Community
Select to view content in your preferred language

Activity Reports- Clarify Event Record Logs

212
1
10-20-2025 06:33 AM
Status: Open
Debert
by
Frequent Contributor

I need to accurately interpret login activity to ensure account security and identify unauthorized access. The current ambiguity around what constitutes a "Login" event creates confusion and could lead to misinterpreting normal system behavior as a security breach.

I would like to clearly understand what actions constitute a "Login" in ArcGIS Online activity reports. Ideally, I should be able to:

- Generate an activity report and immediately differentiate between user-initiated logins and automated/system-generated interactions.

- View detailed classifications or tags next to each login-related entry (e.g., "manual login," "token refresh," "background app request"). - Use filters or report settings to isolate specific types of login events.

- Reference official documentation that lists and explains all request types contributing to the "Login" activity, enabling accurate interpretation of report data and better security auditing.

This clarity would empower administrators to quickly assess account usage, detect anomalies, and respond to potential security concerns more effectively.

I've logged ENH-000176385 and hope you'll consider this enhancement.

1 Comment
Debert
by
a week ago

Unfortunately, I received an email notifying me that this enhancement will not be addressed. I am honestly a little disappointed, as neither Esri Support nor I were able to decipher the ArcGIS Online activity/event records.

The email states:

Description:
The “Login” activity in ArcGIS Online reports includes background requests and system interactions, leading to misleading or unclear login event records.

As Designed:
After review by the development team, it has been determined that this behavior is working as designed.

Known Limitation:
After review by the development team, it has been determined that this issue is related to a known limitation of the software that lies outside of Esri’s control.

Non-Reproducible:
This issue was not reproducible when tested by the development team.

Will Not Be Addressed:
The development team has considered the issue or request and concluded it will not be addressed.

For context, I was experiencing unusual login activity on my administrator account over the course of a week. At one point, the reports indicated over 300,000 login events within a 24-hour period. This was understandably alarming. When I reached out to support to understand what constitutes a “login” event, they were unable to provide a clear explanation, which ultimately led us to suggest this enhancement.

This raises a concern: if neither customers nor Esri Support can clearly interpret these event logs, what purpose do they serve? Some level of clarification seems necessary to make this information meaningful and actionable.