This topic provides information regarding the collection, storage, and retention of logs by the Citrix Adaptive Authentication service and the Adaptive Authentication instances. Any capitalized terms not defined in Definitions carry the meaning specified in the Citrix End User Services Agreement.
- Adaptive Authentication services: Citrix Cloud service that administrators can log in to deploy and manage Adaptive Authentication instances.
- Adaptive Authentication instances: Citrix ADC virtual machines deployed by the Adaptive Authentication service to allow administrators to manage user authentication.
The Citrix Adaptive Authentication service customer content data resides in the Azure Cloud Services East region. They are replicated to the following Azure regions for availability and redundancy:
- US West
- North Europe
The following are the different destinations for the service configuration and runtime logs.
- Splunk service for system monitoring and debugging logs, in the US and EU (European Union) locations only.
- Citrix Application Delivery Management service for the aggregated user access logs. For details, see Citrix ADM Data Governance.
- Citrix Cloud System Logs service for admin audit logs. For details, see Citrix Cloud Services Customer Content and Log Handling and Geographical Considerations.
Citrix Application Delivery Management service for backing up all configurations, instance specific artifacts. For details, see Citrix ADM Data Governance.
Citrix Adaptive Authentication service allows the customer administrators to configure the service through the Adaptive Authentication UI and the companion Connector Appliances through the console. The following customer content is collected:
- Adaptive Authentication service
- FQDN (fully qualified domain name) and IP address of the IdP (identity provider) endpoint.
- IP addresses/ranges, ports, and protocols
- Certificates used to access the IdP authentication virtual server
- Public IP address of the management endpoint
- For Azure VNet peering, service principal with network contributor role. For details, see Set up connectivity to on-premises authentication servers using Azure VNet peering.
- User identifiers for app entitlements
- Citrix Cloud Connector related details. For details, see Citrix Cloud Connector.
- IP addresses or FQDNs
- Users, devices, and resource location identifiers
- Internal proxy configuration
For runtime logs collected by the service components, the key information consists of the following:
- Client IP address and port
- Destination FQDN/address and port
- Client User-Agent
- Application URL path
- Application access time and duration
- Request byte count
- Response byte count
- HTTP transaction ID
- Deployment mode (Connector or Azure VNet peering)
- Azure resources
- Resource group names
- VNets (IP addresses, CIDRs)
- Subnets (IP addresses, CIDRs)
- Virtual machine names
Citrix Adaptive Authentication service sends logs to the destinations (Splunk) protected by the transport layer security.
Citrix Adaptive Authentication service does not currently provide options for the customers to turn off sending logs or prevent customer content from being replicated globally.
Based on the Citrix Cloud data retention policy, the customer configuration data is purged from the service 90 days (about 3 months) after subscription has expired.
The log destinations maintain their service-specific data retention policy.
- For the events stored in Citrix Application Delivery Management. See Citrix ADM Data Governance.
- The Splunk logs are archived and eventually removed after 90 days (about 3 months).
- The Adaptive Authentication instances are deallocated 30 days (about four and a half weeks) after the subscription has expired.
There are different data export options for several types of logs.
- The admin audit logs are accessible from the Citrix Cloud System Log console.
- The Splunk logs are not for customers to consume. These events can also be exported from Splunk as a CSV file.
- Customer content means any data uploaded to a customer account for storage or data in a customer environment to which Citrix is provided access to perform the services.
- Log means a record of events related to the services, including records that measure performance, stability, usage, security, and support.
- Services mean that the Citrix Cloud services outlined earlier for the purposes of facilitating the customer use cases.