Can I Log All SAML Authentications Across My Organization?

Compliance is a continuous process on almost every IT administrator’s to-do list. When preparing for compliance, admins need to ensure that they can track events across their entire organization. Specifically, some ask, can I log all SAML authentications across my organization?

Logging Authentications for Compliance

Event logging is a key requirement across many different compliance regulations. By logging authentications and changes made to identities, admins and security engineers can track who accesses the various resources at play in the organization. 

With this information, it’s possible to identify abnormalities, which are then used to discover vulnerabilities and prevent breaches before they happen. Event logging also shows auditors that an organization has the proper processes/procedures in place, with the capability to trace issues through said events as well.

With regard to compliance, specific regulations call for event logging at specific endpoints in an organization. For example, PCI DSS compliance is mainly focused on cardholder data environments (CDE); HIPAA concerns itself with electronic personal health information (ePHI); and GDPR pertains to all stored data for EU-based customers.

Logging SAML Authentications

Depending on the organization, many sensitive access points that require event logging for compliance can be found in Software-as-a-Service (SaaS) applications. Because SaaS apps have become a ubiquitous part of today’s IT landscape, it makes sense that admins would need an event logging tool for SaaS applications to ensure compliance.

Many SAML single sign-on (SSO) providers include event logging in their primary offerings. Often, however, organizations need more than just the base level of these products to suit their needs. In order to add features like multi-factor authentication (MFA) to their organization through an SSO tool, admins need to fork over a larger sum to vendors. 

Although usually not a problem for most organizations, it’s predicted that admins face dramatic decreases in budgets this year, so they could benefit from more economical SSO solutions. As such, IT admins should seek out a way to consolidate their IT tooling stack — event logging included — to conserve budget while keeping core functionality. One way to do so is through an all-in-one, cloud directory service.

Consolidating Logging Needs with a Cloud Directory Service

IT admins can use a cloud directory service, like JumpCloud^® Directory-as-a-Service^®, to provide SAML SSO to their end users, enabling seamless authentication to hundreds of web applications, including Just-in-Time (JIT) and SCIM provisioning capabilities for a growing list of popular apps. Beyond that, the cloud directory service also covers an organization’s other identity access control and device management needs, all from a single cloud console.

Using the premium Directory Insights™ feature, admins can log and track authentication and events across SAML, LDAP, and RADIUS endpoints as well as Windows^®, Mac^®, and Linux^® systems. It also provides data regarding access to the JumpCloud Admin and User Portals, plus any changes made to identities within the platform. The data obtained from Directory Insights can be viewed (and subsequently acted upon) through the Admin Portal or PowerShell Module, exported via JSON or .CSV, and ported into a SIEM tool via JumpCloud API.

Don’t Just Take Our Word For It

Learn more about logging SAML and other authentications with a cloud directory service by reading Chase International Case Study: Access Control, Device Management, & Monitoring and seeing how Chase International was able to quickly build their directory service, start managing remote users/machines, and then monitor it all — all from the cloud.