cloud Administration Authenticator Details API Version 1
- Cloud Administration Authenticator Details API Version 2
- Cloud Administration Mark User Deleted API
- Cloud Administration Delete User Now API
- Cloud Administration User Status API
- Cloud Administration Anomalous Users API
- Cloud Administration Unlock User Tokencodes API
- Cloud Administration Update SMS and Voice Phone API
- Cloud Administration Retrieve Authentication Audit Logs API
- Cloud Administration User Event Log API
- Cloud Administration Add/Remove High-Risk Users API
- Cloud Administration Retrieve High-Risk User List API Version 1
- Cloud Administration Retrieve High-Risk User List API Version 2
- Cloud Administration Health Check API
- Cloud Administration Retrieve Device Registration Code API
- Cloud Administration Enable Emergency Tokencode API
- Cloud Administration Disable Emergency Tokencode API
- Cloud Administration Retrieve License Usage API Version 1
- Cloud Administration Retrieve License Usage API Version 2
- Cloud Administration FIDO Authenticator API
- Cloud Administration Enable FIDO Authenticator API
- Cloud Administration Disable FIDO Authenticator API
- Cloud Administration Retrieve Hardware Token Serial Number API
- Cloud Administration Assign Hardware Token API
- Cloud Administration Unassign Hardware Token API
- Cloud Administration Enable Hardware Token API
- Cloud Administration Disable Hardware Token API
- Cloud Administration Delete Hardware Token API
- Cloud Administration Clear PIN for Hardware Token API
- Cloud Administration Update Hardware Token Name API
- Cloud Administration MFA Agent Lookup REST API
- Cloud Administration Enable SecurID DS100 OTP Credential API
- Cloud Administration Disable SecurID DS100 OTP Credential API
- Cloud Administration Delete SecurID DS100 OTP Credential API
- Cloud Administration Clear PIN SecurID DS100 OTP Credential API
- Cloud Administration Retrieve SecurID DS100 OTP Credential API
- Cloud Administration Generate and Download Report APIs
SecurID Authentication API
- Manage the SecurID Authentication API Keys
- SecurID Authentication API Developer's Guide (PDF)
- FIDO Authentication and Custom App Authentication
Logging
- Logging for the Cloud Authentication Service
- Event Message Components for the Cloud Authentication Service
- Monitor User Events in the Cloud Administration Console
- Monitor System Events in the Cloud Authentication Console
- User Event Monitor Messages for the Cloud Authentication Service
- System Event Monitor Messages for the Cloud Authentication Service
- Administration Log Messages for the Cloud Authentication Service
- Identity Router Logging
- Configure Audit Logging in the Cloud Administration Console
- Set the Identity Router Logging Level
- Contents of Identity Router Log Bundle
- View the Identity Router System Log
- Identity Router Audit Log Messages
- SecurID Authenticate App Logging
Troubleshooting
- Troubleshooting Cloud Authentication Service User Issues
- Troubleshooting Cloud Administration Console Issues
- Troubleshooting Identity Router Issues
- Troubleshooting Cloud Authentication Service Identity Source Synchronization
- Monitor Uptime Status for the Cloud Authentication Service
- Access SSH for Identity Router Troubleshooting
- Grant SecurID Customer Support Access to Your Account
- Test Access to Cloud Authentication Service
Product Documentation and Support
- Product Documentation
- Support and Service for SecurID
- RSA Ready Partner Program
Copyright
- Copyright
- Yubico Copyright

The User Event Monitor lists the most recent user events for the Cloud Authentication Service. Use this information to monitor user behavior patterns and troubleshoot unsuccessful authentication attempts.

The User Event Monitor can list up to 100 events that occurred over the past seven days. You can filter the results according to User ID, date range, and authentication methods. The User Event Monitor displays the following information related to the event:

Timestamp
User
Event Code
Description
Application
Method
Authentication Details
Assurance Level

Events are color-coded for quick identification.

The assurance levels displayed depend on the following:

For SecurID Token, FIDO, SMS Tokencode, Voice Tokencode, and Emergency Tokencode the User Event Monitor displays the assurance level assigned to the access policy for the protected resource. If the policy contains multiple conditions and assurance levels, the User Event Monitor displays the assurance level for the condition applied to the user.
For Approve and Device Biometrics, the User Event Monitor displays the assurance level configured for those methods on the Assurance Level page in the Cloud Administration Console.

See User Event Monitor Messages for the Cloud Authentication Service for a list of all user event messages.

Procedure

In the Cloud Administration Console, click Users > User Event Monitor.
(Optional) In the Filter field, type the User ID for which you want to display events. By default, all events within the specified time period are displayed.
(Optional) Specify the time period to include in the report in hours (1 to 24) or days (1 to 7). The default is four hours.
(Optional) Specify if you want to display only Success Events, Error Events, or Critical Events.
Click Go to begin the search.

By default, events appear in descending order by timestamp, with the most recent entry first. To sort a column, click its arrow.