Export (0) Print
Expand All

How to Audit SSO

You can use the MMC Snap-In or the command line to set both the positive and negative auditing levels. Results of the auditing are stored in both the event logs and the audit logs of the database.

SSO administrators can set the positive and negative audit levels that suit their corporate policies. You can set positive and negative audits to one of the following levels:

0 = None

1 = Low

2 = Medium

3 = High. This level issues as many audit messages as possible.

The default value for positive auditing is 0 (none), and the default value for negative auditing is 1(low).

To change the database level auditing, you must update the SSO database using an XML file. A sample XML file for updating the SSO database is:

<sso>
<globalnfo>
<auditDeletedApps>1000</auditDeletedApps>
<auditDeletedMappings>1000</auditDeletedMappings>
<auditCredentialLookups>1000</auditCredentialLookups>
</globalInfo>
</sso>

To audit Single Sign-On using the MMC Snap-In

  1. On the Start menu, click Programs, click Microsoft Enterprise Single Sign-On, and then click SSO Administration.

  2. In the scope pane of the ENTSSO MMC Snap-In, expand the Enterprise Single Sign-On node.

  3. Right-click System, and then click Properties.

  4. On the SSO System Properties dialog box, click the Audits tab.

  5. Enter the appropriate settings, and click OK.

To audit Single Sign-On using the command line

  1. On the Start menu, click run, and then type cmd.

  2. At the command line prompt, go to the Enterprise Single Sign-On installation directory. The default installation directory is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  3. Type ssoconfig –auditlevel < positive level><negative level>, where <positive level> is the level of auditing when actions succeed, and <negative level> is the level of auditing when actions fail.

    noteNote
    On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

To audit the SSO database

  1. Click Start, click run, and then type cmd.

  2. At the command line prompt, go to the Enterprise Single Sign-On installation directory. The default installation directory is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  3. Type ssomanage –updatedb <update file>, where <update file>is the path and name of the file.

    noteNote
    On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

See Also

  © 2009 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft