IBM Cloud Docs
Monitoring login sessions for trusted profiles

Monitoring login sessions for trusted profiles

Trusted profiles are used to automatically grant federated users access to your account, and you can use Activity Tracker to monitor which federated users and compute resources apply a trusted profile.

You can also monitor active user login sessions. For more information, see Monitoring your login sessions.

Before you begin

You must create an instance of the Activity Tracker service in the Frankfurt (eu-de) region to monitor events for IAM trusted profiles. For more information, see Provisioning an instance.

Reviewing login sessions by using Activity Tracker

Complete the following steps to review login sessions by using Activity Tracker:

  1. In the IBM Cloud console, go to the Navigation menu icon Navigation Menu icon > Observability > Activity Tracker.
  2. Click Open dashboard on the dashboard that you use to monitor trusted profiles.
  3. Click Sources and select iam-identity to filter the results and view only IAM Identity login events.
  4. Use the search field to view trusted profiles login events for users or to view trusted profiles login events for compute resources.
    1. For users, search action:iam-identity.user-authcode OR action:iam-identity.user-identitycookie.login.
      • action:iam-identity.user-authcode indicates a login that is initiated by the user.
      • action:iam-identity.user-identitycookie.login indicates an authentication that is based on a browser cookie.
    2. For compute resources, search action:iam-identity.computeresource-token.login.
  5. Select an event to view the fields that have identifying information:
    • The Initiator.authnId and Initiator.authnName attributes contain the details for the authenticated user that applies a profile.
    • The Initiator.id and Initiatior.name attributes contain the details of the profile that is applied.

Examples

A compute resource that's applying trusted profile compute-profile-1 has the following identifying attributes:

Table 1. Sample trusted profile attributes and values in Activity Tracker
Attribute Value
action iam-identity.computeresource-token.login
initiator.name compute-profile-1
initiator.id IBMid08348934
initiator.typeURI service/security/account/profile
initiator.credential.type profile
initiator.authnId crn-crn:v1:bluemix:public:containers-kubernetes:satloc_wdc_c8gfp9ow)1il4mg:a/a319e5b2c84429a9a2ece7a7c9a8807:c8jrclfw0
initiator.authnName sat-kp-c8gfp9ow0gavb01il4mg:ibm-kp:default:key-management-crypto-7797c45798-mlbck
logsourceCRN crn:v1:bluemix:public:cloud-object-storage:global:a/59bcbfa6ea2f006b4ed7094c1a08dcdd:1a0ec336-f391-4091-a6fb-5e084a4c56f4::

A federated user that's applying trusted profile fed-user-profile-1 has the following identifying attributes:

Table 2. Sample trusted profile attributes and values in Activity Tracker
Attribute Value
action iam-identity.user-authcode
initiator.name fed-user-profile-1
initiator.id IBMid90101838
initiator.typeURI service/security/account/profile
initiator.credential.type profile
initiator.authnId IBMid11118967
initiator.authnName addison.martin@ibm.com