Access Management 2.0 Event Logging
Introduction
This page provides a comprehensive overview of Access Management 2.0’s User and Administrative Event Logging capabilities, explaining how authentication activities and privileged administrative actions are captured, processed, and stored within the platform.
Access Management 2.0 provides built-in auditing for two distinct categories of security-relevant events:
| Category | Purpose |
|---|---|
| User Events | Capture authentication and user-driven security actions |
| Admin Events | Capture administrative and configuration changes |
User Events (Authentication & User Activity)
What User Events Capture
User events record end-user security activity, including:
- LOGIN (successful authentication)
- LOGOUT
- LOGIN_ERROR (failed login)
- UPDATE_PASSWORD
- RESET_PASSWORD
- TOKEN_REFRESH (depending on configuration)
Admin Events (Administrative & Configuration Changes)
What Admin Events Capture
Admin events record privileged actions, including:
- User creation, updates, deletion
- Role and role-mapping changes
- Client creation, updates, deletion
- Client scope changes
- Identity Provider (IdP) creation and updates
- Realm configuration changes
How an Administrator Enables Event Logging
- Login to Access Management 2.0 Administration Console as an Administrator
- Choose the appropriate realm →
maactive
Click on Realm Settings
Click on the Events Tab
Enable Events at the Realm Level
In Admin Console → Realm Settings → Events:
- Enable User Events
Enable User Events and Set Persistence
Event Types Captures for a User
- Enable Admin Events
Click on the Admin Events tab
Enable Save Events and Include Representation
Database Tables Used for Event Storage
Access Management 2.0 stores events in dedicated audit tables when persistence is enabled.
User Events Table
EVENT_ENTITY
Stores one row per user event.
| Column | Description |
|---|---|
| ID | Event UUID |
| EVENT_TIME | Epoch milliseconds |
| TYPE | Event type (LOGIN, LOGOUT, etc.) |
| REALM_ID | Realm UUID |
| CLIENT_ID | Client ID |
| USER_ID | User UUID |
| SESSION_ID | Session ID |
| IP_ADDRESS | Source IP |
| ERROR | Error code (nullable) |
Admin Events Table
ADMIN_EVENT_ENTITY
Stores one row per admin event.
| Column | Description |
|---|---|
| ID | Event UUID |
| ADMIN_EVENT_TIME | Epoch milliseconds |
| REALM_ID | Target realm |
| OPERATION_TYPE | CREATE / UPDATE / DELETE |
| RESOURCE_TYPE | CLIENT, USER, ROLE, etc. |
| RESOURCE_PATH | Target resource path |
| RESOURCE_ID | Target resource ID |
| AUTH_REALM_ID | Actor realm |
| AUTH_CLIENT_ID | Actor client |
| AUTH_USER_ID | Actor user |
| AUTH_IP_ADDRESS | Actor IP |
| ERROR | Error code (nullable) |
| REPRESENTATION | JSON snapshot (optional) |
Feedback
Was this page helpful?