Close
logodocs

View Activities

Activity logs are recorded user events in strongDM, these are events such as logging in/out, creating/destroying resources, modify settings/permissions or general administration tasks. These do not include actions where users are interacting with resources, each resource type will create its own unique type of logs.

To view the activity logs for your account select Activities from the left hand navigation window. You will be presented with a paginated view of activity logs from the last year. For more information about log retention and the more extensive logs available from the CLI, see the Log Retention documentation.

The following is a list of potential Activities that might be tracked:

  • user added
  • user deleted
  • user updated
  • user signup
  • user type changed
  • user permission added
  • user permission deleted
  • user temporary access granted
  • user temporary access revoked
  • user temporary access expired
  • user added to role
  • user deleted from role
  • user suspended
  • user reinstated
  • user logged into the Admin UI
  • parent admin logged into the child org
  • user logged into the local client
  • service account created
  • service account expired
  • admin token created
  • admin token deleted
  • admin token expired
  • admin token rekeyed
  • admin token cloned
  • admin token suspended
  • admin token reinstated
  • user logged into the Admin UI using SSO
  • user logged into the local client using SSO
  • user logged out from the local client
  • user logged out from the Admin UI
  • failed login attempt from the Admin UI
  • failed login attempt from the local client
  • MFA denied access for the Admin UI
  • MFA denied access for the local client
  • user account locked due to failed login attempts
  • failed login attempt counter reset
  • attempt to login by a suspended user from the local client
  • attempt to login by a suspended user from the Admin UI
  • attempted to login by a service account from the Admin UI
  • attempted to login by a suspended service account from the Admin UI
  • user set a password
  • user reset their password
  • user changed their password
  • user invited
  • user clicked on their invitation
  • user clicked on their password reset
  • user allowed to login via password
  • user required to login via SSO
  • admin initiated password reset
  • role added
  • role deleted
  • role updated
  • role permission added
  • role permission deleted
  • multiple role permissions added
  • multiple role permissions deleted
  • roles added to a composite role
  • roles removed from a composite role
  • datasource added
  • datasource cloned
  • datasource deleted
  • datasource updated
  • datasource connection port overriden
  • multiple datasource ports overriden
  • server added
  • server cloned
  • server deleted
  • server updated
  • server connection port overriden
  • multiple server ports overriden
  • cluster added
  • cluster cloned
  • cluster deleted
  • cluster updated
  • cluster connection port overriden
  • multiple cluster ports overriden
  • cloud added
  • cloud cloned
  • cloud deleted
  • cloud updated
  • website added
  • website cloned
  • website deleted
  • website updated
  • installation created
  • installation created for relay
  • installation approved
  • installation revoked
  • relay created
  • relay name updated
  • relay deleted
  • public key updated
  • port override enforcement updated
  • service account auto-connect updated
  • self-registration activated
  • self-registration deactivated
  • allow public gateways
  • do not allow public gateways
  • organization name updated
  • organization setting updated
  • organization created
  • child organization admin invited
  • service account rekeyed
  • SCIM token created
  • organization SSH certificate authority rotated
  • allowed SSH port forwarding
  • disallowed SSH port forwarding
  • add child organization
  • remove child organization
  • trial extended
  • secret store added
  • secret store updated
  • secret store deleted
  • access rule created
  • access rule updated
  • access rule deleted
  • deactivate device approval
  • dynamic role migration complete
Admin UI Guide — Previous
Review Logs
Next
View Datasource Queries