The Account Audit Log is a tool that allows site administrators, customer service representatives, security officers, legal counsel, etc., with the appropriate permissions, to easily view actions performed on end-users accounts using the end-user's UID in a user friendly and non-technical manner. This will display any audited changes, whether made by the user or an API (admin) that affects the user's account.
The Account Audit Log is a sub-set of the more powerful Audit Log, so only APIs that are tracked in the Audit Log are available within the Account Audit Log.
Actions that are audited include the following:
- accounts.setAccountInfo (changes to data, profile, subscriptions, and/or preferences objects or when a password is changed/updated)
- All other audited APIs that return a UID (APIs not listed above are not uniquely identifiable and fall under the category "Audited Event", see below for more information)
Audited events are stored for one year from the date they occurred.
You can configure the retention period for saving audit log records. This configuration affects both the Audit Log, and the Account Audit Log.
By default, this period is set to 12 months, so if that suits your needs, no additional configuration is required.
To change this setting:
- Go to the Admin tab in Gigya's Console and select Settings.
- Under Audit log retention period, select the number of months that audit records will be stored.
- Save and confirm.
Using the Account Audit Log
You can locate the Account Audit Log under the Admin tab of your Gigya Console.
Simply enter a user's UID into the field and press the magnifying glass icon to begin your search.
The default results are for the last 30 days, however, you can customize the time period to the maximum available.
If the UID exists under the currently selected API key, you will see results similar to the following.
If there are no results for the API key, or the UID does not exist for the current site, you will receive a notice.
You can filter the results by selecting one or more of the available Filters.
The available filtering options are:
- Date Range (above the filters)
- Account Created/Deleted
- Password Change
- Data Update
- Social Activity
By selecting any of the available filters you will see only the relevant results.
Once you have the results you need, you can see more details by opening the event panel of the specific event.
Getting Additional Data
If you need detailed information about the event you can copy the Call ID from the event details pane and use it within a full Audit Log query to get the event's complete details.
An example query:
The Audited Event Category
When an audited event occurs that does not specifically fall into one of the currently defined categories, for instance, accounts.notifyLogin., it will be logged as Audited event.
Occasionally an API call may fail for whatever reason. In cases where this happens, you will see a record of the event in red, and a description of the error that occured.
You can open the Event's details panel for additional information.