Application Access Audit Report

    The Application Access Audit Report provides details of users who have accessed applications using the SAML and OAuth/OIDC protocols. Each entry includes the username, time of access, hostname, policy the user belongs to, application accessed, authentication type, flow initiated, number of attempts, and access status.

    Prerequisites

    • You must have administrator or operator credentials to access the ADSelfService Plus portal.
    • At least one AD domain must be configured in ADSelfService Plus.

    Generating the report

    Application Access Audit Report

    To generate the Application Access Audit Report:

    1. Log in to the ADSelfService Plus portal with administrator or operator credentials.
    2. Go to Reports > Other Reports > Application Access Audit Report.
    3. Select the domain using the Select Domain drop-down.
    4. Optionally, use the Add OUs option to scope the report to specific organizational units.
    5. Use the Period drop-down to set the time range for the report. Available options are: Today, Yesterday, Last 7 days, Last 30 days, This month, and Custom Period.
    6. Click Generate.

    Report customization

    Application Access Audit Report

    Adding or removing columns

    Click the Add/Remove Columns icon at the far right of the report. In the Select the columns to be displayed pop-up:

    • To add a column: select the field under Available Columns and click the right arrow (>>) to move it to Selected Columns.
    • To remove a column: select the field under Selected Columns and click the left arrow (<<) to move it back to Available Columns.

    Reordering columns

    Select a value under Selected Columns and use the Up and Down buttons to change its position in the report.

    Advanced filtering

    Application Access Audit Report

    After generating the report, click the Advanced Filter icon at the far right to narrow entries by the following parameters:

    • User Name: Filter by username. Available conditions: Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
    • Policy Name: Filter by the policy assigned to the user. Available conditions: Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
    • Application Name: Filter by the name of the application accessed. Available conditions: Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
    • Authentication Type: Filter by the protocol used — SAML or OAuth/OpenID Connect.
    • Initiated Flow: Filter by whether the SSO login attempt was IdP-initiated or SP-initiated.
    • Status: Filter by outcome — Success or Failure.

    Sorting

    Click any column header — except the Status and Initiated Flow columns — to sort report entries in ascending or descending order.

    Searching

    Click the search icon to search for specific entries within the report. You can search by:

    • Username
    • Accessed From
    • Policy Name
    • Application Name

    Searches use a contains match. For example, searching for jack in the Username column returns all usernames that contain the sequence jack.

    Schedule Reports, Export As, and More

    • Schedule Reports — Schedule automatic report generation at set intervals, and email results to administrators or specified addresses. See [LINK: "Schedule reports"] for instructions.
    • Export As — Export the report in CSV, CSVDE, HTML, PDF, XLS, or XLSX format using the option in the top-right corner.
    • More — The More menu in the top-right corner provides the following options:
      • Printable View: Preview and print the report.
      • Send Mail: Email the report to specified addresses.
      • Export Settings: Configure a custom report title and header logo to display on each exported page.

    Tips

    • Use the Authentication Type filter to audit access separately by protocol — for example, to review all SAML-based logins independently of OAuth/OIDC logins — which is useful when investigating SSO issues tied to a specific integration.
    • Use the Status filter set to Failure alongside the Application Name filter to quickly identify which applications are generating the most access failures, which may indicate a misconfigured SSO connection or a credential issue.
    • When reviewing access for compliance purposes, combine the Period drop-down with the Initiated Flow filter to separate IdP-initiated and SP-initiated sessions, as these may have different security implications under your access policies.

    The Schedule Reports option at the top-right corner of the page can be used to schedule the generation of reports at specified intervals to set up an automated scheduler. Learn to schedule reports here.