TechIDManager Guide: Auditing and Logging in TechIDManager

Compliance and security both rely on one foundational capability: traceability. You must be able to answer three questions at any time:

• Who did something
• What they did
• When they did it

This is why TechIDManager is built around unique technician identities, comprehensive logging, and detailed auditing reports. This article walks through how to use those capabilities to meet cybersecurity and compliance requirements.

---

Step 1: Ensure Full Traceability with Unique Technician Accounts

Shared credentials are a direct violation of most modern compliance frameworks. TechIDManager automatically creates unique accounts for every technician across all environments, including:

• Servers and workstations
• Entra ID (Azure AD) tenants
• macOS systems

Because every action is tied to a named individual, organizations can reliably demonstrate accountability.

Compliance Mapping

• SOC 2 (CC6.1, CC6.3): Logical access is restricted to authorized, uniquely identifiable users
• ISO 27001 (A.5.15, A.5.18): User identification and access management
• NIST SP 800-53 (AC-2, IA-2): Unique user identification and authentication 
• Cyber Essentials: User access control; prevention of shared admin accounts
• Essential Eight: Restrict administrative privileges
• Cyber insurance: Eliminates shared credentials, a common coverage exclusion

---

Step 2: Track All Activity with Centralized Logging

TechIDManager logs every action taken inside the platform, not just account creation.

The Activity Log Report captures:

• Password access and copying
• One-time password (OTP) events
• Group membership changes
• Credential sharing activity
• Just-in-time (JIT) access requests, approvals, and removals
• Password rotation requests and execution

This creates a complete, tamper-resistant activity trail.

Compliance Mapping

• SOC 2 (CC7.2, CC7.3): System activity is logged and monitored
• ISO 27001 (A.5.28, A.8.15): Event logging and monitoring
• NIST SP 800-53 (AU-2, AU-12): Audit event logging and generation
• Cyber Essentials: Security logging and monitoring expectations
• Essential Eight: Continuous monitoring and administrative activity visibility
• Cyber insurance: Demonstrates continuous monitoring and incident traceability

---

Step 3: Retain Logs Indefinitely for Audit Readiness

Many compliance standards require extended or undefined log retention periods.

TechIDManager:

• Retains logs forever
• Never discards historical audit data
• Allows logs to be downloaded as CSV files
• Provides complete, searchable audit history

This ensures evidence is available long after an incident or audit request.

Compliance Mapping

• SOC 2 (CC7.4): Audit evidence retained for investigation and review
• ISO 27001 (A.5.33): Protection and retention of audit information
• NIST SP 800-53 (AU-11): Audit record retention 
• Cyber Essentials: Supports post-incident analysis
• Essential Eight: Enables incident response and forensic review
• Cyber insurance: Supports claims validation and breach investigations

---

Step 4: Integrate Audit Data via API for Automation and SIEMs

TechIDManager provides REST API access to all audit logs.

Using the API, organizations can:

• Pull full audit histories per client
• Filter by technician, action, or timeframe
• Feed logs into SIEMs, compliance tools, or automation pipelines
• Create custom compliance and executive reports

Example code is available to accelerate integrations.

Compliance Mapping

• SOC 2: Supports continuous monitoring and automated evidence collection
• ISO 27001: Enables centralized log correlation and analysis
• NIST SP 800-53 (AU-6): Audit review, analysis, and reporting
• Essential Eight: Supports centralized logging and analysis
• Cyber insurance: Shows maturity in detection and response tooling

---

Step 5: Prove Why Access Exists with the Triplet Access Report

Auditors often ask not just who has access, but why they have it.

The Triplet Access Report provides:

• Technician identities
• Group memberships
• Rights and rights groups
• Agents and environments
• The precise authorization path granting access

This makes it easy to answer questions like:

“Why does this technician have Global Administrator access on this tenant?”

Compliance Mapping

• SOC 2 (CC6.2): Access is authorized and reviewed
• ISO 27001 (A.5.16): Privileged access management
• NIST SP 800-53 (AC-6): Least privilege enforcement
• Cyber Essentials: Administrative access justification
• Essential Eight: Restrict administrative privileges and document access paths
• Cyber insurance: Evidence of controlled, justified admin access

---

Step 6: Verify Active Accounts and Password Hygiene

The Active Accounts Report shows:

• Who currently has an account
• Which agents or environments it exists on
• When the password was last rotated or verified

This supports routine access reviews and validates security controls.

Compliance Mapping

• SOC 2 (CC6.1, CC6.4): Periodic access reviews and credential hygiene
• ISO 27001 (A.5.17): Authentication information management
• NIST SP 800-53 (IA-5): Authenticator lifecycle management
• Cyber Essentials: Account management and password practices
• Essential Eight: Ongoing validation of administrative access
• Cyber insurance: Confirms password rotation and access revocation

---

Support

For additional documentation, examples, or troubleshooting, refer to the TechIDManager knowledge base or contact our team at support@techidmanager.com