Can we generate Last login report of users in PAM?
search cancel

Can we generate Last login report of users in PAM?

book

Article ID: 268553

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Can we generate a report of last login for all the users on-boarded on PAM?

Environment

Release : 4.1.x

Resolution

The best we can achieve the objective with PAM currently is via 'GET /api.php/v1/users.json' REST API call.
You can specify the following field to retrieve with the API call

   lastSuccessfulLoginTime

Below we have tested using Settings > API Doc in PAM Client

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=qwp0aJCzKZlv2ctsoHZ4Lg==

When we clicked [Try it out!] we got the following result in JSON format. The lastSuccessfullLoginTime's value is in epoch time.

We can convert epoch time to human readable time using epoch converted, e.g.
   https://www.epochconverter.com/

To do this we need to enable external REST API and create API Key for the user to use it.

The other option is to extract login data from Session logs. When a user logins to PAM a login record will be generated in Session logs. However, we need to process the login data and extract the last login time from them.

Additional Information

Please refer
    Deploy the External REST API (Administrators)

Powered by Wolken Software