Review two-factor authentication activity#
Intelligence Center administrators and users with the necessary access rights can monitor and review two-factor authentication activities in the audit trail.
To access the Audit view, you must have at least the following permissions:
read configurations
read audit-trail
All default Intelligence Center roles have the necessary permissions to access the Audit view.
Access the Audit view#
To view audit logs in EclecticIQ Intelligence Center web-based interface:
In the side navigation bar click > System settings > Audit.
Information in the Audit view relies on the Elasticsearch audit index.
If audit logging is enabled, and if the audit log file is populated, audit log records are returned.
Use the quick filters to look for specific audit records based on a date range, on one or more specific users, HTTP methods, or HTTP response status codes.
To show and to hide the available quick filters in the current view click .
To sort items by column header:
Filter two-factor authentication audit logs#
The Audit trail records events from different areas and components of EclecticIQ Intelligence Center.
To search for specific audit records related to user sign-in and two-factor authentication events, you can start by entering in the search input field the reference API endpoints and the literal message snippets in the cheat sheet below.
Search the audit trail for users who… |
Search by API endpoint |
Search by message excerpt as literal search query |
---|---|---|
Initiated configuring enforced two-factor authentication for their profile. |
|
|
Successfully validated the first factor for their profile. |
|
|
Successfully signed in. |
|
|
Successfully signed in, and suspended two-factor authentication for their profile. |
|
|
Successfully validated the second factor for their profile. |
|
|
Successfully validated the second factor for their profile, and suspended two-factor authentication for their profile. |
|
|
Successfully configured two-factor authentication for their profile. |
|
|
Successfully deactivated two-factor authentication for their profile. |
|
|
Initiated configuring two-factor authentication for their profile by triggering sharing a secret key, which is represented by the QR code they are requested to scan with their authentication app. |
|
|
Requested a set of recovery codes for their profile. |
|
|
Successfully recovered access to two-factor authentication for their profile for their profile. |
|
|
Retrieve a user ID#
Some Intelligence Center URL paths include IDs that refer to Intelligence Center assets and resources such as feeds, datasets, and workspaces; or to Intelligence Center users.
Each Intelligence Center user is automatically assigned a UUID upon creation. This UUID, or ID for short, uniquely identifies a user in EclecticIQ Intelligence Center.
To retrieve a user ID:
In the users overview, click anywhere in the row corresponding to the user whose ID you want to retrieve.
In the web browser address bar, the URL of the active Intelligence Center view is similar to the following example:
https://${platform_host_name}/user-management/users/?detail=42
In the URL, the detail URL parameter holds the user ID.
In the example, the ID value is 42.