The Directory logs allow you to monitor the history of user activities connected with their application access, credentials, and two-factor authentication (2FA). With Directory logs, you can view entries for the following event types triggered by user actions:

  • 2FA setup – User configures the 2FA verification method.
  • 2FA turn onUser activates 2FA.
  • 2FA turn off – User deactivates 2FA.
  • 2FA verification – User verifies their account with a security code from a mobile app.
  • Application access – User accesses an app that is listed in the app connections for the directory.
  • Password changeUser changes the user portal password while logged in.
  • Password recoveryUser changes the user portal password through the password recovery flow.
  • Sign-in with directoryUser authenticates through the directory login page.
  • Trusted browser for 2FA – User sets a browser as a trusted one for 2FA to avoid entering a 2FA verification code for a period of time.

The Directory logs contain the following information:

  • Log ID  Unique ID of a log.
  • Date– Date and time in the local time zone that can be configured in the account settings.
  • Directory name – Directory in which an activity occurred.
  • Activity ID – Unique identifier for an activity with the failure status. 
  • Activity type – The event category for which a log was created.
  • Activity description – Summary of an activity.
  • Status – Status of an activity, which is success or failure.
  • Details – Description of an activity status.
  • Directory ID – Unique ID of the directory in which an activity occurred.
  • Application name – Name of the app in which a user was logged in or trying to log in when an activity occurred.
  • Application ID – Unique ID of the app in which a user was logged in when an activity occurred.
  • Performed by – First name, last name, and email of the user who triggered an activity.
  • Performed by (user ID) – Unique identifier of the user who triggered an activity.
  • Affected user – First name, last name, and email of the user whose record changed because of an activity.
  • Affected user ID – Unique identifier of the user whose record changed because of an activity.
  • Identity provider name – Name of an identity provider.
  • Identity provider ID – Unique identifier of an identity provider.
  • Source IP App user IP address. 
  • Device type – Desktop, mobile, or tablet.
  • Device – Name of a device brand.
  • BrowserName of an app user browser.
  • Browser agent – Name of a browser agent.
  • Location - App user location based on their IP.