FIDO2 services are integrated within the SurePassID API Server, forming a core component of our strong authentication architecture for securing IT, OT, and critical infrastructure environments. This integration enables the API Server to process FIDO2 authentication and registration requests, delivering secure, passwordless access for users while meeting stringent regulatory mandates.
To ensure operational transparency, auditability, and compliance with industry requirements, SurePassID includes a comprehensive logging framework. When logging is enabled, all relevant events—including authentication attempts, FIDO2 transactions, system errors, and administrative activities—are recorded to a log file named mfa-server.log, located in the API Server’s root directory. This log serves as a valuable resource for security monitoring, incident response, and compliance reporting.
Logging parameters, including log levels, output formats, rotation schedules, and retention policies, are centrally managed via the logging.config file, also found in the server root directory. Administrators can tailor these settings to align with internal security policies, regulatory mandates such as NIST and CMMC, or external log aggregation systems for SIEM/SOAR integration.
The platform uses log4net for all logging operations. The logging.config file is fully compatible with Apache log4net syntax and best practices, making it straightforward for security teams to customize logging behaviors and integrate logs into existing monitoring frameworks. For detailed configuration options, refer to the specifications shown below: