description | title | ms.custom | ms.date | ms.service | ms.reviewer | ms.suite | ms.topic |
---|---|---|---|---|---|---|---|
Learn more about: How to Audit Enterprise Single Sign-On |
How to Audit Enterprise Single Sign-On |
11/30/2017 |
host-integration-server |
article |
Use this command to set both the positive and negative auditing levels. Single Sign-On (SSO) administrators can set the positive and negative audit levels that suit their corporate policies. You can set positive and negative audits to one of the following levels:
-
0 = None
-
1 = Low
-
2 = Medium
-
3 = High - This level issues as many audit messages as possible.
The default value for positive auditing is 0 (none), and the default value for negative auditing is 1(low).
To change the database-level auditing, you must update the Credential database using an XML file. The following is an example XML file that is used for updating the Credential database:
<sso>
<globalnfo>
<auditDeletedApps>1000</auditDeletedApps>
<auditDeletedMappings>1000</auditDeletedMappings>
<auditCredentialLookups>1000</auditCredentialLookups>
</globalInfo>
</sso>
-
Click Start, point to Programs, click Microsoft Enterprise Single Sign-On, and then click SSO Administration.
-
In the scope pane of the ENTSSO MMC Snap-In, expand the Enterprise Single Sign-On node.
-
Right-click System, and then click Properties.
-
In the SSO System Properties dialog box, click the Audits tab.
-
Enter the appropriate settings, and then click OK.
-
Click Start, click Run, and then type
cmd
. -
At the command prompt, go to the Enterprise Single Sign-On installation directory.
The default installation directory is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
-
Type
ssoconfig –auditlevel < positive level>``<negative level>
, where <positive level> is the level of auditing when actions succeed, and <negative auditing> is the level of auditing when actions fail.
-
Click Start, click Run, and then type
cmd
. -
At the command prompt, go to the Enterprise Single Sign-On installation directory.
The default installation directory is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.
-
Type
ssomanage –updatedb <update file>
, where <update file> is the path and name of the file.
How to Update the Credential Database
Enterprise Single Sign-On Tasks