RapidIdentity Portal Profiles
Column | Value |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
The Account Disabled event is logged whenever an account is disabled by delegation.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.disableAccount |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of disabled account |
target | This will contain the DN of the disabled account |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if available) | false |
delegationId | The ID of the ACTM Delegation | false |
delegationName | The Name of the ACTM Delegation | false |
delegationVersion | The database version of the ACTM Delegation | false |
The Account Enabled event is logged whenever an account is enabled by delegation.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.enableAccount |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of enabled account |
target | This will contain the DN of the enabled account |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if available) | false |
delegationId | The ID of the Profiles Delegation | false |
delegationName | The Name of the Profiles Delegation | false |
delegationVersion | The database version of the Profiles Delegation | false |
The Account Unlocked event is logged whenever an account is unlocked by delegation.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.unlockAccount |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of unlocked account |
target | This will contain the DN of the unlocked account |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if available) | false |
delegationId | The ID of the Profiles Delegation | false |
delegationName | The Name of the Profiles Delegation | false |
delegationVersion | The database version of the Profiles Delegation | false |
The Self Password Update event is logged whenever a user changes their own password.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.selfPasswordUpdate |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of user |
target | This will contain the DN of the user |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if available) | false |
delegationId | The ID of the Profiles Delegation | false |
delegationName | The Name of the Profiles Delegation | false |
delegationVersion | The database version of the Profiles Delegation | false |
The Delegated Password Update event is logged whenever a user updates another user's password through delegation.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.passwordReset |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of the target user |
target | This will contain the DN of the target user |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if available) | false |
delegationId | The ID of the Profiles Delegation | false |
delegationName | The Name of the Profiles Delegation | false |
delegationVersion | The database version of the Profiles Delegation | false |
passwordPolicyId | The ID of the user's current Password Policy | false |
passwordPolicyName | The name of the user's current Password Policy | false |
passwordPolicyVersion | The database version of the user's current Password Policy | false |
mustUpdate | If the perpetrator chose the option to make the target user change their password at next login | false |
passwordPolicyId | The ID of the user's current Password Policy | false |
passwordPolicyName | The name of the user's current Password Policy | false |
passwordPolicyVersion | The database version of the user's current Password Policy | false |
The Challenge Set Update event is logged whenever a user's Challenge Set is updated.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.updateChallengeSet |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of the target user |
target | This will contain the DN of the target user |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if available) | false |
delegationId | The ID of the Profiles Delegation (if applicable) | false |
delegationName | The Name of the Profiles Delegation (if applicable) | false |
delegationVersion | The database version of the Profiles Delegation (if applicable) | false |
challengePolicyId | The ID of the user's current Challenge Policy | false |
challengePolicyName | The name of the user's current Challenge Policy | false |
challengePolicyVersion | The database version of the user's current Challenge Policy | false |
The Challenge Set Invalidated event is logged whenever a user invalidates another user's Challenge Set through delegation.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.invalidateChallengeSet |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of the target user |
target | This will contain the DN of the target user |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if available) | false |
delegationId | The ID of the Profiles Delegation | false |
delegationName | The Name of the Profiles Delegation | false |
delegationVersion | The database version of the Profiles Delegation | false |
The Profiles Exported event is logged whenever a user chooses to export profile data from a Delegation.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.exportProfiles |
target_system | SYSTEM |
target_id | The ID of the Delegation |
target | The ID of the Delegation |
Name | Value/Description |
|---|---|
searchCriteria | The search criteria used to load the Delegation profiles (if any) |
The Profiles Printed event is logged whenever a user chooses to print profile data from a Delegation.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.printProfiles |
target_system | SYSTEM |
target_id | The ID of the Delegation |
target | The ID of the Delegation |
Name | Value/Description |
|---|---|
searchCriteria | The search criteria used to load the Delegation profiles (if any) |
The Profile Updated event is logged whenever a user has their profile updated through delegation.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.updateProfile |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of the target user |
target | This will contain the DN of the target user |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if available) | false |
delegationId | The ID of the Profiles Delegation | false |
delegationName | The Name of the Profiles Delegation | false |
delegationVersion | The database version of the Profiles Delegation | false |
{ldapAttribute} | Every LDAP-backed custom attribute in the delegation profile will logged with its value(s) | false |
The Username Retrieved event is logged whenever a user attempts to retrieve their username, i.e. they go through the Forgot My Username flow.
Note that since this operation is typically anonymous, the only time there is a valid perpetrator and target information is if the retrieval is successful.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.retrieveUsername |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of the target user (if the retrieval was successful) |
target | This will contain the DN of the target user (if the retrieval was successful) |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target (if the retrieval was successful) | false |
requestedEmail | The email address that was used as the retrieval key | false |
numMatchingUsers | The number of accounts found which matched the retrieval key. The values will be 0, 1, or 2 | false |
The Account Claimed event is logged whenever a user claims their account.
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.accountmgmt.action.claimAccount |
target_system | DIRECTORY |
target_id | This will contain the Idauto ID of the target user |
target | This will contain the DN of the target user |
Name | Value/Description | Multi-valued |
|---|---|---|
targetName | The name of target user | false |
claimPolicyId | The ID of the Claim Policy associated with the user | false |
claimPolicyName | The name of the Claim Policy associated with the user | false |
claimPolicyVersion | The database version of the Claim Policy at the time of the event | false |
The Password Policy Saved action is logged when a user saves a Password Policy. (Available since version 2.7.0)
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.actm.action.passwordPolicySaved |
target_system | DIRECTORY |
target_id | {null} |
target | The ID of the Password Policy |
Name | Value/Description | Multi-valued |
|---|---|---|
version | The version of the object | false |
name | The name of the policy | false |
description | The description of the policy (if any) | false |
priority | The priority of the policy | false |
enabled | Whether the policy is enabled | false |
default | Whether the policy is the default policy | false |
grouAclsEnabled | Whether Role ACLs are enabled | false |
aclGroupId | The IDs of associated Role ACLs (if any) | true |
filterAclEnabled | Whether LDAP filter ACLs are enabled | false |
filterAcl | The LDAP filter ACL (if any) | false |
passwordResetAttribute | The ID of the Password Reset Attribute GAL item (if any) | false |
minLength | The minimum password length for the policy | false |
maxLength | The maximum password length for the policy | false |
charsets | The types of charset rules defined for the policy | false |
charset-{type}-min | The minimum number of characters required from the charset {type} | false |
charset-{type}-max | The maximum number of characters from the charset {type} | false |
requiredCharsets | The number of required charsets for the policy | falsefalse |
allowRandomPassword | Whether the policy allows for random password generation | false |
allowedCharacterRegex | The allowed character regular expression for the policy (if any) | false |
matchingAttribute | The ID for each matching attribute GAL item (if any) | true |
matchingAttributesCaseSensitive | Whether the matching attribute check is case sensitive | false |
matchingAttributesMatchEntire | Whether the matching attribute check matches the entire password | false |
blacklisted | The blacklisted passwords (if any) | true |
blackListCaseSensitive | Whether the blacklist check is case sensitive | false |
blackListMatchEntire | Whether the blacklist check matches against the entire password | false |
blacklistRegex | The blacklist regular expressions (if any) | true |
defaultForceUserPasswordChange | Whether an administrative password reset for this policy defaults the 'User must change password on next login' option to true | true |
The Password Policy Deleted action is logged when a user deletes a Password Policy. (Available since version 2.7.0).
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.actm.action.passwordPolicyDeleted |
target_system | DIRECTORY |
target_id | {null} |
target | The ID of the Password Policy |
Name | Value/Description | Multi-valued |
|---|---|---|
version | The version of the object | false |
name | The name of the policy | false |
description | The description of the policy (if any) | false |
priority | The priority of the policy | false |
enabled | Whether the policy is enabled | false |
default | Whether the policy is the default policy | false |
grouAclsEnabled | Whether Role ACLs are enabled | false |
aclGroupId | The IDs of associated Role ACLs (if any) | true |
filterAclEnabled | Whether LDAP filter ACLs are enabled | false |
filterAcl | The LDAP filter ACL (if any) | false |
passwordResetAttribute | The ID of the Password Reset Attribute GAL item (if any) | false |
minLength | The minimum password length for the policy | false |
maxLength | The maximum password length for the policy | false |
charsets | The types of charset rules defined for the policy | false |
charset-{type}-min | The minimum number of characters required from the charset {type} | false |
charset-{type}-max | The maximum number of characters from the charset {type} | false |
requiredCharsets | The number of required charsets for the policy | false |
allowRandomPassword | Whether the policy allows for random password generation | false |
allowedCharacterRegex | The allowed character regular expression for the policy (if any) | false |
matchingAttribute | The ID for each matching attribute GAL item (if any) | true |
matchingAttributesCaseSensitive | Whether the matching attribute check is case sensitive | false |
matchingAttributesMatchEntire | Whether the matching attribute check matches the entire password | false |
blacklisted | The blacklisted passwords (if any) | true |
blackListCaseSensitive | Whether the blacklist check is case sensitive | false |
blackListMatchEntire | Whether the blacklist check matches against the entire password | false |
blacklistRegex | The blacklist regular expressions (if any) | true |
defaultForceUserPasswordChange | Whether an administrative password reset for this policy defaults the 'User must change password on next login' option to true | true |
The Challenge Policy Saved action is logged when a user saves a Challenge Policy. (Available since version 2.7.0).
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.actm.action.challengePolicySaved |
target_system | DIRECTORY |
target_id | {null} |
target | The ID of the Challenge Policy |
Name | Value/Description | Multi-valued |
|---|---|---|
version | The version of the object | false |
name | The name of the policy | false |
priority | The priority of the policy | false |
enabled | Whether the policy is enabled | false |
noChallenge | Whether or not the policy is a no-challenge policy | false |
default | Whether or not the policy is the default policy | false |
groupAclsEnabled | Whether or not Role ACLs are enabled | false |
aclGroupId | The IDs of associated Group ACLs (if any) | true |
filterAclEnabled | Whether LDAP filter ACLs are enabled | false |
filterAcl | The LDAP filter ACL (if any) | false |
adminQuestions | An integer key for each admin question | true |
adminQuestion-{key}-question | The question associated with the keyed admin question | false |
adminQuestion-{key}-required | Whether or not the keyed admin question is required | false |
minAdminQuestionPoolSize | The minimum admin question pool size | false |
minUserQuestionPoolSize | The minimum user question pool size | false |
maxUserQuestionPoolSize | The maximum user question pool size | false |
allowUserDefinedQuestions | Whether or not user questions are allowed | false |
minQuestionLength | The minimum allowed question length | false |
maxQuestionLength | The maximum allowed question length | false |
minAnswerLength | The minimum allowed answer length | false |
maxAnswerLength | The maximum allowed answer length | false |
numAdminAnswersForAuth | The number of admin question answers required for authentication | false |
numUserAnswersForAuth | The number of user question answers required for authentication | false |
numHelpdeskQuestions | The number of required helpdesk questions | false |
matchingAttribute | The ID for each matching attribute GAL item (if any) | true |
matchingAttributesMatchEntire | Whether the matching attribute check matches the entire password | false |
blacklisted | The blacklisted passwords (if any) | true |
blackListMatchEntire | Whether the blacklist check matches against the entire password | false |
restrictWordsFromQuestion | Whether or not answers to challenge questions can contain words included in the question | false |
canSkipSetup | Whether or not users can skip answering challenge questions if prompted by ARMS | false |
oldestAllowedResponseTimestamp | The timestamp of the oldest allowed response set | false |
The Challenge Policy Deleted action is logged when a user deletes a Challenge Policy. (Available since version 2.7.0)
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.actm.action.challengePolicyDeleted |
target_system | DIRECTORY |
target_id | {null} |
target | The ID of the Challenge Policy |
Name | Value/Description | Multi-valued |
|---|---|---|
version | The version of the object | false |
name | The name of the policy | false |
priority | The priority of the policy | false |
enabled | Whether the policy is enabled | false |
noChallenge | Whether or not the policy is a no-challenge policy | false |
default | Whether or not the policy is the default policy | false |
groupAclsEnabled | Whether or not Role ACLs are enabled | false |
aclGroupId | The IDs of associated Role ACLs (if any) | true |
filterAclEnabled | Whether LDAP filter ACLs are enabled | false |
filterAcl | The LDAP filter ACL (if any) | false |
adminQuestions | An integer key for each admin question | true |
adminQuestion-{key}-question | The question associated with the keyed admin question | false |
adminQuestion-{key}-required | Whether or not the keyed admin question is required | false |
minAdminQuestionPoolSize | The minimum admin question pool size | false |
minUserQuestionPoolSize | The minimum user question pool size | false |
maxUserQuestionPoolSize | The maximum user question pool size | false |
allowUserDefinedQuestions | Whether or not user questions are allowed | false |
minQuestionLength | The minimum allowed question length | false |
maxQuestionLength | The maximum allowed question length | false |
minAnswerLength | The minimum allowed answer length | false |
maxAnswerLength | The maximum allowed answer length | false |
numAdminAnswersForAuth | The number of admin question answers required for authentication | false |
numUserAnswersForAuth | The number of user question answers required for authentication | false |
numHelpdeskQuestions | The number of required helpdesk questions | false |
matchingAttribute | The ID for each matching attribute GAL item (if any) | true |
matchingAttributesMatchEntire | Whether the matching attribute check matches the entire password | false |
blacklisted | The blacklisted passwords (if any) | true |
blackListMatchEntire | Whether the blacklist check matches against the entire password | false |
restrictWordsFromQuestion | Whether or not answers to challenge questions can contain words included in the question | false |
canSkipSetup | Whether or not users can skip answering challenge questions if prompted by ARMS | false |
oldestAllowedResponseTimestamp | The timestamp of the oldest allowed response set | false |
The Claim Policy Saved action is logged when a user saves a Claim Policy. (Available since version 2.7.0)
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.actm.action.claimPolicySaved |
target_system | DIRECTORY |
target_id | {null} |
target | The ID of the Claim Policy |
Name | Value/Description | Multi-valued |
|---|---|---|
version | The version of the object | false |
name | The name of the policy | false |
index | The list index of the property | false |
description | The description (if any) | false |
enabled | Whether the policy is enabled | false |
searchBaseDN | The optional user search base DN | false |
additionalFilterString | The optional additional user LDAP filter | false |
agreementEnabled | Whether an agreement is enabled | false |
agreementRequired | Whether an agreement is required | false |
agreementText | Agreement text (if available) | false |
agreementLabel | Agreement label (if available) | false |
agreementMessage | Agreement message (if available) | false |
htmlOnComplete | HTML to display on complete | false |
challengeItem | The GAL item ID for each claim policy challenge item | true |
The Claim Policy Deleted action is logged when a user deletes a Claim Policy. (Available since version 2.7.0).
Column | Value/Description |
|---|---|
product_id | net.idauto.audit.common.product.arms |
module_id | net.idauto.audit.arms.module.accountmgmt |
action_id | net.idauto.audit.arms.actm.action.claimPolicyDeleted |
target_system | DIRECTORY |
target_id | {null} |
target | The ID of the Claim Policy |
Name | Value/Description | Multi-valued |
|---|---|---|
version | The version of the object | false |
name | The name of the policy | false |
index | The list index of the property | false |
description | The description (if any) | false |
enabled | Whether the policy is enabled | false |
searchBaseDN | The optional user search base DN | false |
additionalFilterString | The optional additional user LDAP filter | false |
agreementEnabled | Whether an agreement is enabled | false |
agreementRequired | Whether an agreement is required | false |
agreementText | Agreement text (if available) | false |
agreementLabel | Agreement label (if available) | false |
agreementMessage | Agreement message (if available) | false |
htmlOnComplete | HTML to display on complete | false |
challengeItem | The GAL item ID for each claim policy challenge item | true |