Review two-factor authentication activity#
Intelligence Center administrators and users with the necessary access rights can monitor and review two-factor authentication activities in the audit trail.
To access the Audit view, you must have at least the following permissions:
read configurations
read audit-trail
All default Intelligence Center roles have the necessary permissions to access the Audit view.
Access the Audit view#
To view audit logs in EclecticIQ Intelligence Center web-based interface:
In the side navigation bar click
> System settings > Audit.Information in the Audit view relies on the Elasticsearch audit index.
If audit logging is enabled, and if the audit log file is populated, audit log records are returned.
Use the quick filters
to look for specific
audit records based on a date range, on one or more
specific users, HTTP methods, or HTTP response status
codes.To show and to hide the available quick filters in the current view click
.To sort items by column header:
Click the header of the column whose content you want to sort.
Click
or
to sort the content in either
ascending or descending order, respectively.
Filter two-factor authentication audit logs#
The Audit trail records events from different areas and components of EclecticIQ Intelligence Center.
To search for specific audit records related to user sign-in and two-factor authentication events, you can start by entering in the search input field the reference API endpoints and the literal message snippets in the cheat sheet below.
Search the audit trail for users who… |
Search by API endpoint |
Search by message excerpt as literal search query |
|---|---|---|
Initiated configuring enforced two-factor authentication for their profile. |
|
|
Successfully validated the first factor for their profile. |
|
|
Successfully signed in. |
|
|
Successfully signed in, and suspended two-factor authentication for their profile. |
|
|
Successfully validated the second factor for their profile. |
|
|
Successfully validated the second factor for their profile, and suspended two-factor authentication for their profile. |
|
|
Successfully configured two-factor authentication for their profile. |
|
|
Successfully deactivated two-factor authentication for their profile. |
|
|
Initiated configuring two-factor authentication for their profile by triggering sharing a secret key, which is represented by the QR code they are requested to scan with their authentication app. |
|
|
Requested a set of recovery codes for their profile. |
|
|
Successfully recovered access to two-factor authentication for their profile for their profile. |
|
|
Retrieve a user ID#
Some Intelligence Center URL paths include IDs that refer to Intelligence Center assets and resources such as feeds, datasets, and workspaces; or to Intelligence Center users.
Each Intelligence Center user is automatically assigned a UUID upon creation. This UUID, or ID for short, uniquely identifies a user in EclecticIQ Intelligence Center.
To retrieve a user ID:
In the side navigation bar click
> User management > Users.In the users overview, click anywhere in the row corresponding to the user whose ID you want to retrieve.
In the web browser address bar, the URL of the active Intelligence Center view is similar to the following example:
https://${platform_host_name}/user-management/users/?detail=42In the URL, the detail URL parameter holds the user ID.
In the example, the ID value is 42.