Skip to main content

Just-in-time admin accounts

Audit logs

Desktop client collects and retains audit logs when technicians access customer workstations.


Idemeum desktop client collects various events, as it relates to user and technician login. The logs will be sent to the cloud and can be reviewed in the admin portal Audit trail section. Today we keep logs for the last 30 days on a rolling window.

Events for computers access

Workstation access by technician

This event provides technician email address, desktop name, and the account that was used for login. logged into the Desktop W11-L-ELEVATED with account MSP-ALEX.

Workstation logoff or lock

This event provides technician email, desktop name, and account that was used. has logged off the Desktop W11-L-ELEVATED with account MSP-ALEX.

Access to workstation offline code

When a technician accesses offline code on a mobile device for a workstation, mobile application captures the event. accessed offline code for Desktop machine W11-L-ELEVATED.

Events for Entra ID accounts

New Entra ID account request

When technician navigates to idemeum portal and requests Entra ID account to be enabled or provisioned, we capture an event along with technician email address and the account name that will be provisioned. requested access to application Entra 365 onmicrosoft. User account created.

Entra ID account disabled

We capture audit events when technician Entra ID accounts are disabled. This happens when:

    • Configured time for which account needs to stay active passed (default 4 hours)
    • Technician was un-entitled (no longer has access) to Entra ID application that you created, or you removed the application configuration from idemeum customer tenant
System disabled user account in application Entra 365 onmicrosoft.

Entra ID account credentials access

Audit event is captured when technicians view credentials for Entra ID accounts. accessed Entra 365 onmicrosoft credentials.