The User Provisioning Audit Report includes a breakdown of the creation, update, and deletion of users in your Egnyte account. It’s a good option when you need to see who created or deleted a specific user or generally track any updates to your users’ personal details. You'll learn how to run a User Provisioning Audit Report, what each parameter does, and what's included in the report.
Note: Audit Reports are available for Office plans or higher that purchase the Advanced Security Package.
If you'd like to learn more, our Reports & Auditing Overview article covers all of the reports available to you.
Run a Report
From the Reports Center, expand the Audit section and select User Provisioning Reports.
Click on the + New Report button to begin. You'll need to name the report and choose the parameters for the report.
You may select one or more parameters to narrow down the activity you'd like to view.
- Date range: Narrow down auditing by activity day or date range.
Note: Egnyte purges all audit logs older than 3 months.
- Performed by: Narrow your report to changes made by specific users (Selected users) or Users in selected groups. Alternately, you can choose Any user to see user provisioning changes made by all users in your account.
Note: If you leave the box checked for Include system actions, actions completed by the system will will be included on the report.
- Subjects: See what users had their accounts changed.
- Actions: View specific user provisioning events. You can choose from: Create, Update, Disable, Delete, Enable, Password Change, and Password Reset.
When you select multiple parameters, the report will generate results matching all of them.
User Provisioning Audit Report Output
When you submit any audit report, you will receive an email and alert within few minutes letting you know that the report is ready for viewing. If it is a smaller audit report, you'll have access to it right away.
Note: Since audit logs for file activity are captured periodically through the day, you may not see activity for the last few hours in your report.
The user provisioning audit report displays the following information:
- Date: Provides the time stamp of the user provisioning change.
- Performed by: The user who performed the provisioning action.
- Subject: Which user or group the action was performed on
- Action: Indicates the type of change (e.g. create, update, delete, etc) that occurred.
- Action Info: What specifically changed when a user or group is updated (e.g. email address, first name, etc).
- Action Source: Where the described action was made (e.g. Web UI, Mobile, etc.)