How-tos

Getting Business Audit Data Using Cloudentity's Audit Events

Learn how to get business audit data with Cloudentity's audit events such as, for example, login events, MFA events, token mints, and more.

Audit Events in a Nutshell

Cloudentity’s audit events provide the workspace administrators with the ability to observe user actions server-wide across the entire instance of Cloudentity tenant and its connected authorizers. You can find all audit data within your workspace in Dashboards > Audit Events.

Audit events provide you with useful data such as who performed certain action and the time it happened. The events do not provide technical information itself, as they are focused on business data. For example, if the request for a token is denied, audit events do not provide information on why it is denied.

Audit Events Storage

Audit events are stored inside Cloudentity’s database for 7 days with event payload encrypted.

You can observe user actions such as:

  • Login events

    Login events contain several actions that take place when users go through their login process. You can see that the user attempted to log in, that their request is accepted, or their login attempt failed.

  • Consent events

    Consent events provide administrators with insight when consents are created, accepted, rejected, and revoked. Those events are especially useful in Open Banking and Open Data initiatives.

  • Authorization and client authentication events

    When client applications go through the authorization and authentication process, administrators can see that, for example, authorization code is denied/issued, and, later on, that the client application successfully authenticated itself and the token was issued.

  • and more.

Detailed List of Audit Events

To know what audit events are available and what payload parameters are available for each event, check list audit events API reference and its audit_events.payload parameter.

Audit Events in Depth

Cloudentity’s audit events can be filtered by event payload fields and date range. Additionally, by enabling/disabling live events you can get audit data updating live or with a page refresh. Any time an auditable action takes place within Cloudentity, the event is published within the dashboard.

Beside accessing the audit events view in Cloudentity, administrators can also use admin list audit events API to request filtered/unfiltered audit events list in a JSON format for a given workspace.

Audit Events for Authorizers

The gateway_request_authorized and the gateway_request_unauthorized are the only two audit events that come outside of Cloudentity. When an authorizer is set up to protect a certain API and the request to this API is authorized or denied, the authorizer notifies Cloudentity about the event so that it can be stored and auditable. Note that not all of the requests are auditable by Cloudentity. When a request, for example, contains a large payload, Cloudentity may not be notified by the authorizer.

For multitenant authorizers, even though the APIs are visible within all of the workspaces, audit events are only accessible within the System workspace where the authorizer is integrated.