1. Sign on to PingOne and select your environment.

    Screen capture of the PingOne Your Environments page showing a list of available environments.
  2. In the left navigation pane, click Audit.

    Screen capture of the PingOne Overview page in the Dashboard navigation pane with the Audit section circled in white.
  3. In the Audit Parameters section, adjust the audit parameters fields as needed.

    Screen capture of the Audit Parameters section in PingOne, with the Time Range, Within, Filter Type, Selected Fields, Time Zone, and Secondary Filter Type fields.
  4. To update the report, click Run.

    The audit report is created.


    Screen capture of a sample audit report showing the Timestamp, Event Type, Description, Client, Population, and Details columns in the audit report from PingOne.
    Note:

    If no fields are selected, the audit report only contains an empty Details column.

The Details column contains a View link showing the JSON representation of the audit entry, as shown in the following example.

Note:

All unique identifiers in this example are intentionally blocked.

{
 "_links": {
   "self": {
     "href": "https://api.pingone.com/v1/environments/429f5783-0f16-432f-b726-88223c380ab0/activities/979c1096-a693-4920-a2c6-62e34ff74dfe"
   }
 },
 "id": "9*******-a***-4***-a***-6**********",
 "recordedAt": "2021-04-06T16:27:34.783Z",
 "createdAt": "2021-04-06T16:27:34.803Z",
 "correlationId": "f******-2***-4***-9***-6***********",
 "actors": {
   "client": {
     "id": "b*******-4***-4***-9***-0************",
     "name": "PingOne Admin Console",
     "environment": {
       "id": "4*******-0***-4***-b***-8***********"
     },
     "href": "https://api.pingone.com/v1/environments/4*******-4*******-0***-4***-b***-8***********/applications/b*******-4***-4***-9***-0***********",
     "type": "CLIENT"
   },
   "user": {
     "id": "7*******-5***-4***-9***-d***********",
     "name": "m******p********@pingidentity.com",
     "environment": {
       "id": "4*******-0***-4***-b***-8***********"
     },
     "population": {
       "id": "4*******-0***-4***-b***-8***********"
     },
     "href": "https://api.pingone.com/v1/environments/4*******-0***-4***-b***-8***********/users/7*******-5***-4***-9***-d***********",
     "type": "USER"
   }
 },
 "action": {
   "type": "USER.ACCESS_ALLOWED",
   "description": "User Access Allowed"
 },
 "resources": [
   {
     "type": "USER",
     "id": "7*******-5***-4***-9***-d***********",
     "name": "matthewpollicove@pingidentity.com",
     "environment": {
       "id": "4*******-0***-4***-b***-8***********"
     },
     "population": {
       "id": "4*******-0***-4***-b***-8***********"
     },
     "href": "https://api.pingone.com/v1/environments/4*******-0***-4***-b***-8***********/users/7*******-5***-4***-9***-d***********"
   }
 ],
 "result": {
   "status": "SUCCESS",

   "description": "Passed role access control"
 }
}

If you need to connect the audit data to an external application, such as Splunk, see Monitoring activity with Splunk .