How to Audit Enterprise Single Sign-On
Use this command to set both the positive and negative auditing levels. Single Sign-On (SSO) administrators can set the positive and negative audit levels that suit their corporate policies. You can set positive and negative audits to one of the following levels:
-
0 = None
-
1 = Low
-
2 = Medium
-
3 = High - This level issues as many audit messages as possible.
The default value for positive auditing is 0 (none), and the default value for negative auditing is 1(low).
To change the database-level auditing, you must update the Credential database using an XML file. The following is an example XML file that is used for updating the Credential database:
<sso> <globalnfo> <auditDeletedApps>1000</auditDeletedApps> <auditDeletedMappings>1000</auditDeletedMappings> <auditCredentialLookups>1000</auditCredentialLookups> </globalInfo> </sso>
To audit Single Sign-On using the Microsoft Management Console (MMC) Snap-In
Click Start , point to Programs , click Microsoft Enterprise Single Sign-On , and then click SSO Administration .
In the scope pane of the ENTSSO MMC Snap-In, expand the Enterprise Single Sign-On node.
Right-click System , and then click Properties .
In the SSO System Properties dialog box, click the Audits tab.
Enter the appropriate settings, and then click OK .
To audit Single Sign-On using the command line
Click Start , click Run , and then type cmd .
At the command prompt, go to the Enterprise Single Sign-On installation directory.
The default installation directory is <drive> :\Program Files\Common Files\Enterprise Single Sign-On.
Type ssoconfig –auditlevel < positive level><negative level> , where <positive level> is the level of auditing when actions succeed, and <negative auditing> is the level of auditing when actions fail.
To audit the Credential database
Click Start , click Run , and then type cmd .
At the command prompt, go to the Enterprise Single Sign-On installation directory.
The default installation directory is <drive> :\Program Files\Common Files\Enterprise Single Sign-On.
Type ssomanage –updatedb <update file> , where <update file> is the path and name of the file.