Find User Login Events for An Organization

4577
8
03-15-2019 03:13 PM
KellyGerrow
Esri Frequent Contributor
4 8 4,577

The History endpoint of the REST API is a great tool to dig into information about events occurring in your organization. Although you easily download a comprehensive CSV of events as an administrator in ArcGIS Online, the REST API, provides the option to customize the data returned and to ask more specific questions. For an example of how to use the history CSV, check out this blog: https://www.esri.com/arcgis-blog/products/arcgis-/administration/exploring-the-organization-activity... 

 

For this blog, I am going to explore the needed queries to export information about login events for a specific organization. To use specific parameters with this API currently, the csv format must be used due to: BUG-000120745. This is planned to be addressed in a future release, but the CSV is a great format for large amounts of information.

 

Scenario: Andy the Administrator wants to understand which of his users have logged into ArcGIS Online and from which apps in February 2019. He has a sneaking suspicion that his employee Oreo J. Sampson doesn’t know his password but is afraid to ask for it to be reset as he asks every single day. Andy is going to verify the login information of his organization to verify

Detective Steps:

  1. Formulate the query:

Url: https://sampson23.maps.arcgis.com/sharing/rest/portals/self/history?

Parameters:

all=true – returns events for all members in the organization

start=0 – starts at the first record

num=10000 – largest amount of events returned (requires csv format)

f=csv – returns result in a csv

sortOrder=asc – information output in ascending order

token = “6hVsODGfBpk5X_hGc0MOrnxmddIk4bL4hP8FyOAxM0QxL3VEw86iTdB” – admin token required

fromDate =2019-02-01 – start of date range

toDate=2019-02-28 – end of date range

actions= failedlogin – events to be returned

 

Sample Url constructed:

https://sampson23.maps.arcgis.com/sharing/rest/portals/self/history?all=true&start=0&actions=failedL...>

  1. Submit the request and view the resulting CSV (Failed Login)

Note that some fields have been changed to anonymize data for publication)

  1. After inspecting the CSV, you can notice that Oreo failed to login on February 1st and didn’t fail again.

 

  1. To find out if Oreo ever successfully logged in, just add login to the actions parameter to receive failed login and login events:

https://sampson23.maps.arcgis.com/sharing/rest/portals/self/history?all=true&start=0&actions=failedl...>

 

Reading the output of the resulting CSV, I can see that Oreo eventually logged into ArcGIS Online using ArcGIS Online and ArcGIS Desktop.

 

With these results, Andy can understand who has been logging into the organization, successfully, unsuccessfully and from which app.

A note about login actions:

A login action is recorded everytime a successful call is made to the oath2 or generate token login. If you click “Keep me signed in” on the ArcGIS login form then the token will be valid for 2 weeks; the /signin endpoint will not be called and no record will be added to the history log.

*Note. Only available with ArcGIS Online

https://community.esri.com/community/gis/web-gis/arcgisonline/blog/2019/03/16/generate-a-token?sr=se...

8 Comments
About the Author
I love interactive maps and apps on the internet! The maps and apps that customers create and share on the web, make my job awesome. I'm a Product Manager with the ArcGIS Online team in Redlands, California. I am a proud graduate from Carleton University and the COGS in Canada, with research focus' in Health Geography. Originally from Bedford, NS, Canada but have spent a lot of time in Haliburton and Ottawa, Ontario. I have a passion for the outdoors and dogs.