Views:

Applies To:

GroupID 8 and above

Summary:

The administrator can configure history logging for an identity store. On the basis of these configurations, you can view history data of directory objects that GroupID modules and services update or modify in the directory.

History Configuration:

Using history configurations for an identity store, you can choose to track all or some actions performed through:

You can also specify the duration for retaining history data in GroupID, after which this data is exported to CSV files and deleted from the GroupID database.

To configure history tracking for an identity store:

  1. In GroupID Management Console, click the Identity Stores node.
  2. Double-click the required identity store to open its properties.
  3. Click the Configurations tab and then click History in the left pane.

    You can:

    Track All actions for GroupID
    1. Select All Actions from the Track drop-down list.
      This option tracks all actions performed using Automate, Self-Service, Synchronize, and GroupID Management Shell. This option also tracks the history data of the scheduled jobs and the GroupID Mobile app.
    2. Click OK.
    Track specific actions for GroupID
    1. Select Selected Actions from the Track drop-down list.
    2. Select the actions to be tracked from the Manual Actions list and move them to the Selected Actions list.
       
        Action Description
      1. Ownership Change Changes to a group's primary ownership
      2. Additional Owner Change Addition and removal of a group's additional owner(s)
      3. Expiration Policy Change Any change to a group's expiry policy
      4. Group Expire/Renew Expiry of a group; renewal of an expired group
      5. Query Change Changes to the query of a Smart Group or Dynasty
      6. Security Type Change Changes to a group's security type
      7. Object Created Creation of a new object
      8. Object Deleted Deletion of an object
    3. Click OK.
    Disable history tracking
    1. Select Nothing from the Track drop-down list.
      This disables history tracking in GroupID and the Keep History options in the Retention section have no impact. However, all actions performed using the Password Center User portals and Helpdesk portals continue to be tracked even with Nothing selected.
    2. Click OK.
       
      Note: Disabling history tracking does not delete any already recorded history data.
    Retain history data forever
    1. Select All in the Keep History drop-down list to retain all tracked history data in the GroupID database. This may result in a massive increase in the database size and may affect the performance of GroupID.
    2. Click OK.
    Retain history data for a specific period
    1. Select one of the following retention options from the Keep History drop-down list:
      • Last 30 Days
      • Last 60 Days
      • Last 90 Days
      • Last 120 Days
      • Last 6 Months
      • Last 1 Year
      • Last 2 Years
      • Last 5 Years
    2. Click OK.

      With a retention period (other than All) specified, GroupID creates a retention scheduler task in Windows Task Scheduler named as:

      HistoryRetention_HistoryRetention_<date+uniquevalue+identity store ID>

      By default, this task runs at 12:09 am daily. However it will not export any history item to the CSV file unless the specified retention period (say 30 days) has passed for that item. The CSV file is created at the following location:

      X:\Program Files\Imanami\<GroupID_version>\HistoryBin
      (where X represents the GroupID installation drive)

View History Data

View a group's history in Automate

For each group in Automate, you can view the tracked actions.

  1. In GroupID Management Console, click Automate > All Groups or My Groups or My Memberships.
  2. Right-click a group to view its history data and select Properties.
  3. Click the History tab. The history information comprises of these items:
    • Time - The date and time that the action was performed.
    • Action - The type of action performed.
    • Attribute - The schema attribute that was changed due to the action.

    The following lists are available when the target attribute is single-valued:

    • Old Value - The attribute value before the action.
    • New Value - The attribute value after the action.

    The following lists are available when the target attribute is multi-valued:

    • Added Items - The list of items that were added to the multi-value attribute.
    • Removed Items - The list of items that were removed from the multi-value attribute.

    If the history record spans multiple pages, you can page through the records using the navigation buttons available at the top of the tab.

  4. Double-click a record to view its details.
    The History Details dialog box opens. Review the information and click OK.
  5. Click OK to close the group properties window.

View the history data tracked in GroupID

The History Summary node in GroupID Management Console groups history data by date groups. Each date group displays changes made to directory objects on that date or within its date range. The default date groups are; TodayYesterday and Last Week. You can narrow down the history items on the basis of the available filters.

History data can be viewed in two modes:

  • Detail View: displays history data in a descriptive, user-friendly manner (default view).
  • Administrative View: displays history data in a tabular form. You can click a history item to view more details about it.

Using the Export History option, you can export the history of directory objects to Microsoft Excel, CSV, and XML formats.

You can add different filters in History Summary to limit the history results. For example, you can create an expression on the basis of attribute, client name, object type, old value, and more. Simply click Create Filter and then add an expression.

References:

  • GroupID Online Help topic: Configuring History
  • GroupID Online Help topic: History Summary
Keywords: History, Configurations, tracking, audit, GroupID