Any action an admin performs within the admin console can be recorded for auditing purposes. The Admin Console performs administrative functions by invoking on the Keycloak REST interface. Keycloak audits these REST invocations. The resulting events can then be viewed in the Admin Console.
To enable auditing of Admin actions, go to the
Events left menu item and select the
Admin Events Settings section, turn on the
Save Events switch.
Include Representation switch will include any JSON document that is sent through the admin REST API. This allows you to view exactly what an admin has done, but can lead to a lot of information stored in the
Clear admin events button allows you to wipe out the current information stored.
To view the admin events go to the
Admin Events tab.
Details column has a
Representation box, you can click on that to view the JSON that was sent with that operation.
You can also filter for the events you are interested in by clicking the