Admin events

The Admin Events section in ZTrust provides a detailed record of all administrative actions performed by users with elevated privileges. It allows administrators to audit changes, track activities, and ensure security compliance across the system.

Overview

Within the Admin Events section, you can view:

• Who performed an administrative action

• When the action occurred

• What resource was affected

• Which client or realm it was executed on

• Where the request originated from (IP address)

This feature is essential for auditing, compliance monitoring, and troubleshooting administrative changes.

Admin Events Table Fields:

Field	Description
Time	Displays the date and time when the admin performed the event.
Resource Path	Shows the API path or resource endpoint on which the event was executed.
Resource Type	Indicates the type of resource impacted by the admin event (e.g., users, groups, roles).
Operation Type	Describes the type of action performed by the admin. Four types are supported: - Create → When a new resource is added - Update → When an existing resource is modified - Delete → When a resource is removed - Action → When a specific action is triggered (e.g., force logout, reset password).
User	Displays the User ID of the administrator who performed the event.

Clicking on the three dots (...) for a specific admin event opens a detailed view with the following information:

Auth - Authentication Details.

Provides authentication context for the selected admin event:

Field	Description
Realm	The Realm ID where the event occurred.
Client	The Client ID from which the action was initiated.
User	The Admin User ID of the person who performed the event.
IP Address	The IP address of the device used to perform the action.

Representation - Event Data

Clicking on Representation opens a prompt showing complete details of the selected admin event, including the before and after state of the resource. This helps administrators verify modifications and track changes effectively.

Filtering and Searching Admin Events

ZTrust provides multiple filtering options to locate specific admin events efficiently.

Filter	Usage
Resource Type	Choose a resource type from the dropdown to view all admin events related to that resource.
Operation Type	Select a specific operation type (Create, Update, Delete, or Action) to view only those events.
Resource Path	Enter the resource path and click Update to display events affecting that path.
Realm	Filter events by specifying the Realm name or ID and clicking Update.
Client	Enter the Client ID to display events associated with a specific client.
User	Filter by Admin User ID to view events performed by a particular administrator.
IP Address	Enter an IP address to find all admin events originating from that location.
Date Range	Specify a From Date and To Date, then click Update to view events within that period.
Search Events	After applying filters, click Search Admin Events to fetch results.
Reset Filters	Click Reset to clear all applied filters.
Refresh Data	Click the Refresh button to view the latest admin events.
Pagination Control	Choose how many events to display per page using the dropdown menu.

Resource Types

Choose a specific Resource Type from the dropdown, you will be displayed with all the Admin Events associated with that particular Resource Type.

Operation Types

By selecting a specific Operation Type from the dropdown menu, the Admin Events corresponding to that particular type will be displayed.

Resource Path

Mention the specific Resource Path and click on Update, then all the Admin Events related to that particular path will be displayed.

Realm

After specifying the Realm details and clicking on Update, the Admin Events with the same Realm details will be shown.

Client

Enter the Client details and click Update to display the Admin Events corresponding to the provided Client details.

User

Enter the User details and click Update to show the Admin Events associated with that specific User.

IP Address

Input the IP Address and click Update to view all the Admin Events associated with that specific IP Address.

Date (From) and Date(To)

Specify the Date (From) and Date (To), and the Admin Events occurring within that particular time frame will be displayed.

Once you've specified the desired filter type or criteria, click on Search admin events to retrieve the particular admin events that meet that criteria. Alternatively, click on Reset to clear the filters.

Click the Refresh button to see the latest settings.

You can also choose how many events you want to display on one screen. Select your preferred option from the dropdown menu as shown above.