Audit logs
When technicians use just-in-time accounts all activity is audited in idemeum audit trail.
Access audit trail
Navigate to idemeum admin portal and access Audit trail section. The logs are stored for the last 30 days on a rolling windows basis.
Events for computer access
Computer access- this event provides technician email address, desktop name, and the account that was used for login.
alex@nikpot.com logged into the Desktop W11-L-ELEVATED with account MSP-ALEX.Log off or lock- this event provides technician email, desktop name, and account that was used.
alex@nikpot.com has logged off the Desktop W11-L-ELEVATED with account MSP-ALEX.Offline code retrieval- when a technician accesses offline code on a mobile device for a workstation, mobile application captures the event.
alex@nikpot.com accessed offline code for Desktop machine W11-L-ELEVATED.Events for Entra access
Entra account request- when technician navigates to idemeum portal and requests Entra ID account to be enabled or provisioned, we capture an event along with technician email address and the account name that will be provisioned.
alex@nikpot.com requested access to application Entra 365 onmicrosoft. User account msptech6913@NETORGFT11060369.onmicrosoft.com created.Entra account disabled- we capture audit events when technician Entra ID accounts are disabled. This happens when configured time for which account needs to stay active passed (default 4 hours).
System disabled user account msptech6913@NETORGFT11060369.onmicrosoft.com in application Entra 365 onmicrosoft.Entra account creedntials access- audit event is captured when technicians view credentials for Entra ID accounts.
alex@nikpot.com accessed Entra 365 onmicrosoft credentials.