NetSuite Login Audit Trail

Although NetSuite’s reporting isn’t always the prettiest (plenty of articles here on NetFreak to help you jazz it up though!) one thing NetSuite does amazingly well is data.

In addition to that, having Oracle at NetSuite’s helm means security is taken seriously. Along with the comprehensive system notes log of almost every action taken within the system there is also a NetSuite login audit trail detailing all attempts, successful or not, to access it.

In this article I will explain why this data is useful, how to access it and what to do with it.

Why Do I Need a Login Audit Trail?

The NetSuite login audit trail is one of those features that sits quietly in the background, but once a need arises, you’ll be very glad it exists. Some of the reasons you might want to view the NetSuite login audit trail are –

Monitor unauthorized access attempts

There may be unauthorized personnel trying to access your system with dishonest intentions. These may be ex-employees, third parties or simply hackers. You can use the login audit trail to view all failed or successful access attempts.

Monitor individual usage

You may have a policy to remove licenses if users don’t access the system within a certain amount of time. Use the login audit trail to check the last date a user tried to login to the system.

The audit trail also shows you what roles are being used by each user. It’s good practice to remove roles that aren’t being utilized to improve the security of your system.

If you are based in or trading in the EU, the Login Audit Trail is also going to be a key audit requirement to prove you are GDPR compliant.

Identify quiet periods

By viewing the audit trail you can identify what time of day is the least active and therefore most suitable for deployment of a project or system downtime.

Whatever your reasons, NetSuite provides all the data needed to address the queries above and more.

How Do I Access the Login Audit Trail?

You can access the NetSuite login audit trail by navigating to Setup > Users/Roles > View Login Audit Trail. You could also access it from the Saved Search record selection page.

Accessing the NetSuite login audit trail via the saved search type list.

It’s a useful report to always have at your fingertips but a shortcut shouldn’t be necessary. Both of the methods described above are only a couple of clicks away should you need them.

How To Use the Login Audit Trail.

As with all other searches in NetSuite you can edit the criteria and results before running the Login Audit Trail. Without changing anything though, you can simply click Submit and you will get a complete list of all access attempts. This data can be long and cumbersome to work with so as a minimum you might want to add a date filter. If you are viewing the audit trail on a monthly basis for example you only need to view data from the last month.

Setting criteria for the NetSuite login audit trail search.

Without editing the Results you will be presented with the following columns –

  • Date – The date and timestamp of the login attempt.
  • Email Address – The email address used for the attempted login. For non SSO environments this is useful to see if people are failing to login due to typos or incorrect emails being used. It also informs you of any attempts made by users who do not have login access granted.
  • User – If the email address used is linked to an Entity record, the name will be listed here.
  • Role – If the login attempt was successful then the role that the user logged in with will be displayed here.
  • IP Address – The IP Address used for the login attempt. This information is particularly useful for failed login attempts. If there are repeated attempts to login from an unknown IP Address this may need to be investigated as an attempted breach of security.
  • Status – This will identify whether the attempt was a Success or a Failure.

If you need more information on why the status is showing Failure then you can edit the search and add the Detail column to the search results.

  • Detail – This column will give you a reason code as to why the attempt was a success or failure. Codes for a successful attempt include, for example, trusted2fa and RoleSwitch. For a failed attempt you may see reasons such as TokenRejected or InvalidSignature.

As a system admin you might want to set up a process to monitor the audit trail on a periodic basis for unusual activity. You can also use all the regular benefits of a saved search so, for example, you might want to set up an email alert for a specific criteria of unusual activity.

Remember that all the information above is just an introduction to the NetSuite login audit trail. We haven’t defined any specific criteria or sorted our data using formulas or summaries. If this is going to be regularly viewed data, you are probably going to want to play more with it to present it in a legible and useful way.

If you are new to Saved Searches, then make sure you check out our introduction to saved search formulas and formula cheat sheet. We also have countless other articles to help you start building more advanced searches. If you can’t find what you are looking for then get in touch via the Contact form.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *