Target
- Access Control administrators
Purpose
- This document explains how to individually check user access logs in the modern view of the Access Control Administration.
Notes
- The content of this article is based on the product specifications as of December 2025 and may change without notice.
- Administrator privileges for Access Control are required to verify the actual screen and change settings.
Procedure
Access the Access Control Administration.
For instructions on how to access the Administration, please refer to the article below.
How to Access the Access Control Administration-
In the Access Control Administration, go to the left menu [Users] - [User List].
-
Click [Logs] for the target user.
-
Select the date and conditions, then search.
The conditions that can be specified are as follows.
Value Description Notes IP IP address of the access source Connection Allow or deny access If denied, details of the denial target can be specified Type Environment of the access source (PC browser, mobile browser, Secure Browser) Single or all selection possible SSO Target Name set in [Edit Connected Service] for the connected service attempted to access Specify by exact match
※ Microsoft 365 display varies by authentication method.
Microsoft Online Service: Federate authentication method
Microsoft.Exchange.SMTP: SMTP basic authentication
Windows-AzureAD-Authentication-Provider/1.0: Authentication when signing in to Windows on a device joined to Entra -
Download the access logs in CSV format as needed.
Items (Administration)
The items that can be checked in the access logs are as follows.
Value |
Description |
Date (America/New_York) |
Displays the date of access |
IP Address |
Displays the IP address of the access source |
Type |
Displays the environment of the access source (PC browser, mobile browser, Secure Browser) |
Authentication Result |
Displays the result of the authentication |
Items (CSV)
The main items displayed in the downloaded CSV are as follows.
Value |
Content | Description |
Timestamp |
Date and time of access | |
Username |
Target user's username | |
Login successful |
One of the descriptions | TRUE: Displayed when verification is successful FALSE: Displayed when verification fails |
IP address |
Source IP address | |
Device Type |
Source environment (PC browser, mobile browser, Secure Browser) | |
Detail |
Cause of verification failure | |
Reason |
Reason for verification failure | |
Entrance Pass ID |
Entrance Pass (cookie) ID | |
Common Name |
||
Login Type |
Login method | web: Displayed when verified on an Access Control login screen that does not fall under the following saml: Displayed when SAML verification is performed on a connected service ws-fed: Displayed when federate verification is performed ws-trust: Displayed when basic verification of Microsoft 365 is performed |
SSO Target |
Name set in [Edit Connected Service] for the connected service attempted to access | ※ Microsoft 365 display varies depending on the verification method. Microsoft Online Service: Federate verification method Microsoft.Exchange.SMTP: SMTP basic verification Windows-AzureAD-Authentication-Provider/1.0: Verification during Windows sign-in by a device joined to Entra |
Service Name |
Name of the connected service | |
Access Policy Group ID |
ID of the access policy group used | |
Using Secure Browser |
Use of Secure Browser | |
Microsoft Client App |
Microsoft client app accessed | |
Custom User Attributes |
Custom user attribute information | |
User-Agent |
User agent information | |
Expression Type |
||
Expression |