17.2 Running the audit report

The Audit Reporting tool enables you to list events for either a single workflow or task within MyID or for all operations. This list can be filtered according to specific criteria. For example, you might want to view all people added by a particular operator or all events for a named MyID user.

To run an audit report:

  1. From the Reports category, select Audit Reporting.

    You can also launch this workflow from the Additional Reporting section of the More category in the MyID Operator Client. See the Using Additional Reporting workflows section in the MyID Operator Client guide for details.

    Alternatively, you can use the History tab of the View Person screen or the Unrestricted Audit Report in the MyID Operator Client to view the details recorded in the audit trail. See the Working with the audit trail section in the MyID Operator Client guide for details.

  2. Complete the form as appropriate and select Search.

    Note: The Reset button returns all fields on the form to their original values before any changes were made.

  3. The results are displayed in the Selected Events table. This table shows the date on which the events started and ended, if applicable, the type of event (for example, adding a person or canceling a token) and a message associated with the event.

    An information symbol appears beside each operation. The color indicates the type of operation.

    You can browse through the Selected Events table, change the number of rows displayed and toggle the display of the table / Audit Reporting form.

    You can also browse through blocks of events.

  4. Double-click a result to display individual audit entries for the event.

    A single event may have multiple audit entries.

  5. Double-click an audit entry to display the audited information.

    The Audit Information Gathered dialog appears.

    The IP address and client identifier are displayed if this feature is enabled; see section 17.2.3, Logging the client IP address and identifier for details.

    You can also view additional information:

    • Signing Details – displays any information about the signing that was used for the operation, if any.

    • Card Content – displays the content of the card used for the operation, if any.

    • View Data – displays the signed content for operation, if any.

    Click Close to close the Audit Information Gathered dialog.

  6. To print the report, click the print button.
  7. To save the report, select XML, CSV, or Excel to select the format, then click the save button.

17.2.1 Information icons

The information icon next to each event is color-coded to indicate the status of the operation. Pointing to the icon shows its type as a tooltip. The table below describes each type.

Shows that the operation was successful, for example, a card issuance completed successfully.

Shows that the operation started but did not complete. This occurs when the person closes the client or clicks on a top-level menu to cancel an operation.

Shows that the operation failed. This may happen, for example if there is a failed logon attempt.

Shows that the operation was canceled, for example, the user clicked Cancel during the Edit Groups workflow.

Shows that an error occurred (such as a server error) preventing the workflow from completing.

Shows that a warning occurred while the operation was in progress.

17.2.2 Browsing through blocks of events

You can browse through blocks of events; the number of events in each block depends on the value set in the Event Limit field on the Audit Reporting form.

For example, if the Event Limit value is set to 100, when you run the report, the first batch of 100 events is shown.

Clicking the following button shows the next batch of 100:

Clicking the following button shows the previous batch:

17.2.3 Logging the client IP address and identifier

By default, MyID captures the IP address and the client identifier of the workstation used to carry out the audited operation, and stores this information in the audit trail. By default, the client identifier is the fully-qualified domain name of the client PC; for example, myworkstation.mydomain.local. You can customize the client identifier; see section 17.2.4, Specifying a custom client identifier.

Note: MyID captures the IP address and client identifier if you have accessed the system through one of the client applications (MyID Desktop, Self-Service App, Self-Service Kiosk, the MyID Operator Client web page, or the MyID Client Service) or through the MyID Core API. Other systems, such as certificate processes on the server, the Derived Credentials Self-Service Request Portal, mobile provisioning, or web service APIs, do not provide this information.

You can configure whether to capture this information:

  1. From the Configuration category, select Security Settings.

  2. On the Server page, set the following:

    • Capture Client Identifier – Set this option to Yes to capture the client identifier.

    • Capture IP Address – Set this option to Yes to capture the client IP address.

      Note: MyID captures the IP address as reported to the web server; NAT or load balancing may affect this. Also, the IP address reported is the IPv4 address.

  3. Click Save changes.

17.2.4 Specifying a custom client identifier

Instead of the default fully-qualified domain name, you can specify a custom identifier on the client PC in the configuration file or the registry.

To set a custom identifier in the configuration file:

  1. On the client PC, shut down the application.

  2. Back up the configuration file for the application.

    The configuration file is as follows:

    • MyID Desktop – MyIDDesktop.exe.config in the following folder by default:

      C:\Program Files (x86)\Intercede\MyIDDesktop\

    • MyID Client Service – MyIDClientService.dll.config in the following folder by default:

      C:\Program Files (x86)\Intercede\MyIDClientService

    • Self-Service App – MyIDApp.exe.config in the following folder by default:

      C:\Program Files (x86)\Intercede\MyIDApp\Self Service Application\

    • Self-Service Kiosk – MyIDKiosk.exe.config in the following folder by default:

      C:\Program Files (x86)\Intercede\MyIDSelfServiceKiosk\

  3. Add the following to the <appsettings> section of the configuration file:

    <add key="ClientID" value="[unique_client_identifier]"/>

    where:

    • [unique_client_identifier] – the identifier you want to include in the audit for operations carried out using this installation of the application.

    For example:

    <add key="ClientID" value="Finance - Jane Smith - Laptop serial FINPC-123456"/>

    Note: You can use the KioskID setting for the Self-Service Kiosk instead; for example:

    <add key="KioskID" value="Kiosk Reception HQ"/>

  4. Save the configuration file.

  5. Restart the application.

To set a custom identifier in the registry:

  1. On the client PC, shut down the application.

  2. Open the Windows Registry Editor.

  3. Navigate to the following:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intercede

  4. Set the value of the following:

    ClientID

    If the entry does not exist, create a new String value.

  5. Restart the application.

Note: The entry in the registry overrides any client identifier settings in the configuration file, and is used for all MyID applications on the current workstation.