User Access Audit

Learn how to use the comprehensive user access audit features in the Shifts platform to monitor user activity, track security events, ensure compliance, and maintain a secure work environment.

Overview

The User Access Audit features in Shifts provide administrators with powerful tools to monitor user activity, track security events, and ensure compliance with your organization’s security policies. This article explains how to access and use these features to maintain a secure and accountable work environment.

Accessing Audit Features

User access audit features can be accessed through several areas of the administrator dashboard:

1. Security Dashboard: Navigate to Admin > Security > Audit Dashboard
2. User Activity Logs: Go to Admin > User Management > Activity Logs
3. Security Analytics: Access via Admin > Reports > Security Analytics
4. User Access Reports: Available under Admin > User Management > Access Reports

User Activity Tracking

The activity tracking system records a comprehensive set of user actions:

Types of Tracked Activities

• Authentication Events: Logins, logouts, and failed login attempts
• Account Changes: Password updates, profile edits, and security setting changes
• System Interactions: Page views and feature usage
• Data Modifications: Created, updated, or deleted records
• Permission Changes: Role assignments and permission updates

Activity Log Details

Each activity record includes:

• User identification
• Date and time
• IP address
• Browser/device information
• Action performed
• Affected business context
• Location context (if applicable)

Viewing Activity Logs

1. Navigate to Admin > User Management > Activity Logs
2. Use the filters to narrow results by:
   • Date range
   • User
   • Activity type
   • Location
   • IP address
3. Click on any record to view complete details
4. Export logs to CSV for further analysis or record-keeping

Security Monitoring

The security monitoring features help you identify potential security issues:

Authentication Monitoring

• Failed Login Tracking: Monitor failed login attempts by user and IP
• Unusual Access Detection: Identify logins from new locations or devices
• Two-Factor Authentication: Track 2FA setup, usage, and verification events

Security Analytics Dashboard

The Security Analytics dashboard provides visual insights into:

• Authentication trends over time
• Two-factor authentication adoption rates
• Geographic distribution of login attempts
• Device type usage patterns
• Password reset frequency
• Failed login attempt patterns

Access Control Audit

Ensure proper access controls are maintained through:

User Access Reports

Generate comprehensive reports of:

• Users and their assigned roles
• Permission levels by user
• Location access rights
• Recent permission changes
• Inactive accounts

IP Range Management

1. Navigate to Admin > Security > IP Restrictions
2. Review currently allowed IP ranges
3. Monitor IP restriction violations
4. Add or modify allowed IP ranges as needed

Session Management

Track and manage user sessions:

• View currently active sessions
• Force logout for specific users or devices
• Set session timeout policies
• Monitor unusual session patterns

Security Compliance Tools

Ensure compliance with security policies through:

Two-Factor Authentication Compliance

1. Navigate to Admin > Security > Two-Factor Authentication
2. View 2FA compliance reports by role type
3. Identify users without required 2FA enabled
4. Send reminders or enforce 2FA requirements

Security Policy Enforcement

Monitor compliance with security policies:

• Password complexity requirements
• Account lockout thresholds
• Two-factor authentication requirements
• IP validation enforcement
• Device verification status

Configuring Audit Settings

Customize audit settings to meet your organization’s needs:

Activity Logging Configuration

1. Navigate to Admin > Security Settings > Audit Configuration
2. Select which activities to track in detail
3. Configure retention periods for audit logs
4. Set up alert thresholds for suspicious activities

Setting Up Security Alerts

Create custom security alerts for:

• Multiple failed login attempts
• Access from new locations
• Password changes
• Role or permission changes
• Suspicious activity patterns

Export and Reporting

Generate documentation for compliance and analysis:

Available Export Options

• Activity logs (CSV or PDF)
• User access reports
• Security analytics summaries
• Two-factor authentication compliance reports
• IP restriction violation reports

Scheduling Regular Reports

Set up automated reports:

1. Navigate to Admin > Reports > Scheduled Reports
2. Select report type and format
3. Set frequency (daily, weekly, monthly)
4. Add recipients who should receive the reports
5. Configure delivery options

Best Practices

For optimal security audit management:

1. Regular Review: Schedule weekly or monthly reviews of activity logs
2. Establish Baselines: Understand normal patterns to identify anomalies
3. Investigate Promptly: Address suspicious activities immediately
4. Document Changes: Maintain records of security policy changes
5. Test Alerts: Periodically verify that security alerts function properly
6. Retain Records: Archive audit logs according to your retention policy
7. Cross-Reference: Compare activity logs with schedule changes or system events

Related Resources

• User Roles
• Work Rules
• Business Security Settings
• Two-Factor Authentication

This article should be updated when:

1. New audit trail events are added
2. The security analytics dashboard is modified
3. New export formats are supported
4. Additional monitoring features are added
5. Changes to alert configuration options
6. Updates to the activity logging system