Skip to main content
Skip table of contents

IAS Audit Log


The SAP IAS Audit Log Input collects audit log data from SAP IAS tenants (usually used for securing SAP FIeldGlass, SAP SuccessFactors etc.)

Data Collected

  • Data protection and privacy related

    • read-access logging records for access to sensitive personal data;

    • data modification logging records for sensitive personal data.

    Security related

    • logging of general security events like login, logout, and other;

    • audit.configuration logging of security critical configuration changes.



Creating the IAS Audit Log Feed

The IAS Audit Log uses the SAP BTP Audit Log service. To integrate the IAS Audit Log feed into a SAP BTP Audit Log service perform the following steps:

  • Login as an administrator to the IAS Administration Console (https://<ias-tentant>/admin)

  • Under Monitoring & Reporting click Audit and Change Logs


SAP Cloud Foundry Setup

  • Click the Cloud Foundry tab

  • Click Add

  • Enter the Tenant ID, Region and Subdomain of your SAP BTP Audit Log Service

  • Click Add

  • The feed will now be created and will take approximately 15 minutes to start logging data


SAP Neo Setup

  • Click the Neo tab

  • Click Generate

  • Note down the Client ID and Client Secret

PowerConnect Configuration

PowerConnect Cloud requires access to the SAP AuditLog API to be able to extract SAP IAS audit log data. The most secure way to do this is add PowerConnect Cloud as an OAuth client to your SAP BTP tenancy. To do this follow the steps below for your environment:

SAP Cloud Foundry

  • Login to your BTP tenancy containing the Audit Log service where the IAS audit logs are being written

  • Click Instances and Subsciptions

  • Under Instances, find the Audit Log API instance and click on the key under Credentials

  • Note down the following:

    • The platform host in the url field (in the example below its

    • clientid

    • clientsecret

    • identityzone

  • Follow the instructions in the section below called “Adding an Audit Log Input in PowerConnect Cloud” to configure PowerConnect Cloud with these details


  • Login to the SAP IAS Administration Console

  • Click Applications & ResourcesTenant Settings

  • Note down the subaccount name and the region


Adding an Audit Log Input in PowerConnect Cloud

  • Login to the PowerConnect Cloud web UI

  • Click on the Inputs link in the menu bar

  • Click the + button to add a new Input

  • For Cloud Foundry environments choose audit-log-cf under IAS → sap-ias


  • For Neo environments choose audit-log-neo under IAS → sap-ias

  • Fill in the form with the details you noted down above


  • Choose the Splunk output you wish to send the IAS Audit Log data to
    Note: the System ID value will be mapped to the source field in the target platform (Splunk, Dynatrace etc.) and is required

  • Click Save

  • The Input is now created

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.