Auditing Preauthentication requests

BlackBerry UEM
logs each request for
BlackBerry 2FA
Preauthentication and each request for authentication while in Preauthentication. Data is logged when the request completes or expires.
The audit log file includes the following information about each request for Preauthentication:
  • Marker1: BB2FA_AUDIT. This is the identifier for all
    BlackBerry 2FA
    audit log lines in the
    BlackBerry UEM Core
    log. This also indicates where to trim the log lines to discard universal CORE log information.
  • Marker2: PREAUTH_REQUEST. This is the identifier for the event type (request for Preauthentication).
  • Date
  • Time
  • Source:
    BlackBerry UEM
    management console,
    BlackBerry UEM Self-Service
    , user's device
  • Username
  • BlackBerry 2FA
    profile name: The name is logged in quotation marks to prevent the field from being split by commas in the profile.
  • Requested Preauthentication duration in hours
  • Configured maximum Preauthentication duration in hours
  • Result: SUCCESS, FAILED_INVALID_REQUEST
  • Preauthentication expiration time
For example:
2BB2FA_AUDIT,PREAUTH_REQUEST,2016-11-05,13:27:17.822,admin,user1,"Sales BB2FA Profile",3,12,May 11 16:41
The audit log file includes the following information about each request for authentication while in Preauthentication:
  • Marker1: BB2FA_AUDIT. This is the identifier for all
    BlackBerry 2FA
    audit log lines in the
    BlackBerry UEM Core
    log. This also indicates where to trim the log lines to discard universal CORE log information.
  • Marker2: AUTH_USER_IN_PREAUTH. This is the identifier for the event type (request for authentication while inPreauthentication).
  • Date
  • Time
  • Transaction ID
  • Source:
    BlackBerry 2FA
    app,
    BlackBerry Enterprise Identity
    , and so on.
  • Username
  • Authentication policy: enterprise password, active device password, passive device password
  • Profile name: The name is logged in quotation marks to prevent the field from being split by commas in the profile.
  • Preauthentication expiration time
For example:
BB2FA_AUDIT,AUTH_USER_IN_PREAUTH,2016-11-05,13:27:17.822,50dbe1cc,BB2FA,user1,Enterprise Password,"Sales BB2FA Profile",May 11 16:41