Skip to main content
Skip table of contents

IAS Audit Log

Overview

The SAP IAS Audit Log Input collects audit log data from SAP IAS tenants (usually used for securing SAP FIeldGlass, SAP SuccessFactors etc.)

Data Collected

  • Data protection and privacy related

    • audit.data-access read-access logging records for access to sensitive personal data;

    • audit.data-modification data modification logging records for sensitive personal data.

    Security related

    • audit.security-events logging of general security events like login, logout, and other;

    • audit.configuration logging of security critical configuration changes.

Status

Available

Creating the IAS Audit Log Feed

The IAS Audit Log uses the SAP BTP Audit Log service. To integrate the IAS Audit Log feed into a SAP BTP Audit Log service perform the following steps:

  • Login as an administrator to the IAS Administration Console (https://<ias-tentant>/admin)

image-20240319-010602.png
  • Under Monitoring & Reporting click Audit and Change Logs

image-20240319-010910.png

SAP Cloud Foundry Setup

  • Click the Cloud Foundry tab

  • Click Add

  • Enter the Tenant ID, Region and Subdomain of your SAP BTP Audit Log Service

image-20240319-011231.png
  • Click Add

  • The feed will now be created and will take approximately 15 minutes to start logging data

    image-20240319-011434.png

SAP Neo Setup

  • Click the Neo tab

  • Click Generate

  • Note down the Client ID and Client Secret

PowerConnect Configuration

PowerConnect Cloud requires access to the SAP AuditLog API to be able to extract SAP IAS audit log data. The most secure way to do this is add PowerConnect Cloud as an OAuth client to your SAP BTP tenancy. To do this follow the steps below for your environment:

SAP Cloud Foundry

  • Login to your BTP tenancy containing the Audit Log service where the IAS audit logs are being written

  • Click Instances and Subsciptions

  • Under Instances, find the Audit Log API instance and click on the key under Credentials

image-20240319-012749.png
  • Note down the following:

    • The platform host in the url field (in the example below its us10.hana.ondemand.com)

    • clientid

    • clientsecret

    • identityzone

  • Follow the instructions in the section below called “Adding an Audit Log Input in PowerConnect Cloud” to configure PowerConnect Cloud with these details

SAP Neo

  • Login to the SAP IAS Administration Console

  • Click Applications & ResourcesTenant Settings

image-20240319-025740.png
  • Note down the subaccount name and the region

image-20240319-030023.png

Adding an Audit Log Input in PowerConnect Cloud

  • Login to the PowerConnect Cloud web UI

  • Click on the Inputs link in the menu bar

  • Click the + button to add a new Input

  • For Cloud Foundry environments choose audit-log-cf under CF → sap-btp

image-20240319-030504.png
  • For Neo environments choose audit-log-neo under Neo → sap-btp

image-20240319-030554.png
  • Fill in the form with the details you noted down above

image-20240319-030847.png

  • Choose the Splunk output you wish to send the IAS Audit Log data to
    Note: the System ID value will be mapped to the source field in Splunk and is required

  • Click Save

  • The Input is now created

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.