Skip to main content

Audit Trail

Location, Location, Location

The Audit Trail can be configured from more than one location in Control Center:

  • In Standard Mode: Integrations under the Audit Trail tab for the integration
  • In Standard Mode: Control Center Settings under the Audit Trail tab
  • In Standard Mode: HYPR Affirm under the Audit Trail tab
  • In Advanced Mode: App Properties for the Application selected under Choose an App

In all cases the experience is the same; clicking the Event entry will reveal additional information about the Event.

API Calls

The calls to create, search for, and Export Audit Trail Events can be found here in the HYPR Passwordless API collection.

The Audit Trail is designed to help administrators discover if and when issues occur during registration, authentication, or transaction. HYPR captures this user activity data and provides access to it in a simple, easy-to-use interface which lowers troubleshooting time and personnel resources so the issue can be identified and remedied at speed.

Related Articles:

What Is the Audit Trail

The Audit Trail is a collection of user activity Events generated by the components in the HYPR ecosystem. These captured Events span the entirety of the flow of operations, whether it's registration, authentication, deregistration, or a transaction. At every step of each HYPR request or response, an Event is generated and collected with its corresponding information.

How It Works

Event data is stored in a separate schema away from the critical HYPR FIDO databases. This allows registration, authentication, and deregistration flows to continue functioning without being affected. The connection information to this schema can be found in the Vault; a HYPR representative can help you find it. The settings for the Audit Trail schema will be automatically set up for you during installation.

We anticipate there could be potentially millions of records in this database. We have included a means to roll over the data. This mechanism will be described in detail at the bottom of this guide.

Events

Each single captured Event is a result of a successful or failed attempt.

Audit Trail Events

Event Descriptions

A full list of all Events and common parameters can be found in the Event Descriptions article. Not every Event is listed in the CC Audit Trail; some only appear in API responses.

Mobile Device

Events triggered from a mobile device (including security keys and smart-cards) will display the Device OS, OS Version, Device Model, Device ID, and SDK Version. See parameter details here.

Workstation

Events triggered from a workstation will display Extended Message, OS Version, Model, OS, Offline Access Enabled, Offline Token Length, Offline Token Count, Offline Access Days, Tokens Available, and Tokens Remaining. See parameter details here.

Server

Events triggered from the server will display the Node ID and Control Center Version. See parameter details here.

Web

Events triggered from web operations will display the Extended Message and Machine Name. See parameter details here.

Getting There

The Audit Trail feature is Application-specific and does not encompass a global scope. You can locate it in the left navigation panel of the Control Center under App Properties.

Searching Events

When you first click on the Audit Trail option, the last 10 minutes of Events will be displayed by default.

A single activity can sometimes generate several events. In this case, the value in the Trace ID column will be the same, letting you see which events come from the same activity.

To copy a single piece of data from the Audit Trail, hover the mouse over the piece of data you want and then click the copy icon to place it in your clipboard.

Search by Time Frame

To expand the searchable timeframe, click the calendar icon.

Quick Filters

ParameterDescription
Last HourGets the last 24 hours of Events.
TodayGets the Events from midnight to current time.
YesterdayGets the Events from yesterday.
Last 7 daysGets the Events from the last 7 days.
Last 30 DaysGets the Events from the last 30 days.

User Interface

You can also select a specific timeframe by clicking the Start Date and End Date in the calendar. For a more precise timeframe search, you also can enter in a time (HH:MM:SS format).

Search by Username, Machine ID, Session ID, or Device ID

The Audit Trail allows searching by Username, Machine ID, Session ID or Device ID. Searching on one of these identifiers allows the administrator to narrow down the action and get a resolution to the issue without having to dig through the server logs. By quickly identifying a failed event and cross-referencing it with one of the above identifiers, you can further glean the root cause of the issue.

Export

To export rows of the Audit Trail, select the checkbox next to the row you want to export and click Export Selected in the upper right. This will provide you with a .CSV file including all selected rows.

Examples

You have found a failed Event that is a timeout. By searching for the Machine ID, you see that this particular user has many timeouts and errors which say, "Did not receive anything from device." This could be a device issue. Check connectivity and try again.

Database Rollover

We keep the last 30 days of Event data.
Every hour we archive the data that is older than 30 days into a backup table.
The backup retains data indefinitely.

Troubleshooting

Contact Support

Mobile users may be asked to use the Support email function in HYPR Mobile App's Device Manager. When opened, it generates an email including relevant debug information.

Support Email Configuration

HYPR Mobile App Support email settings are configured in Control Center Advanced Config Menu: UI Management.

Administrative Troubleshooting

  1. Check the diagnostic email from the user.

  2. Copy the FIDO ID (Identifer) and paste it into the Audit Trail search.

  3. Locate the final error Code: ####### entry and note the value.

  4. Check the lists of HYPR Error Codes for error details and resolution steps.

API Access

Integrate Audit Trail APIs into your application to leverage advanced search capabilities or improve integration with the existing system.

Learn more about API Access.