Audit Events in a Nutshell
Cloudentity’s audit events provide the workspace administrators with the ability to observe user actions server-wide across the entire instance of Cloudentity tenant and its connected authorizers. You can find all audit data within your workspace in Dashboards > Audit Events.
Audit events provide you with useful data such as who performed certain action and the time it happened. The events do not provide technical information itself, as they are focused on business data. For example, if the request for a token is denied, audit events do not provide information on why it is denied.
Audit Events Storage
Audit events are stored inside Cloudentity’s database for 7 days with event payload encrypted.
You can observe user actions such as:
-
Login events
Login events contain several actions that take place when users go through their login process. You can see that the user attempted to log in, that their request is accepted, or their login attempt failed.
-
Consent events
Consent events provide administrators with insight when consents are created, accepted, rejected, and revoked. Those events are especially useful in Open Banking and Open Data initiatives.
-
Authorization and client authentication events
When client applications go through the authorization and authentication process, administrators can see that, for example, authorization code is denied/issued, and, later on, that the client application successfully authenticated itself and the token was issued.
-
and more.
Detailed List of Audit Events
To know what audit events are available and what payload parameters are available for each event, check list audit events API reference and its
audit_events.payload
parameter.
Audit Events in Depth
Cloudentity’s audit events can be filtered by event payload fields and date range. Additionally, by enabling/disabling live events you can get audit data updating live or with a page refresh. Any time an auditable action takes place within Cloudentity, the event is published within the dashboard.
Beside accessing the audit events view in Cloudentity, administrators can also use admin list audit events API to request filtered/unfiltered audit events list in a JSON format for a given workspace.
Audit Events for Authorizers
The gateway_request_authorized
and the gateway_request_unauthorized
are the only two audit
events that come outside of Cloudentity. When an authorizer is set up to protect
a certain API and the request to this API is authorized or denied, the authorizer notifies
Cloudentity about the event so that it can be stored and auditable. Note that not all
of the requests are auditable by Cloudentity. When a request, for example, contains a
large payload, Cloudentity may not be notified by the authorizer.
For multitenant authorizers, even though the APIs are visible within all of the workspaces, audit events are only accessible within the System workspace where the authorizer is integrated.