Last Login for Accounts

The SailPoint connector for Microsoft Azure Active Directory can retrieve the last login date and time for individual users. This information can enable governance workflows to certify access and remove long-standing access if it's no longer needed.

The connector uses MS Graph API to retrieve the last login account data.

This feature retrieves the following login information:

Interactive authentication method – Enable the lastSignInDateTime attribute to retrieve the last time a user logged into the directory with an interactive authentication method.
Non-interactive authentication method – Enable the lastNonInteractiveSignInDateTime attribute to retrieve the last time a client signed in to the directory on behalf of a user.

The connector retrieves last log in information during the following connector operations:

Account aggregation
Get account

Prerequisite

You must have an Azure Active Directory Premium P1/P2 license to use this feature.

Administrator Permissions

To retrieve the last login account data, the MS Graphs API requires you to assign it the AuditLog.Read.All API permission.


	You are here: