Close
logodocs

View Activities

Activity logs are recorded user events in strongDM, such as logging in/out, creating/destroying resources, modifying settings/permissions, or performing general administration tasks. Activities do not include actions where users are interacting with resources, as each resource type creates its own unique type of logs.

To view the activity logs for your account, go to Logs > Activities in the Admin UI. The Activities page displays a paginated view of activity logs from the last year. For more information about log retention and the more extensive logs available from the CLI, see the Log Retention documentation.

The following is a list of potential Activities that might be tracked:

  • Access rule created
  • Access rule deleted
  • Access rule updated
  • Add child organization
  • Admin initiated password reset
  • Admin token cloned
  • Admin token created
  • Admin token deleted
  • Admin token expired
  • Admin token reinstated
  • Admin token rekeyed
  • Admin token suspended
  • Allow public gateways
  • Allowed SSH port forwarding
  • Attempt to login by a suspended user from the Admin UI
  • Attempt to login by a suspended user from the local client
  • Attempted to login by a service account from the Admin UI
  • Attempted to login by a suspended service account from the Admin UI
  • Child organization admin invited
  • Cloud added
  • Cloud cloned
  • Cloud deleted
  • Cloud updated
  • Cluster added
  • Cluster cloned
  • Cluster connection port overridden
  • Cluster deleted
  • Cluster updated
  • Datasource added
  • Datasource cloned
  • Datasource connection port overridden
  • Datasource deleted
  • Datasource updated
  • Deactivate device approval
  • Disallowed SSH port forwarding
  • Do not allow public gateways
  • Dynamic role migration complete
  • Failed login attempt counter reset
  • Failed login attempt from the Admin UI
  • Failed login attempt from the local client
  • Installation approved
  • Installation created
  • Installation created for relay
  • Installation revoked
  • MFA denied access for the Admin UI
  • MFA denied access for the local client
  • Multiple cluster ports overridden
  • Multiple datasource ports overridden
  • Multiple role permissions added
  • Multiple role permissions deleted
  • Multiple server ports overridden
  • Organization created
  • Organization name updated
  • Organization setting updated
  • Organization SSH certificate authority rotated
  • Parent admin logged into the child org
  • Port override enforcement updated
  • Public key updated
  • Relay created
  • Relay deleted
  • Relay name updated
  • Remote identity created
  • Remote identity deleted
  • Remote identity updated
  • Remove child organization
  • Role added
  • Role deleted
  • Role permission added
  • Role permission deleted
  • Role updated
  • SCIM token created
  • Secret store added
  • Secret store deleted
  • Secret store updated
  • Self-registration activated
  • Self-registration deactivated
  • Server added
  • Server cloned
  • Server connection port overridden
  • Server deleted
  • Server updated
  • Service account auto-connect updated
  • Service account created
  • Service account expired
  • Service account rekeyed
  • Trial extended
  • User account locked due to failed login attempts
  • User added
  • User added to role
  • User allowed to login via password
  • User changed their password
  • User clicked on their invitation
  • User clicked on their password reset
  • User deleted
  • User deleted from role
  • User invited
  • User logged into the Admin UI
  • User logged into the Admin UI using SSO
  • User logged into the local client
  • User logged into the local client using SSO
  • User logged out from the Admin UI
  • User logged out from the local client
  • User permission added
  • User permission deleted
  • User reinstated
  • User required to login via SSO
  • User reset their password
  • User set a password
  • User signup
  • User suspended
  • User temporary access expired
  • User temporary access granted
  • User temporary access revoked
  • User type changed
  • User updated
  • Website added
  • Website cloned
  • Website deleted
  • Website updated
Previous
Logging Overview
Next
View Datasource Queries