Record user access of a web app

670
7
08-23-2022 07:15 AM
Labels (1)
BarryYoung
New Contributor II

Hi, I've developed an app using Web AppBuilder which contains sensitive data and is only available to users within a specific group.

Is it possible to log when a user accesses the app?  The app is on our Enterprise site and users login using Windows AD (SAML).   Ideally I'd want to have a record of the user and date/time of access.

Thanks,
Barry

7 Replies
BrianLeroux
Occasional Contributor III

I would imagine this is possible at the web server level such as IIS but I have not done so. I have been relying on the ArcGIS logs to identify who utilizes specific services. ESRI has the systemLogParser tool that I leverage for that.

0 Kudos
Brian_Wilson
Occasional Contributor III

I use Matomo, which is a free analytics system. Matomo is self-hosted, so you don't have to share your data with outsiders.

I have great plans to do more with the IIS log files but it is low priority for me so it seems to never go anywhere.

Matomo works with WAB because you can insert the tracking code into the main Javascript file. I have not been able to make it work with StoryMaps because it's too locked down.

We have 1 machine per user and it tracks IP addresses so in theory I can see each person accessing it. One of the reports looks like this for example,

BrianWilson7_0-1661268661223.png

There is a "User ID" feature that I have not looked at yet. (Again not currently a priority here.) See https://matomo.org/guide/reports/user-ids/

(Incidentally we stopped using WAB and only use the developers edition now. But it's the same -- insert a block of code into the Javascript and it reports back to the Matomo server.)

Matomo does maps too!

BrianWilson7_1-1661269323031.png

I have no connection to this project other than being a fanboy apparently. Geez. I mean, it does maps!

I wish we had more traffic to track. Back in the olden days I would have loved this.

 

0 Kudos
LefterisKoumis
Occasional Contributor III

Before I get to details, do you authenticate the user before they access your app?

0 Kudos
BarryYoung
New Contributor II

Hi, all our users are set up to use SAML linked to Azure Active Directory, so yes, they are authenticated that way.  I've then set up a specific group that only has the approved members that should access the app.

0 Kudos
Brian_Wilson
Occasional Contributor III

We have both public and intranet apps, they have to sign in to access the intranet apps. The tracking we're using right now does not care if you are logged in or not. I should look at that User Id thing in Matomo, I wonder how that's implemented. We're using Active Directory for signins so whenever an employee uses an internal app for the first time an account is created for them in Portal. If the User Id feature works with the normal log in it would be great.

0 Kudos
LefterisKoumis
Occasional Contributor III

If you prompt for credentials to access the app though the portal I suggest to take look at the Smart Editor widget.js

I used its logic to something like this to capture the user's email. Since you are using and organization you should be able to figure out the identity of the user. A simple js can capture the time of the login. Hopefully this is what you are looking for.

var creatoremail = ""
                  var editoremail = ""
                 
                    var portal = new arcgisPortal.Portal('https://svgcdeaprod.ct.dot.ca.gov/deaprod_portal')
                    portal.signIn().then(function (loggedInUser) {
                      //   console.log("Signed in to the portal: " + loggedInUser)
                      //   console.log(loggedInUser.email);
                      creatoremail = loggedInUser.email

 

BarryYoung
New Contributor II

Thanks for this, definitely looks like a way forward 👍 

0 Kudos