In my last post, I discussed how the Celestix A Series solution can be used to quickly implement a federation infrastructure based on Microsoft’s Active Directory Federation Services 3.0 (ADFS) for Office 365 federated authentication support. However, implementing and providing federated claims is only the first part of the solution. In this post, we will discuss the second part of the solution – reporting and auditing with the Celestix Federated solution.
Challenges with AD FS Reporting
With a standard, out-of-the-box Microsoft® AD FS implementation, monitoring and reporting usually requires an external solution or home-grown scripts to monitor for health and availability . For user auditing and reporting, an external service such as a security information and event management system is required to gather and report on user activities. With the AD FS service, all authentication attempts are recorded in the security event log, as long as you have enabled success and failure audit tracking.
These challenges with reporting and auditing may put your federation services infrastructure in a state where issues will not be uncovered until users call the help desk.
A Series Reporting
Celestix Federated A Series solution provides reporting for 2 key areas: overall key service state and user activity and auditing.
Overall Key Service State
When an administrator logs into the Celestix appliance via their browser, reporting is accessible under the ADFS tab –> ADFS and Office365 Dashboard link. Selecting this link shows the current health state, DirSync Synchronization status, and user authentication overview.
As shown above, the overall service state is represented as up/down status. In the Office 365 Synchronization Status, we display the last synchronization time, which can point you in the right direction if user information is not being updated for your subscription.
One of the key missing reporting component on a standard AD FS implementation is the ability to view and report on user activity trends. The Celestix Federated solution can show you where users may be having issues with authenticating, and shows overall trends on user activity, scalable from 1 week to 1 year. Clicking on the bar chart will allow you to drill down and expose the user activity for any selected day.
User Activity and Auditing Reports
As discussed previously, all AD FS related security event information is recorded in the security event log. This can make it challenging to retrieve and view user information, as you would need to do it through scripts or perhaps a SEIM solution, or if you like pain, a manual review of the event log.
Our reporting capabilities allow you to quickly retrieve audit events for AD FS only, allow you to scale to particular dates or ranges, and to do quick searching and filtering. Additionally, our reporting allows you to export the auditing data in a variety of formats for more extensive analysis.
As you can see, the Celestix Federated A Series Solution provides excellent reporting capabilities for both maintenance and operations, and also satisfies audit requirements. Using the Celestix A Series instead of a traditional Windows Server AD FS setup, provides the same excellent support for standards, and at the same time eases the management burden and reduces the time and technical expertise required for maintenance.
Celestix Federated A Series Appliance
Purpose-built appliance – Does not require the level of expertise that do-it-yourself solutions require, they reduce the time to deploy them while reducing total cost of ownership. Click here to Request for A Demo.