User trail logging

Airlock IAM provides IAM-instance independent logging of user activities to a database.

0. With the standard configuration, user trails are shown in the Adminapp UI under:
1. Users >> tab Activities
2. All activities on a user account are shown in a list. For example, both Loginapp and Adminapp log entries for the user account will be displayed.

• For Airlock IAM 8.0 and later:
• Logging into the database replaces the obsolete logging into the medusa-usertrail.log file as of Airlock IAM 8.0.
• Note that the user trail can only be displayed in the Activities tab of the user's Details view when using the standard configuration, where all IAM modules log into a single user trail database. The Activities tab will remain empty if the logging is configured differently.
• Service tasks for the initial import of existing medusa-usertrail.log messages after IAM upgrade and for scheduled cleanup of the user trail database are available for configuration.

• Airlock IAM 8.0 or later needs to be installed.
• The IAM configuration must either be migrated during the upgrade from a previous IAM release or manually be configured to write into the database.

Data sources can be configured globally for all IAM modules (this is the default) or individually for each module.

1. Global data sources can be configured in the Config Editor under:
   MAIN SETTINGS >> Data Sources >> User Trail Data Source
2. Separate data sources can be configured on each module menu entry in the Config Editor under, e.g.:
   Loginapp >> section Advanced Settings >> property Log User Trail To Database

We recommend using the default configuration a. with only one user trail database in the MAIN SETTINGS menu in the Config Editor to benefit from the user activities list in the Users >> Activities tab of the Adminapp UI. Using the configuration option b. will leave the Activities tab empty!

The user activity logging can be configured for strictly separated logging per tenant for strong segregation on the database layer.

The following instructions apply when a global data source has been configured. If your setup is based on individual data sources e.g., for Adminapp and Loginapp, make the required configuration changes in corresponding database configurations.

1. In the Config Editor, go to:
   MAIN SETTINGS >> Data Sources >> User Trail Data Source >> SQL Data Source
2. For property Tenant ID, configure one or more tenants in the Advanced Settings section.

Airlock IAM can be configured to continue logging to the medusa-usertrail.log file. In this configuration, the user activities tab remains empty and user activities can be looked up for each IAM module separately in the Logs menu.

0. To do so:
1. Click the Show in Logs-button in the Users >> Activities tab or select the Logs menu in the Adminapp.
2. Select the module from the Application drop-down list to display log messages of a specific IAM module.

• Internal links:
• Clean-up task for user trail logs in database
• User data source configuration (databases and directories)
• Tenant vs. Realm
• Recommended use cases for configuration contexts
• Adminapp log viewer

• External links:
• Upgrade and data migration of user trail logging in Airlock IAM 8.0