6.5.1 Enabling Auditing on All Endpoint Systems

You must enable each endpoint system to audit all user authentication events. This process defines which events are sent to Sentinel to track. The endpoint systems are the systems that are part of the Identity Manager solution. For example, eDirectory or Active Directory are endpoint systems.

Configuration steps are different for each endpoint system. For example, in eDirectory you set the events to track on the properties of each object. You need to track events that are related to user authentication, such as, when a login or logout occurs. Figure 4-1 is an example of enabling events on the server object.

Figure 6-1 Enabling Audit Events on eDirectory

6.5.2 Configuring the Account Usage Report

The Account Usage Report summarizes account usage for each user in the selected department for the last 120 days. Accounts that have not been used for over 90 days are considered to be inactive. There is a test report named Account Usage Test that provides a 4-day time-out for account activity, in order to test this use case.