The Directory logs allow you to monitor the history of user activities connected with their application access, credentials, and two-factor authentication (2FA). With Directory logs, you can view entries for the following event types triggered by user actions:

  • 2FA setup – User configures the 2FA verification method.
  • 2FA turn onUser activates 2FA.
  • 2FA turn off – User deactivates 2FA.
  • 2FA verification – User verifies their account with a security code from a mobile app.
  • Application access – User accesses an app that is listed in the app connections for the directory.
  • Password changeUser changes the user portal password while logged in.
  • Password recoveryUser changes the user portal password through the password recovery flow.
  • Sign-in with directoryUser authenticates through the directory login page.
  • Trusted browser for 2FA – User sets a browser as a trusted one for 2FA to avoid entering a 2FA verification code for a period of time.

A list of sample directory logs.

The Directory logs contain the following information:

  • Log ID  Unique ID of a log.
  • Date (UTC)  Date and time in UTC format.
  • Event type – The event category for which a log was created.
  • Event description – Summary of an event.
  • Status – Status of an event, which is success or failure.
  • Details – Description of an event status.
  • Directory name – Directory in which an event occurred.
  • Directory ID – Unique ID of the directory in which an event occurred.
  • Application name – Name of the app in which a user was logged in or trying to log in when an event occurred.
  • Application ID – Unique ID of the app in which a user was logged in when an event occurred.
  • Performed by – First name, last name, and email of the user who triggered an event.
  • Performed by (user ID) – Unique identifier of the user who triggered an event.
  • Affected user – First name, last name, and email of the user whose record changed because of an event.
  • Affected user ID – Unique identifier of the user whose record changed because of an event.
  • Identity provider name – Name of an identity provider.
  • Identity provider ID – Unique identifier of an identity provider.
  • Source IP – User IP address.
  • Device type – Desktop, mobile, or tablet.
  • Device – Name of a device brand.
  • Browser – Name of a user browser.
  • Browser agent – Name of a browser agent.