These logs are the most important for tracking who has access to the system, when, and under what permissions.
| Event Type | What do we track? | Examples of Logged Actions |
| Login | The entire process of accessing the system. | Successful login, failed login attempt, SSO login, login lockout (very important), detection of suspicious login attempt. |
| MFA | Multi-factor authentication. | Successful or failed verification/initialization of the MFA method. |
| Password | Password changes and lifecycle. | Successful password change, reset request, expired password. |
Authorization logs can be viewed directly in the application using the dedicated view Permissions -> Logs -> Audit logs – auth.
Each authorization log contains a set of fields necessary for proper identification of the event, its source, and context:
- Timestamp (Event Time): The exact time the event occurred.
- Severity (Severity Level): The seriousness of the event (scale 0–10).
- Event ID (Event Identifier): A unique event code, e.g., AUTH_LOGIN_SUCCESS_001.
- Event Name: A readable name of the event, e.g., User login successful.
- Source User Name: The user who performed the action (e.g., logged in).
- Source IP: The IP address of the device from which the action was performed.
- Outcome: The status of the action (e.g., Success, Failure, Pending).
- Message: A detailed description of the event.
- Additional Fields: May include event-specific information, such as browser (UserAgent) or session details
