Authentication traffic that goes through Ivanti Access is captured and displayed in Access Reports. Each IdP or SP proxy request to Ivanti Access is logged and displayed as a separate row. For a single authentication instance, there may be up to two log entries.
Each row provides visibility into users, devices, and apps accessing cloud services.
You can do the following with the report data displayed in Access Reports:
- Filter the reported instances to view a subset.
- View details for the reported instances.
- Export the reported instances that are displayed.
- Search for reports in the search bar with advanced and flexible query search to filter desired report data.
- Ivanti Access Report now displays the Client IP or the Device IP in the Access Reports.
Figure 1. Ivanti Access report
Ivanti Access displays the persisting Delegated IDP field in Ivanti Access reports that help users identify the log entries for delegated IdP.
Figure 2. Delegated IdP field in Ivanti Access report
The authrequestID field for SP proxy and IdP proxy in Ivanti Access Reports allows administrators to correlate entries for the IdP proxy and SP proxy that are part of the same pair. The authrequestID for SpProxy and IDpProxy is now visible in Ivanti Access Reports which lets you relate between the two entries. Export the report to a .csv file to do the correlation.
The authnrequestId is not searchable through flexible search.
Figure 3. authnrequestid in Ivanti access report
Ivanti Access reports includes a search option that allows you to do advanced and flexible queries to filter the desired data and customize the report in Reports > Access.
Figure 4. reports search bar
The screen displays the advanced query that you can use to search the report. A maximum or 1024 characters is supported in a query.
The following query words are searched in the Search bar:
- Source IP
- Service Name
- Request Class
- Assertion Attributes
- Request Method
- Request Url
The following flexible query types are supported. If more than one word (except boolean operators) is specified, the select condition is composed by operators.
- An exception is thrown for any word (except boolean operators) with wildcard (*,?) having length less than three characters. For example: ab*, a?b, etc results in an exception, while abc*, abc? will not result in exception.
- Searching is not case sensitive.
AND | OR | NOT
All characters except the invisible control characters and unused code points are supported.
* and ?
The following table provides examples of search queries.
To search for records having IP Address as 10.11.12.13 and Chrome as the User agent:
•10.11.12.13 AND chrome
To search for records having IP Address as 10.11.12.13 or chrome:
• 10.11.12.13 OR chrome
Difference between AND and OR.
A AND B means both A and B must be present in the record.
A OR B means either A or B should be present in the record.
NOT operator is used to exclude certain terms from the result.
For example, the below query returns all records that do not contain chrome and 10.11.12.13
•NOT chrome AND NOT 10.11.12.13
If the details are partially unknown, use wildcards to fetch the results:
•10.11.1* AND chro*
Using Quotes (“)
For example: To fetch the results with chrome version, use the below query:
This query returns the records that have chrome version, 60.0.3112.113
For example, a search query, Intel Mac os x is interpreted as Intel OR Mac OR os OR x.
For example: "Intel Mac os x"
This query returns the records with complete string Intel Mac os x.
Multiple Operators along with parenthesis can be used for searching.
For example, (chrome AND (10.11.12.13 OR 10.11.12.14))
This query returns all the records with chrome and IP Address as either 10.11.12.13 or 10.11.12.14.
It is recommended to include parenthesis in the query as it provides grouping. For example, the above example without parenthesis might be interpreted differently by the system and desired results might not be obtained.
Best Practice: If the search word contains a special character, Ivanti recommends to use double quotes around the searched word.
When there is an Ivanti Access Report with error, by expanding Report Details an exception message is displayed. When you click More, stack trace is also displayed. Also, the default message has the error code and message.
Figure 5. exceptions in reports
To filter report data, do one or a combination of the following in the left panel:
•Enter a Start Date & Time and End Date & Time.
•Select the data type to view a subset of the reported data.
The report data is always sorted by timestamp in descending order. By default, the filter for time is set from 12 AM to 12 AM.
The following fields are available to filter the report data. When you run a report, the active federated pairs, policies, and rules are listed on top of the list. The deleted items are structured at the bottom of the list.
Start Date & Time
Enter a start date and time to filter the data.
End Date & Time
Enter an end date and time to filter the data.
Select the federated pair for which you want to see data.
Select one of the following:
Select the conditional access policy for which you want to see data.
Select the conditional access rule for which you want to see data.
Only the rules in the selected policy are available for selection. If a policy is not selected, rules will not be available for selection.
To view additional details for a report entry, click on one of the following options:
- Show Detail: Click on Show Detail to see the details for all rows.
- Click on the three dots (...) adjacent to each row to view details for that log entry.
Figure 6. report details
The Export feature allows you to download Ivanti Access report data as a CSV file. You can then import the .csv file to a reporting tool and generate custom views and reports.
When you export report data, only the rows in the Reports > Access view will be downloaded. You cannot customize the fields for exporting.
|In the Ivanti Access administrative portal, go to Reports > Access.
|Click on Export. The Export Reports window appears that displays the size of the report file.
Figure 7. Export reports
|Click Export if the size is appropriate.
A CSV file containing the report data is downloaded.
•When a report is exported, there is an appropriate entry in the Audit reports.
•Use the left navigation filter to select appropriate records such as files that are larger in size. Only the filtered records are then exported in the file and can help in reducing file sizes.