I have just updated to have a look at this and I see that I will need to use Manager for a few days to populate the history. I will provide feedback when I have used the history for a bit. I will concur with other users that the main issue that I can see is the sheer volume of data collected which may make it difficult to provide useful information to the administrator without good default search parameters and filters etc.
I don’t know if this can be implemented in Manager, but what I think would be very useful is the following:
History of Logins of user with details such as time, IP Address, especially repeated failed login attempts (to detect dictionary attacks). Maybe an email alert to warn administrator? This is obviously only for the Server and Cloud editions.
Would it also be possible to de-activate the account after 10 failed authentication attempts in a a 24 hour period or something like that. The administrator would be required to re-activate the account.
I have already setup in IIS to only allow my IP Address and that of my accountant. So it’s probably not necessary to include this in Manager itself, but obviously this only works for Server editions. For anyone using the Cloud edition, there is no way for them to restrict IP Addresses to their internal network if they wish to do so. I think that if Manager could be secured like this, that would be very good as it would make it virtually impossible for a hacker to breach the system.
Deleting or Renaming User Account and history trail. There are two questions that I have around this point. One - what happens to the history for this person if the user account is deleted? Two if I rename Joe Bloggs to Harry Potter - how does this affect the history of this account - does is show old name for past and new user name for future entries? I am happy to just delete the account and create a new one if this would retain the history of the old accountants name?
I noticed something rather interesting when I was looking at my profile. It showed me as logged in on this computer and two other logins showing Firefox 77 and Window 10 - which would have been me as I am the only one that currently has access to the system. I had not logged in for a few days and as far as I am aware I had logged out. Does Manager not have the ability to log you out after 1 hour inactivity period or something like that. Secondly based on this, it would seem that I can login to the same account on different computers simultaneously? I clicked logout for the two logins to close the sessions. I don’t know if this is intentional, but I think Manager should not allow you to login on different devices simultaneously for the same account.