I am trying to find a way to log when the local PU “admin” user logs in. This is an industry requirement to be able to show when the “admin” user logs in.
I have Form authentication enabled and have a working authentication.ps1 file which I use for Active Directory integration. I am able to validate AD users and I log any failures and successes to a file.
When I log in with the “admin” user and the correct password (as set in Identities), then the authentication.ps1 file is not run at all.
If the “admin” password is incorrect, or the username is anything other than “admin”, then the authentication.ps1 file does run and I am able to capture the login or failure.
I have also tried modifying the Adminstrator role code to add logging when someone gets the role assigned, but again if I log in with “admin” and the correct password then this file also does not get run. If I log in as an AD user with the Administrator role though, the code does run and I am able to capture the login.
From what I can see, a successful login of this user seems to bypass all the script files. And I can’t find anywhere in PU that it logs this.
Is there anything else I can do to somehow capture when the “admin” user successfully logs in?
Based on what you described, I do not see a documented path in PSU v5 confirming that a successful login with the built-in local admin account will invoke authentication.ps1 the same way your AD-backed forms flow does. From the current documentation, the two areas I would validate first are User Sessions and a User Login trigger.
Could you please confirm the following?
When did you first notice this behavior?
Does it happen every time with the local admin account?
Is your instance licensed, so we can confirm trigger availability?
Does Home > User Sessions record the successful admin login with timestamp and remote IP?
If User Sessions already captures the successful admin session, that may satisfy the audit requirement without relying on authentication.ps1. If not, the next test I would suggest is configuring a User Login trigger that writes the login data to a file, since that event is documented specifically for user access to PSU.
Please also share any relevant PSU system logs captured during one successful admin login test and one failed login test so I can compare both flows.