Application Access Audit Report

The Application Access Audit report provides details of the users who have accessed applications using the SAML and OAuth/OIDC protocols. This information includes the username, the time at which the application was accessed, the hostname, the policy to which the user belongs, the application that was accessed, the authentication type used, the flow that was initiated, the number of attempts, and the status.

Report generation

1. Log into the ADSelfService Plus admin portal and navigate to Reports > Audit Reports> Application Access Audit Report.
2. Choose the domain for which you wish to see the list of users who have accessed applications. You can also choose the Add OUs option to specify OUs if necessary.
3. The Period drop-down menu can be used to filter results by specifying the time period. Options include Today, Yesterday, Last 7 days, Last 30 days, This month and Custom Period.
4. Click Generate to generate the report.

Advanced Filtering

Once the report is generated, the entries can be narrowed-down based on the following parameters by clicking on the Advanced Filter [ ] icon at the far right of the report.

• User Name: This option lets you display report entries for specific usernames (or) users. The sub-options available under User Name are Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
• Policy Name: This option lets you display report entries for specific policy. The sub-options available under Policy Name are Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
• Application Name: This option lets you display all report entries for specific application names (or) applications. The sub-options under Application Name are Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
• Authentication Type: This option lets you narrow-down entries by the type of authentication used. The sub-options under Authentication Type are SAML or OAuth/OpenID Connect.
• Initiated Flow: Use this option to narrow-down entries by whether the SSO login attempt was IdP-initiated or SP-initiated.
• Status: Use this option to narrow-down entries by whether the SSO login attempt was a Success or a Failure.

Sorting

Click on any of the columns (except the Status and Initiated Flow columns) to view the report's entries in ascending order or descending order.

Searching

• Click the search icon [ ] in order to search for specific data in the UserName, Accessed From, Policy Name, and Application Name columns.
• Searching works with the criteria contains. For instance, if the word jack is searched, then all the usernames containing the sequence jack will be displayed.

Schedule Reports, Export as and More

• The Schedule Reports option can be used to schedule the generation of reports at specified intervals, and automatically email them to administrators, technicians, or managers. Learn to schedule reports here.
• The Export As option in the right corner of the page helps export the report in various formats like CSV, CSVDE, HTML, PDF, XLSX and XLS.
• The More option in the right corner of the page lists the Printable View, Send Mail, and Export Settings options.
  • The Printable View option can be used to preview the report.
  • The Send Mail option can be used to mail the report to the desired email addresses.
  • The Export Settings option allows users to customize the description and logo that will be used in the exported report. Also, the admin can opt to retain the logo in all pages of the exported report.