AD FS Reporting and Auditing Simplified with Celestix Federated Solution

Celestix Federated Solution Reporting Overview

In my last post, I discussed how the Celestix A Series solution can be used to quickly implement a federation infrastructure based on Microsoft’s Active Directory Federation Services 3.0 (ADFS) for Office 365 federated authentication support.  However, implementing and providing federated claims is only the first part of the solution.  In this post, we will discuss the second part of the solution – reporting and auditing with the Celestix Federated solution.

Challenges with AD FS Reporting

With a standard, out-of-the-box Microsoft® AD FS implementation, monitoring and reporting usually requires an external solution or home-grown scripts to monitor for health and availability .  For user auditing and reporting, an external service such as a security information and event management system is required to gather and report on user activities.  With the AD FS service, all authentication attempts are recorded in the security event log, as long as you have enabled success and failure audit tracking.

These challenges with reporting and auditing may put your federation services infrastructure in a state where issues will not be uncovered until users call the help desk.

A Series Reporting

Celestix Federated A Series solution provides reporting for 2 key areas:  overall key service state and user activity and auditing.

Overall Key Service State

When an administrator logs into the Celestix appliance via their browser, reporting is accessible under the ADFS tab –> ADFS and Office365 Dashboard link.  Selecting this link shows the current health state, DirSync Synchronization status, and user authentication overview.

ADFS_Dashboard_Blog

As shown above, the overall service state is represented as up/down status.  In the Office 365 Synchronization Status, we display the last synchronization time, which can point you in the right direction if user information is not being updated for your subscription.

One of the key missing reporting component on a standard AD FS implementation is the ability to view and report on user activity trends.  The Celestix Federated solution can show you where users may be having issues with authenticating, and shows overall trends on user activity, scalable from 1 week to 1 year.  Clicking on the bar chart will allow you to drill down and expose the user activity for any selected day.

User Activity and Auditing Reports

As discussed previously, all AD FS related security event information is recorded in the security event log.  This can make it challenging to retrieve and view user information, as you would need to do it through scripts or perhaps a SEIM solution, or if you like pain, a manual review of the event log.

Our reporting capabilities allow you to quickly retrieve audit events for AD FS only, allow you to scale to particular dates or ranges, and to do quick searching and filtering.  Additionally, our reporting allows you to export the auditing data in a variety of formats for more extensive analysis.

ADFS_Reporting_Blog

Summary

As you can see, the Celestix Federated A Series Solution provides excellent reporting capabilities for both maintenance and operations, and also satisfies audit requirements.  Using the Celestix A Series instead of a traditional Windows Server AD FS setup, provides the same excellent support for standards, and at the same time eases the management burden and reduces the time and technical expertise required for maintenance.

For more information about the Celestix Fedrated platform, visit https://celestix.com/products/adfs/ or call us at +1 (510) 668 0700 or email us at [email protected].

Celestix Federated A Series Appliance

Purpose-built appliance – Does not require the level of expertise that do-it-yourself solutions require, they reduce the time to deploy them while reducing total cost of ownership. Click here to Request for A Demo.

more blogs