KGerrow-esristaff

Find User Login Events for An Organization

Blog Post created by KGerrow-esristaff Employee on Mar 15, 2019

The History endpoint of the REST API is a great tool to dig into information about events occurring in your organization. Although you easily download a comprehensive CSV of events as an administrator in ArcGIS Online, the REST API, provides the option to customize the data returned and to ask more specific questions. For an example of how to use the history CSV, check out this blog: https://www.esri.com/arcgis-blog/products/arcgis-/administration/exploring-the-organization-activity-log-csv 

 

For this blog, I am going to explore the needed queries to export information about login events for a specific organization. To use specific parameters with this API currently, the csv format must be used due to: BUG-000120745. This is planned to be addressed in a future release, but the CSV is a great format for large amounts of information.

 

Scenario: Andy the Administrator wants to understand which of his users have logged into ArcGIS Online and from which apps in February 2019. He has a sneaking suspicion that his employee Oreo J. Sampson doesn’t know his password but is afraid to ask for it to be reset as he asks every single day. Andy is going to verify the login information of his organization to verify

 

Detective Steps:

  1. Formulate the query:

Url: https://sampson23.maps.arcgis.com/sharing/rest/portals/self/history?

Parameters:

all=true – returns events for all members in the organization

start=0 – starts at the first record

num=10000 – largest amount of events returned (requires csv format)

f=csv – returns result in a csv

sortOrder=asc – information output in ascending order

token = “6hVsODGfBpk5X_hGc0MOrnxmddIk4bL4hP8FyOAxM0QxL3VEw86iTdB” – admin token required

fromDate =2019-02-01 – start of date range

toDate=2019-02-28 – end of date range

actions= failedlogin – events to be returned

 

Sample Url constructed:

https://sampson23.maps.arcgis.com/sharing/rest/portals/self/history?all=true&start=0&actions=failedLogin&sortOrder=asc&toDate=2019-02-28&fromDate=2019-02-01&num=10000&f=csv&token=<token>

  1. Submit the request and view the resulting CSV (Failed Login)

Note that some fields have been changed to anonymize data for publication)

 

 

  1. After inspecting the CSV, you can notice that Oreo failed to login on February 1st and didn’t fail again.

 

  1. To find out if Oreo ever successfully logged in, just add login to the actions parameter to receive failed login and login events:

https://sampson23.maps.arcgis.com/sharing/rest/portals/self/history?all=true&start=0&actions=failedlogin,login&sortOrder=asc&toDate=2019-02-28&fromDate=2019-02-01&num=10000&f=csv&token=<token>

 

Reading the output of the resulting CSV, I can see that Oreo eventually logged into ArcGIS Online using ArcGIS Online and ArcGIS Desktop.

 

With these results, Andy can understand who has been logging into the organization, successfully, unsuccessfully and from which app.

 

A note about login actions:

A login action is recorded everytime a successful call is made to the oath2 or generate token login. If you click “Keep me signed in” on the ArcGIS login form then the token will be valid for 2 weeks; the /signin endpoint will not be called and no record will be added to the history log.

 

*Note. Only available with ArcGIS Online

 

Generate a Token

Outcomes