We had an employee experience phishing identity fraud and had her Concur login-accessed. Our IT and Infrastructure teams are requesting a User Activity Log identifying all of the activity the account did for a specific date range. The activity I believe I have access to is her login activity but they are request more detail than that. Does Concur have or can provide a user activity log? This seems a little more sophisticated than a COGNOS report. Maybe something from the data security or infrastructure side of the company?
I am not aware there are possibility to see the activity done but possible to see from where the login was taking place with IP addresses however a bit manual.
Please go to User Admin and search for the specific user. Click with your mouse their login details (email user's address on hyperlink). This will show. you a window with the last history logins (with IP address).
At the moment I hope the user already changed the password.
I would imagine that with the list of IP address you provide to your IT department, maybe they can trigger out from all other employees users if anyone has the same address.
sorry, I have just seen a similar case raised a while ago.. but refer to a technical answer from @VJ-SAP-01 which apparently is possible...