Overview

The User Management Audit Trail feature allows Administrators to view and export changes made to users, user groups, roles, and anonymous logins. This feature provides insight into user configuration changes and will enable administrators to filter and identify user patterns.

User Account Requirements

The user account must have Administrator permission to access the User Audit Trail.

Related Information/Setup

Please see the User Audit Trail Overview article for more information on User Audit Trails.

• User Audit Trail Overview

Navigation

1. From the Home screen, click the System icon.

System Icon

2. From the Admin Overview screen, click the User Audit Trail tile from the Tools section.

User Audit Trail Tile

Viewing the User Audit Trail

1. From the Admin: User Management Audit Trail screen, create a date range by selecting a From and To date from the Calendar pop-up. The date range should cover the date and time the event occurred in your current time zone.

Note:
When exporting the User Audit Trails, the .csv file displays the date and time in UTC.

Calendar Pop-up

2. Select a subject from the Subject dropdown menu by selecting the checkbox next to a subject(s). The subject is the username, user group, role, confidential login, or IP authorization edited during the event.
3. Select an event from the Event dropdown menu by selecting the checkbox next to an event(s). The event is the action or edit that was made to the subject.
   
   • Add User: A user was added to the Application.
   • Update User: Attributes on a user's profile were changed.
   • Impersonate User: An Administrator was impersonating a user.
   • Unsuccessful Impersonation: An Administrator attempted to impersonate another user, but their IP address could not be validated.
   • Regenerate Data Warehouse Password: A data warehouse password was generated on a user's profile.
   • Create API Key: An API key was created for a specific user.
   • Delete API Key: An API key was deleted for a specific user.
   • Change Password: A user's password was changed on a user's profile.
   • Remove User: A user was deleted from the Application.
   • Add Admin to Org: An Administrative user was added to the Application.
   • Expire Admin from Org: An Administrative user was removed from the Application.
   • Reset User MFA: A user's multi-factor authentication (MFA) was reset.
   • Add User Group: A user group was added to the Application.
   • Update User Group: Attributes on a user group were changed. 
   • Add User to User Group: A user was added to a user group.
   • Remove User from User Group: A user was removed from a user group.
   • Delete User Group: A user group was deleted from the Application.
   • Add Role: A role was added to the Application.
   • Update Role: Attributes on a role were changed.
   • Add User to Role: A user was added to a role.
   • Remove User from Role: A user was removed from a role.
   • Add User Group to Role: A user group was added to a role.
   • Remove User Group from Role: A user group was removed from a role.
   • Add Workflow State Permission(s): An object type was added to the role. This event type is logged for each state in the object type’s workflow, capturing any default form selection and permissions added to each state.
   • Update Workflow State Permission(s): A workflow state of an object type on a role was updated, including any permissions or default form selections for that state added or removed.
   • Remove Workflow State Permission(s): A workflow state of an object type on a role was removed.
   • Add Workflow State Trigger: A trigger was enabled on a state for an object type added to a role.
   • Remove Workflow State Trigger: A trigger was disabled on a state for an object type added to a role.
   • Delete Role: A role was deleted from the Application.
   • Add Confidential Login: A confidential login was added to the Application.
   • Update Confidential Login: Attributes on a confidential user were changed.
   • Regenerate Confidential Login URL: A confidential login URL was regenerated.
   • Delete Confidential Login: A confidential login was deleted from the Application.
   • Successful Login: A user successfully logged into the Application.
   • Confidential Login: A confidential user successfully logged into the Application.
   • Unsuccessful Confidential Login: A confidential user attempted to log in, but their IP address could not be validated.
   • Unsuccessful Login: A user attempted to log in, but their IP address could not be validated.
   • User Locked Out: A user was locked out of the Application after too many incorrect password attempts.
   • Logout: A user successfully logged out of the Application.
   • Add to IP Allow List: An IP address was added to the IP Allow List.
   • Update IP Allow List Entry: Attributes on an IP address were changed.
   • Remove from IP Allow List: An IP Address was removed from the IP Allow List.
   • Add User Email Change: An email address was added to a user's profile.
   • Cancel User Email Change: An edit to a user's email address was cancelled. 
   • Multi-factor Authentication Setup Complete: A user's multi-factor authentication setup was successful.
4. Select the Administrative user who triggered the event from the Performed By dropdown menu by selecting the checkbox next to a user(s).
5. Click outside a field to generate search results based on the selected filters.

Search Results

6. Click the x button next to a filter to remove the current filters from the search results.

X Button

7. Click an Event to display the Additional Details pop-up.

Additional Details Pop-up

8. (Optional) Click the Refresh icon to refresh the search results.

Refresh Icon