Skip to main content

Just-in-time admin accounts

Audit logs

Desktop client collects and retains audit logs when technicians access customer workstations.

Overview

Idemeum desktop client collects various events, as it relates to user and technician login. The logs will be sent to the cloud and can be reviewed in the admin portal Audit trail section. Today we keep logs for the last 30 days on a rolling window.

Events for computers access

Workstation access by technician

This event provides technician email address, desktop name, and the account that was used for login.

alex@nikpot.com logged into the Desktop W11-L-ELEVATED with account MSP-ALEX.

Workstation logoff or lock

This event provides technician email, desktop name, and account that was used.

alex@nikpot.com has logged off the Desktop W11-L-ELEVATED with account MSP-ALEX.

Access to workstation offline code

When a technician accesses offline code on a mobile device for a workstation, mobile application captures the event.

alex@nikpot.com accessed offline code for Desktop machine W11-L-ELEVATED.

Events for Entra ID accounts

New Entra ID account request

When technician navigates to idemeum portal and requests Entra ID account to be enabled or provisioned, we capture an event along with technician email address and the account name that will be provisioned.

alex@nikpot.com requested access to application Entra 365 onmicrosoft. User account msptech6913@NETORGFT11060369.onmicrosoft.com created.

Entra ID account disabled

We capture audit events when technician Entra ID accounts are disabled. This happens when:

    • Configured time for which account needs to stay active passed (default 4 hours)
    • Technician was un-entitled (no longer has access) to Entra ID application that you created, or you removed the application configuration from idemeum customer tenant
System disabled user account msptech6913@NETORGFT11060369.onmicrosoft.com in application Entra 365 onmicrosoft.

Entra ID account credentials access

Audit event is captured when technicians view credentials for Entra ID accounts.

alex@nikpot.com accessed Entra 365 onmicrosoft credentials.