API of User Activity more robust

We are attaching via API to Asana to fetch various attributes about Users, etc. One of those attributes is Activity or last seen of a user. From our Engineers analysis there seems to be some issues getting frequent, consistent and up-to-date activity information.

Please see his write up below: (“Adapter” is the term we use to describe the API connection between Axonius and Asana) We had a representative user that in the Asana console was showing that they had logged in the the last couple days, but the reflecting information back to Axonius was in August.

I want to explain a little about what is happening in the adapter
The process of importing the users requires first bringing all the workspaces in the organization, then we bring all the users under the same workspace but the information comes sparsely.
To enrich the information we use the gid of the user and make enrichment requests.
One of these requests is a request called audit_log_events whose purpose is to import specific user logs.
One of the logs we choose to bring is the user_login_succeeded log
This log is the only log that describes the times when the user successfully connected to the system.
You can see the list of log types here: Audit log events we do not receive information, we use the last information saved in Axonius and if too much time has passed since the user logged in, we identify this user as an inactive user.Unfortunately in the case of Bob, we have not received any information from Asana and therefore the user appears to be inactive.
I’ve made several attempts to see if we can actually get other logs that say Bob used Asana, but I haven’t seen any logs that happened after August of this year.

Hi @dan.jackobs ,

I only have a cursory knowledge of the audit log API, so hoping a more experienced user can chime in. That said, what authentication method do you use? SSO or password/2fa?

I’m wondering if the user_login_succeeded event you’re using only logs when a user initiates a new session. Did your test user try logging out and logging in again? Alternatively, perhaps you could try changing your session expiration setting (if using pw/2fa) or SAML configuration (if SSO) to shorten sessions. That’s definitely not ideal for users, but maybe a short-term workaround as Asana continues building out the audit log.

If you do use SSO, perhaps it would be more scalable to use the event logs of your idp instead of the Asana audit log API?

Hi @dan.jackobs,

I reached out to our audit log team and they mentioned that user_login_succeeded event gets emitted when a user logs in (not when a new session is initiated). This means that user login events only capture an explicit login to Asana, not a new session or activity. Depending on your domain’s timeout settings in your admin console, there may not have been a new login for the user referenced.

Can you provide more details about how the user logged in?

1 Like

Hello, thank you both @john_vu and Stephen_Li.
Currently, Asana is SAML integrated with Okta and within Asana SAML requires all the users to log in again every 12 hours.
So, based off of what you are saying there should be a new event emitted every 12 hours?

Hi @dan.jackobs,

Are you using a service account in a fully-paid Enterprise domain? Can you also share with us more information about the user such as their user ID/email. Feel free to message me directly to share the that information.

So while there is no field for ‘Last Activity’ in the Asana API, the audit logs avail ‘api_authentication_method’ field. Here we can determine if a user has interacted with Asana by cookie, access token or Oauth. User will have to re-login per Asana’s 12hr timeout limit, which is that explicit login. Thus this will capture the activity that we are looking for. Thanks both Stephen and John!