Edit

Share via

How to Audit Enterprise Single Sign-On

  • Article

Use this command to set both the positive and negative auditing levels. Single Sign-On (SSO) administrators can set the positive and negative audit levels that suit their corporate policies. You can set positive and negative audits to one of the following levels:

  • 0 = None

  • 1 = Low

  • 2 = Medium

  • 3 = High - This level issues as many audit messages as possible.

    The default value for positive auditing is 0 (none), and the default value for negative auditing is 1(low).

    To change the database-level auditing, you must update the Credential database using an XML file. The following is an example XML file that is used for updating the Credential database:

<sso>  
<globalnfo>  
<auditDeletedApps>1000</auditDeletedApps>  
<auditDeletedMappings>1000</auditDeletedMappings>  
<auditCredentialLookups>1000</auditCredentialLookups>  
</globalInfo>  
</sso>

To audit Single Sign-On using the Microsoft Management Console (MMC) Snap-In

  1. Click Start, point to Programs, click Microsoft Enterprise Single Sign-On, and then click SSO Administration.

  2. In the scope pane of the ENTSSO MMC Snap-In, expand the Enterprise Single Sign-On node.

  3. Right-click System, and then click Properties.

  4. In the SSO System Properties dialog box, click the Audits tab.

  5. Enter the appropriate settings, and then click OK.

To audit Single Sign-On using the command line

  1. Click Start, click Run, and then type cmd.

  2. At the command prompt, go to the Enterprise Single Sign-On installation directory.

    The default installation directory is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  3. Type ssoconfig –auditlevel < positive level>``<negative level>, where <positive level> is the level of auditing when actions succeed, and <negative auditing> is the level of auditing when actions fail.

To audit the Credential database

  1. Click Start, click Run, and then type cmd.

  2. At the command prompt, go to the Enterprise Single Sign-On installation directory.

    The default installation directory is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  3. Type ssomanage –updatedb <update file>, where <update file> is the path and name of the file.

See Also

How to Update the Credential Database
Enterprise Single Sign-On Tasks