API Guide - AuditLogs

  • Updated on Apr 27, 2022

Get Audit Logs

Banyan records system activity related to your organization to provide an audit trail. This endpoint returns admin audit logs according to your specific filters and parameters.

HTTP Request

GET /v1/audit_logs

URL Parameters

N/A

Query Parameters

Parameter Format Description Default
action String Filters by action (such as create, update, delete,enable, and disable) n/a
admin_email String Filters by Admin email address n/a
end_time Int Filters records that occurred before a specific epoch timestamp (in nanoseconds) n/a
limit Int Used in Pagination. Specifies the maximum number of records to return 25
skip Int Used in Pagination. Specifies the number of records to skip 0
start_time Int Filters records that occurred after a specific epoch timestamp (in nanoseconds) n/a
type String Filters by type of Admin activity type (such as admin_sign_on, security_attach_policy, idp_settings, et al.) n/a
org_id String orgid should be passed to get auditlogs for specific logs when token is super admin n/a
order String Filters records in given order based on created_at timestamp (e.g asc, desc) desc

Supported Admin Activity Types

The table below lists possible Admin activity types.

Type Related to
admin_sign_on Admin Sign-on method settings (such as Banyan-local or SAML)
idp_settings Identity Provider settings (such as Okta, Cognito, OneLogin, or Other)
mdm_settings Enterprise Device Manager settings
policy Banyan Policies
registered_service Managed Services
role Banyan Roles
security_attach_policy Policies attached to or removed from a service
trustscore_factors Device Scoring settings
unknown_device Unregistered Devices settings (such as access to services and/or HTTP responses)
device_registration_idp_settings  
admin_user CRUD on admin user
mdm_deploy_otp_skip_role changes to mdm deploy otp skip role
mdm_deploy_key changes to MDM deploy key
invitation_code changes to Invitation code
trustscore_ttl changes to trustscore profile ttl
enduser_device changes to enduser device
preferred_applications Preferred Applications
latest_os_config changes to latest os config
trust_config changes to trust config
root_certs changes to root cert
saas_applications SAAS Applications
idp_routed_applications IDP Routed
access_tier Access Tier
satellite Connector
access_tier_tunnel CRUD on access tier tunnel
api_key CRUD on api key
enduser when endusers get archieved due to inactivity
device changes to device
service_tunnel Service Tunnel
refresh_token when new refresh token issued or existing refresh token is revoked
org CRUD on org

Supported Actions

The table below lists possible actions for each Admin activity type.

type create update delete enable disable
admin_sign_on   yes      
idp_settings   yes      
mdm_settings   yes      
policy yes yes yes    
role yes yes yes yes yes
security_attach_policy yes   yes    
registered_service yes yes yes yes yes
trustscore_factors   yes      
unknown_device   yes      
device_registration_idp_settings yes yes yes    
admin_user yes yes yes    
mdm_deploy_otp_skip_role yes   yes    
mdm_deploy_key yes   yes    
invitation_code   yes yes    
trustscore_ttl   yes      
enduser_device   yes      
preferred_applications yes   yes    
latest_os_config   yes      
trust_config   yes      
root_certs   yes yes    
saas_applications yes yes yes yes yes
idp_routed_applications yes yes yes yes yes
access_tier yes yes yes    
satellite yes yes yes    
access_tier_tunnel yes yes yes    
api_key yes yes yes    
enduser     yes    
device     yes    
service_tunnel yes yes yes    
refresh_token yes   yes    
org yes yes yes    

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

NA

Status Codes and Errors

Value Description
200 OK
400 Bad request
401 Unauthorized
404 Not found
500 Internal Server Error

Response Headers

N/A

HTTP Response Body

Example audit log from IDP settings update

{
    "auditlogs": [
        {
            "id": "f744e29e-65fc-4874-8f02-820223e03962",
            "org_id": "b549352a-ea76-403a-ab35-f4a1e29e1110",
            "created_at": 1623165783224130697,
            "message": "IDP settings updated",
            "type": "idp_settings",
            "action": "update",
            "admin_email": "mahesh.dere@joshsoftware.com",
            "changes_new": {
                "config": {
                    "ClientID": "c71b8e8c264406664decd4d1f320fc6e692673bbd3f4ec20f23ae576b49ea584",
                    "ClientSecret": "cb50e2fb42df24ba83788b28d1c55648aad705d515091a314fea4cdac6bd0b09",
                    "IssuerURL": "https://dev-6021221.okta.com",
                    "RedirectURL": "https://dev03josh.trust-dev03.bnntest.com/v2/callback"
                },
                "name": "OKTA",
                "protocol": "OIDC"
            },
            "changes_old": {
                "config": {
                    "ClientID": "f1c396a3b281a87a3d7839702d4a8f5e3c85196562e02784f230da291f4d2f71",
                    "ClientSecret": "a392838b7bd6cb595e9714554b4640fa376148a7fccbf40ed92f60d313308e24",
                    "IssuerURL": "https://dev-6021221.okta.com",
                    "RedirectURL": "https://dev03josh.trust-dev03.bnntest.com/v2/callback"
                },
                "name": "OKTA",
                "protocol": "OIDC"
            },
            "token_unique_id": "",
            "token_iat": 1641917404,
            "token_auth_issuer": "LOCAL",
            "client_ip_address": "49.15.183.84, 34.98.107.12",
            "client_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
        }
    ],
    "count": 1
}