Authentication Log
The authentication log records the outcome of every RADIUS authentication attempt that EntryPoint handles. It is the operational record administrators use to confirm that access is working, to understand why a particular attempt was accepted or denied, and to support compliance and troubleshooting. It is separate from the configuration audit log, which records administrative changes rather than authentication outcomes.
What it records
Section titled “What it records”For each authentication attempt the log captures:
- The outcome: accepted or denied, and for a denial the specific reason (for example an unknown RADIUS client, a shared-secret mismatch, an unregistered device, a user that is not a member of the expected group, or a configuration problem).
- Who and what: the device (MAC address), the user identity where one is presented, and the calling network equipment.
- When: the time of the attempt and how long it took to resolve.
- Which flow: the EntryPoint context and group the attempt was evaluated against.
- A timeline of steps: the sequence of decision points that led to the outcome (for example request received, identity or group lookup, Microsoft Entra ID membership check, device lookup, attribute profile applied, and the final accept or deny), each with a severity so warnings and errors stand out.
Sensitive values are protected in the record.
Which flows are covered
Section titled “Which flows are covered”The authentication log covers EntryPoint’s authentication flows:
- 802.1X with EAP-PEAP (username and password)
- 802.1X with EAP-TLS (device certificate, user certificate, and the Microsoft Entra ID variant)
- MAC Authentication Bypass (MAB)
- Identity PSK (iPSK)
- RADIUS proxy
How administrators use it
Section titled “How administrators use it”Administrators review the log in the Administration Portal. Entries can be filtered by time range, by outcome (accepted or denied), by denial reason, by authentication type, by group, and by device or user, and a summary view shows counts by outcome and reason. Each entry can be opened to see its full timeline. This makes it straightforward to answer questions such as why a given device was denied, or how a group is authenticating over a period.
Retention
Section titled “Retention”Authentication-log entries are retained for a defined period (90 days by default, configurable). After that they are removed automatically.
Relationship to the audit log
Section titled “Relationship to the audit log”| Authentication log | Audit log | |
|---|---|---|
| Records | Per-attempt authentication outcomes | Administrative configuration changes |
| Answers | ”Why was this device accepted or denied?" | "Who changed this setting, and when?” |
| Scope | The EntryPoint context’s authentication flow | The organization’s configuration |
See Logging, Reporting, and Retention for the platform-wide model.