Docs: Activity Log

Mon, 01 Jan 0001 00:00:00 +0000

The Activity Log is a powerful security and auditing tool that provides a detailed, chronological record of actions performed on key business objects within the system. It is designed to give you a clear understanding of data workflows, enhance security by tracking user activity, and simplify troubleshooting.

By tracking who did what and when, you can maintain a complete and immutable audit trail for compliance, operational management, and internal controls.

Key Use Cases and Benefits

The Activity Log is more than just a record of events; it’s a critical tool for maintaining data integrity and security. Here are some practical ways you can use it:

Accelerate Troubleshooting: When a customer reports an unexpected change to their subscription or an invoice appears incorrect, the Activity Log is your first place to look. You can filter the log by the specific Customer or Subscription ID to see a full history of changes, pinpointing exactly who made the change, what was altered, and when.
Strengthen Security and Compliance: For financial audits (like SOX compliance), you must demonstrate control over who can modify sensitive information. The Activity Log provides an immutable record of all changes to critical objects like Products, Plans, and Invoices. You can easily export this data to prove that your internal controls are working effectively.
Monitor User Activity: Keep an eye on actions performed by specific users, especially those with high-level permissions. This helps ensure that all actions are authorized and aligns with company policies.

Scope of the Activity Log

The Activity Log is designed to be comprehensive, but it’s important to understand what is and isn’t tracked.

What is Logged?

The log captures significant business events, primarily focusing on Create, Read, Update, and Delete (CRUD) actions for key business objects that you configure. This includes:

Changes made by users through the GUI.
Changes made via API calls.
Significant system events (e.g., plan transitions).

What is Not Logged?

The Activity Log does not track:

Every single API call, especially those that only read data without making changes (unless Read is explicitly configured for tracking).
Internal system processes that do not directly relate to a change in a business object.

Configuring the Activity Log

You have full control over which actions are tracked for specific business objects. This allows you to focus on logging the most critical data for your business needs. The configuration is managed in the Business Configuration section.

How to Add a New Log Configuration

Navigate to Business Configuration > Activity log from the main menu.
Click the + Activity log button in the top-right corner.
In the Add activity log dialog:
- Type: Select the category of the object. In most cases, this will be Entity.
- Target: Choose the specific business object to monitor (e.g., Customer, Subscription, Plan).
- Actions: Select the actions you want to log (Create, Read, Update, Delete).
Click Submit to save the configuration. The system will immediately begin logging the actions you specified.

Best Practices for Configuration

Be Specific: Avoid logging everything. Focus on the objects and actions that are most critical for your security, compliance, and operational needs. Logging Update and Delete actions on financial objects is a great starting point.
Avoid Excessive Read Logging: Tracking Read actions can generate a very high volume of data and may slow down system performance. Only enable this if you have a specific security requirement to monitor who is viewing sensitive data.
Regularly Review: Periodically review your log configurations to ensure they are still aligned with your business needs.

Viewing and Investigating Logs

Once configured, the system generates log entries that you can view, filter, and export.

How to View and Filter Logs

Navigate to the log viewer screen (e.g., Users > Activity Logs).
You will see a list of all captured events, sorted by date.
Use the powerful filtering options to investigate specific events:
- Date Range: Narrow your search to a specific time period.
- Target Object and ID: Filter for a specific object (e.g., Customer) and even a specific instance (e.g., Customer ID).
- User: See all actions performed by a specific user.
- Action Type: Isolate all Create or Delete actions.

Understanding the Log Data

Each log entry contains detailed information to help you understand the event:

Column	Description
`Created on`	The exact date and time the action occurred.
`IP Address`	The IP Address of user who performed the action.
`User`	The user who performed the action. This may show “System” for automated processes.
`Target`	The type of business object that was affected (e.g., `Subscription`).
`Target ID`	The unique identifier of the specific object that was changed.
`Action`	The action performed (`CREATE`, `UPDATE`, `DELETE`).
`Details`	A human-readable summary of the change. For `UPDATE` actions, this will show the old and new values for the fields that were modified.

Exporting Log Data

You can export your filtered log view for offline analysis, archival, or audit requests. Click the More button to download the data, typically in CSV format, which can be opened in any spreadsheet application.

Permissions and Data Retention

Permissions: Access to configure and view the Activity Log is controlled by user permissions. Typically, only administrative users have the ability to change log configurations, while other users may have view-only access.
Data Retention: Activity Log data is retained for a specific period to comply with audit and security standards. Please refer to your service agreement for the exact data retention policy.

Docs: Authentication Settings

Mon, 01 Jan 0001 00:00:00 +0000

Authentication is a critical part of securing your Monetization environment.
The platform allows administrators to define how users log in, how long sessions remain active, and what security measures (such as Multi-Factor Authentication) are required to protect accounts.

To configure authentication settings:

Open the Menu (bottom left, click on your username).
Select Business Portal.
Click Security.

The Authentication Settings page is displayed.

Available Settings

Session Timeout

The session timeout determines how long a user can remain inactive before being automatically signed out.
This helps protect against unauthorized access if a user forgets to log out.
Enter the duration in seconds (e.g., 300 for 5 minutes).

Tip: For production environments, we recommend setting a shorter session timeout (e.g., 10–15 minutes) to minimize security risks.

Single Sign-On (SSO) Providers

Single Sign-On (SSO) enables users to log in with their existing accounts from trusted providers, reducing the need for separate credentials.
Monetization supports several SSO integrations out of the box:

Google – Allow users to authenticate using their Google Workspace or Gmail account.
Twitter – Enable login with Twitter credentials.
Facebook – Allow authentication via Facebook accounts.
Microsoft Entra ID – Integrate with Microsoft’s enterprise identity service (formerly Azure AD).
Custom OIDC Provider – Configure any identity provider that supports the OpenID Connect (OIDC) standard.

You can enable one or more providers depending on your organization’s needs.
For example, enterprises typically use Microsoft Entra ID or Google Workspace, while customer-facing applications may offer social logins like Facebook or Twitter.

👉 See our step-by-step guide: How to Set Up Keycloak as an Identity Provider for Entra ID SSO

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) requires users to provide an additional verification method (such as an authenticator app or SMS code) during login.
Enabling MFA significantly improves account security by ensuring that a stolen password alone cannot be used to access the system.

To enable MFA, toggle the Multi-Factor Authentication switch. Once enabled, all users will be required to complete MFA when signing in.

Password Policy

A strong password policy is essential to prevent brute-force attacks and ensure account safety.
Administrators can configure the following rules:

Minimum password length (recommended: 12 or more characters).
Maximum password length.
Password expiration (maximum password age in days).
Complexity requirements:
- At least one uppercase letter.
- At least one lowercase letter.
- At least one digit.
- At least one special character.
- Restrict use of email or username in the password.

These policies ensure that users create secure and unique passwords that are harder to guess or reuse.

Saving Changes

Once you have updated the settings, click Submit to apply and save the configuration.
Changes take effect immediately for all new logins and sessions.

Best Practices

Always enable MFA for production environments.
Use SSO whenever possible to centralize identity management and reduce password fatigue.
Set strong password policies (minimum length of 12–16 characters with complexity rules).
Adjust session timeout based on compliance or security needs (shorter timeouts for high-security accounts).

Monetization Web Docs | Tridens Technology – Security