Forum Discussion
Audit user accessing entreprise App by SPN sign-in
I'm in a Hybrid Entra ID environment. Some users can use an "Entreprise Application" by utilizing IDs and a certificate. In the activity or sign-in logs, I can find the access entries, but I don't ha...
Such sign-ins are not tied in to any user account, the best you can do is correlate the IP/device info.
If you want to keep track of who's using a given certificate/client secret, you'll have to provision multiple credentials on the app object and distribute them to users in 1:1 configuration. Or enable logging/PowerShell transcript on all devices and sift through the logs.
