Access Control Check the access logs for All users – HENNGE One Help Center

Target

Administrators who perform initial settings and operational management of Access Control

Purpose

Check the access logs of all users in the Access Control Administration.

Notes

The content of this article is based on the product specifications as of March 2025 and may change without notice.
Administrator privileges for Access Control are required to verify actual screens and change settings.
Please refer to the following article for how to access the Administration.
How to access the Access Control Administration

Procedure

1. Access the [Log Management] - [Access Logs] from the left menu of the Access Control Administration.

2. Specify the date and search. Specify other conditions as needed and search.

The conditions that can be specified are as follows:

Username: You can specify the username of Access Control.
IP: You can specify the IP address of the access source.
Connection: You can select whether access was allowed, denied, or both.
Details: You can select the reason for access denial from the dropdown.
Type: You can specify the environment of the access source as Secure Browser, Mobile Browser, PC Browser, or a combination.
SSO Target: This will be the Entity ID or service provider name of the service provider attempted to access.

3. Download the access logs in CSV format as needed.

Items (Administration)

The items that can be checked in the access logs are as follows:

Name	Description	Remarks
Username	Access Control Username	-
Date	Date of access	-
IP Address	IP address of the access source	-
Type	Environment of the access source (PC browser, mobile browser, Secure Browser)	-
Result	Result of the verification	The reasons for each result are as follows: Login authorised : When login is successful Incorrect password : When an incorrect password is entered OTP verification failed : When an incorrect one-time password is entered Denied by HENNGE Lock : When an authentication request is denied by the HENNGE Lock app Locked Out : When the Access Control account is locked out Disabled user : When the Access Control account is disabled Denied by Access Policy : When access is from outside the range of the access policy applied to the user ※Except when a certificate is required but not selected Missing Certificate : When a certificate is required but not selected Access Policy Misconfiguration : When a variable used in the access policy template is referenced in a loop Service Not Allowed : When accessing a service not allowed by the access policy group UPN Not Set : When attempting to log in to Microsoft services without a UPN value set
SSO TARGET	The name set in [Edit Connected Service] for the connected service attempted to access	Microsoft 365 is displayed as Office 365, Google Workspace is displayed as Gmail.

Items (CSV)

The items displayed in the downloaded CSV are as follows:

Name	Description	Description
Timestamp	Date and time of access	-
Username	Username of the target user	-
Login successful	Success or failure of the login	One of the following will be displayed. TRUE: Displayed when verification is successful. FALSE: Displayed when verification failed.
IP address	IP address of the access source	-
Device Type	Environment of the access source (PC browser, mobile browser, HENNGE Secure Browser)	-
Detail	Cause of verification failure	Displayed as blank if verification is successful. Please check Reason for the failure reason.
Reason	Reason for verification failure	Displayed as blank if verification is successful. invalid-password: When an incorrect password is entered invalid-otp: When an incorrect one-time password is entered rejected-otp: When an authentication request is rejected in the HENNGE Lock app account-suspended: When the Access Control account is in a locked-out state account-disabled: When the Access Control account is disabled access-policy: When accessing from outside the range of the access policy applied to the user ※ Except when a certificate is required but not selected access-policy-cert: When a certificate is required but not selected service-not-allowed: When accessing a service not allowed by the Access Policy Groups
Entrance Pass ID	State of browser's entrance pass retention	TRUE: Displayed when the entrance pass is retained in the browser. FALSE: Displayed when the entrance pass is not retained in the browser.
Common Name	ID of the HENNGE Device Certificate	-
Login Type	Login Type	One of the following will be displayed. web: Displayed when authentication is performed on an Access Control login screen that does not fall under the following. saml: Displayed when SAML authentication is performed on a connected service. ws-fed: Displayed when federation authentication is performed.
SSO Target	Name set in [Edit Connected Service] of the connected service attempted to access	-