Session protection reporting

You can search the System Log records to find session protection events.

  • To see events that resulted in a policy re-evaluation, query eventType eq "user.session.context.change" && ArePoliciesEvaluated = true

  • To see events that failed policy re-evaluation, query eventType eq "policy.auth_reevaluate.fail"

  • To see when session protection enforcement settings for groups were evaluated, query eventType eq "policy.auth_reevaluate.enforce"

  • To see when an enforcement action (workflow or logout) was executed, query eventType eq "policy.auth_reevaluate.action"

System Log events are available from the Reports page and individual user profiles.

View events in System Log

  1. In the Admin Console, go to Reports > System Log.

  2. Configure the date range and enter a username.

  3. Click the magnifying glass icon beside the Search field.

View events from a user's profile

  1. In the Admin Console, go to Directory > People.

  2. Select a user.

  3. In a user's profile, click View Logs.

  4. Configure the date range, and then click the magnifying glass icon beside the Search field.

Related topics

Session protection

Configure session protection