All Products
Search

This Product

    Identity as a Service:User behavior

    Document Center

    Identity as a Service:User behavior

    Last Updated:Oct 21, 2025

    The log module of IDaaS EIAM provides detailed user behavior recording capabilities to help enterprises monitor and manage user access activities. This topic describes how to use the user tab in the log module for log query and management.

    Feature overview

    • User behavior: Records user operation-related logs, covering key information such as specific user behaviors in the system, operation time, operation objects, and operation results.

    • Log purpose: Assists administrators in monitoring, auditing, and managing user activities. Facilitates timely detection of abnormal behaviors, troubleshooting issues, and conducting security audits.

    • Log query and filtering: Supports multi-dimensional query filtering of logs, such as filtering by time range, operator type, and more.

    • Log display format: Displays detailed logs in table format, including key information such as time, operator, event type, and more.

    • Log export: Supports exporting logs to Alibaba Cloud SLS.

    Procedure

    1. Access the log module

      1. Log on to the IDaaS console.

      2. In the left-side navigation pane, select EIAM.

      3. Select the corresponding IDaaS instance, and click Manage in the operation column. Go to Log > User.

    2. Set query conditions

      Under the User tab, you can set various query conditions to filter log records:

      • Time range: Select the time range for log records. You can quickly select the last week, last month, last three months, last six months, or a custom time range.

      • Advanced search

        • Operator type: Select the type of operator, such as IDaaS account, IDaaS application, Resource Access Management (RAM) user, RAM role, etc.

        • Event type: Select a specific event type, such as all event types, account joining organization, registering authenticator, etc.

        • Object type: Select the type of operation object, such as account, organization, user group, identity provider, application, etc.

        • Event result: Select the result status of the event, such as success/skipped, failed, etc.

    3. Execute search

      1. After entering the filter conditions, click the Search button to execute the query.

      2. If you need to clear all filter conditions, click the Reset button.

      3. Check Search and collapse to automatically collapse the filter panel after searching, making the interface more concise.

    4. View log details

      Search results will be displayed in the table at the bottom of the page. The table includes the following columns:

      1. Time: The time of the event occurrence.

      2. Operator: The user ID or name that executed the operation.

      3. Event type: The specific type of operation, such as basic authentication, user performing CAPTCHA, etc.

      4. Operation object: The object being operated on, such as User Portal, Password, etc.

      5. Event result: The result of the operation, such as success, failed, etc.

      Click on a log record to view more detailed log information.

    References