Generating an administrator activity report

Edit online

You can generate reports to show the activities of administrators and application owners in your IBM® Verify tenant.

Before you begin

  • You must have administrative permission or be a member of the helpdesk group to complete this task.
  • Log in to the IBM Verify administration console as an Administrator.

About this task

Information Attributes Descriptions
Time Stamp time When the authentication request was made.
Resource Type data.resource
  • access_policy - Access policy: created, deleted, modified
  • api_client - API client created, deleted, modified
  • app_consent - Application consent: deleted
  • application - Application: created, deleted, modified
  • auth_factor - Authentication factor: created, deleted, modified
  • authenticator_profile - Registration profiles: created, deleted, modified
  • certificate - Certificate events need to be generated
  • consentprovider - Consent provider: created, deleted, modified
  • content_security_policy - Content security policy: modified
  • device_certificate- Device certificate: created, revoked
  • device_manager - Device manager: created, deleted, modified
  • domain - Domain: created, deleted
  • entitlement - Entitlement: granted, revoked
  • eula - Eula: created, deleted, modified
  • fido2_metadata - FIDO2 device metadata: created, deleted, modified
  • fido2_relying_party - FIDWO2 relying party: created, deleted, modified
  • flow - Flow: created, modified, exported, imported, published, deleted, traceURLGenerated
  • group - Group: created, deleted, modified
  • identity_source: created, deleted, modified
  • identity_source_global_config: modified
  • mfa_device: created, deleted, modified
  • notification - Notification configuration: modified
  • password_vault - Resources
  • password_policy - Password policy
  • privacy_policy - Policy: modified
  • privacy_rule - Rule: created, deleted, modified
  • theme - Theme: created, deleted, modified
  • purpose - Puropse: created, deleted, modified
  • token - Token: revoked, reactivated
  • user - User: created, deleted, modified, reset password, expiration
Action data.action The action performed on a user for the resource
Target data.target The target of the event
Performed by
User name
data.performedby_username
Realm
data.performedby_realm
 Includes the
User name
The Unique identifier for logging in to Verify. It can be the same as the email address of the user.
Realm
The identity source attribute that helps distinguish users from multiple identity sources that have the same user name.

This information is displayed in the Users & Groups > Users tab, and in the Edit User dialog box.

For the following identity sources:
  • Cloud Directory, the realm value is cloudIdentityRealm.
  • IBMid, the realm value is www.ibm.com.
  • SAML Enterprise, the realm value can be any unique name that you assigned when you created the identity source.
  • OnPrem LDAP, the realm value can be any unique name that you assigned when you created the identity source.
Performed by type data.performedby_type API, device, system, or user
Client IP data.origin The IP address of the device that made the authentication request. The details contain an X-Force IP report link to evaluate the threat value of the address.
Location
  • geoip.region_name
  • geoip.country_name
 The geographical location, region and country, where the authentication request was made.
Note: The region might not display accurately because of the way your network is configured. This is a known limitation.

Procedure

  1. Select Reporting & diagnostics > Reports.
    The tiles for authentication activity, application usage, administrator activity, and multi-factor authentication activity are displayed. The Admin activity tile list the last three activities that were performed by an administrator.
  2. Select the View Report link on the Admin activity tile.
    The summary report displays the administrator activities for the last 30 day with the following information.
    • Time stamp
    • Resource type
    • Action
    • Target
    • Performed by
    • Performed by type
    • Client IP
    • Location
    Select an event to see the details that are associated with it. See Admin activity management event detail.
  3. Optional: Select Filters to filter the results.
    You can search by
    Identity
    Filter selections are user name, realm, API client name, API client ID, and type.
    Source
    Filter selections are client IP and location.
    Event details
    Filter selections are resource type, target, and action.
    You can use any combination of filters to refine your results. Select Apply filters to modify the report. The selected filters precede the graph. You can clear the filters by selecting the Reset link.
    Note: The search fields are case-sensitive.
  4. Change the date range for the report.
    Select the From and To dates to display the calendar drop downs and select the dates for the report. You can't go back more than 90 days.
    Note: The To date cannot exceed the current date.
  5. Select Run Report.
    The Report information is refreshed.
  6. Optional: Generate a CSV file for the report.
    1. Click Generate CSV.
    2. Follow the directions in Downloading a CSV report.