Skip to content
Monitoring & logs

Authentication Log

The authentication log records the outcome of every RADIUS authentication attempt that EntryPoint handles. It is the operational record administrators use to confirm that access is working, to understand why a particular attempt was accepted or denied, and to support compliance and troubleshooting. It is separate from the configuration audit log, which records administrative changes rather than authentication outcomes.

For each authentication attempt the log captures:

  • The outcome: accepted or denied, and for a denial the specific reason (for example an unknown RADIUS client, a shared-secret mismatch, an unregistered device, a user that is not a member of the expected group, or a configuration problem).
  • Who and what: the device (MAC address), the user identity where one is presented, and the calling network equipment.
  • When: the time of the attempt and how long it took to resolve.
  • Which flow: the EntryPoint context and group the attempt was evaluated against.
  • A timeline of steps: the sequence of decision points that led to the outcome (for example request received, identity or group lookup, Microsoft Entra ID membership check, device lookup, attribute profile applied, and the final accept or deny), each with a severity so warnings and errors stand out.

Sensitive values are protected in the record.

The authentication log covers EntryPoint’s authentication flows:

  • 802.1X with EAP-PEAP (username and password)
  • 802.1X with EAP-TLS (device certificate, user certificate, and the Microsoft Entra ID variant)
  • MAC Authentication Bypass (MAB)
  • Identity PSK (iPSK)
  • RADIUS proxy

Administrators review the log in the Administration Portal. Entries can be filtered by time range, by outcome (accepted or denied), by denial reason, by authentication type, by group, and by device or user, and a summary view shows counts by outcome and reason. Each entry can be opened to see its full timeline. This makes it straightforward to answer questions such as why a given device was denied, or how a group is authenticating over a period.

Authentication-log entries are retained for a defined period (90 days by default, configurable). After that they are removed automatically.

Authentication logAudit log
RecordsPer-attempt authentication outcomesAdministrative configuration changes
Answers”Why was this device accepted or denied?""Who changed this setting, and when?”
ScopeThe EntryPoint context’s authentication flowThe organization’s configuration

See Logging, Reporting, and Retention for the platform-wide model.

Next