From 490d95e31e1cf67090d366904c68e57a2583bdf1 Mon Sep 17 00:00:00 2001 From: Harrison Sherwin - Akeyless Date: Mon, 15 Jun 2026 12:39:51 -0600 Subject: [PATCH 1/5] DOCS-960: document ZTWA session ID to user correlation --- .../sra-sessions-overview.md | 6 ++++- .../sra-web-access-session-recording.md | 25 +++++++++++++++++++ .../sra-setup/sra-web-access-on-k8s/index.md | 12 +++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md index 50ef432ba..6c9d83289 100644 --- a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md +++ b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md @@ -21,12 +21,14 @@ The Session Overview page displays detailed information for each session. The fo * **Client Interface**: Indicates how the session was initiated. Options include: Web Portal - CLI, Web Portal - Web, CLI and Desktop Application) * **User**: The username of the individual who initiated the session. * **Gateway Name**: The name of the gateway through which the session is managed. -* **Resource Type**: The type of resource accessed during the session. Examples include: SSH, RDP, Databases, Kubernetes (K8s) and more. +* **Resource Type**: The type of resource accessed during the session. Examples include: SSH, RDP, web, databases, Kubernetes (K8s), and more. * **Secret Name**: The identifier for the secret used during the session. * **Session ID**: The unique Secure Remote Access session identifier. * **Status**: The current state of the session (For example, active, closed, or terminated). * **Duration**: The length of time the session has been active. +For Zero Trust Web Access sessions, the same session ID is used in Session Overview, Audit Log entries, and recording artifacts. + ## Real-Time Updates * **Auto-Refresh**: The sessions list automatically updates every 20 seconds to ensure the displayed information is current. @@ -71,6 +73,8 @@ For API details, see [List SRA Sessions](https://docs.akeyless.io/reference/list Every session update is captured in the Audit Log, including the Secure Remote Access Session ID. This ensures that any changes (such as status updates or modifications) are recorded for compliance and troubleshooting purposes. +For Zero Trust Web Access session events, user identity is recorded in `sra_unique_identifier`. + ## Permissions * **Self-Session Visibility**: Any user who initiates a session is permitted to view their own session details (there is no need to specify any permission for that). diff --git a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-web-access-session-recording.md b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-web-access-session-recording.md index cb6c714ba..313178d6b 100644 --- a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-web-access-session-recording.md +++ b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-web-access-session-recording.md @@ -31,6 +31,30 @@ This feature is configured with deployment-time defaults in the Zero Trust Web A For ongoing Secure Remote Access session behavior, manage web and SSH settings through the Akeyless API by using the CLI or Console UI. +## Session Correlation + +ZTWA recordings, Session Overview entries, and Audit Log events are correlated by the same Secure Remote Access session identifier. + +For supported ZTWA versions, this identifier is a 24-digit numeric session ID. + +To correlate a recording to a user account: + +1. Get the session ID from the recording object key or filename. +2. Find the same session ID in Session Overview. +3. Review the associated Audit Log events for that session ID. + +In audit events, the end user identity appears as `sra_unique_identifier`. + +### Prerequisites For Session Visibility + +If browser sessions run but Session Overview and Audit Log entries are missing, verify the following deployment settings: + +* Use a ZTWA version that includes session reporting (`v2.0.0-rc6` or later). +* Ensure `clusterName` exactly matches the connected Akeyless Gateway cluster name. +* Authenticate ZTWA by using the same Access ID that the Gateway is registered with. +* If the Gateway certificate is private or self-signed, provide trust material to ZTWA. +* Ensure the Gateway is running and registered in the same Akeyless account. + ## Configuration Surfaces Use these surfaces: @@ -97,6 +121,7 @@ Use overrides only when service-specific behavior must differ from the shared `s 6. Optionally tune watchdog values for long-running workloads. 7. Deploy or upgrade the chart. 8. Start a ZTWA browser session and verify the recording artifact in the configured storage destination. +9. Validate correlation by matching the session ID across the recording, Session Overview, and Audit Log. ## Related Pages diff --git a/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md b/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md index 0a19c2319..e45681171 100644 --- a/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md +++ b/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md @@ -259,6 +259,18 @@ sessionRecording: When enabled, the worker captures the browser session and the dispatcher prepares the upload artifact and uploads it to S3 or S3-compatible storage. +For supported ZTWA versions, recordings, Session Overview entries, and Audit Log events share the same Secure Remote Access session identifier. + +#### Session visibility prerequisites + +If browser sessions work but Session Overview and Audit Log entries do not appear, verify the following: + +* Use a ZTWA version that includes session reporting (`v2.0.0-rc6` or later). +* Ensure `clusterName` exactly matches the connected Akeyless Gateway cluster name. +* Authenticate ZTWA by using the same Access ID that the Gateway is registered with. +* If the Gateway certificate is private or self-signed, provide trust material to ZTWA. +* Ensure the Gateway is running and registered in the same Akeyless account. + #### Recording quality Set `sessionRecording.quality` to one of: From 8f25bf2443c378672c2d60da4ba4fd649323e1dd Mon Sep 17 00:00:00 2001 From: Harrison Sherwin - Akeyless Date: Mon, 15 Jun 2026 12:43:23 -0600 Subject: [PATCH 2/5] DOCS-960: align resource type wording with main-repo --- .../sra-session-management/sra-sessions-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md index 6c9d83289..eae087f58 100644 --- a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md +++ b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md @@ -21,7 +21,7 @@ The Session Overview page displays detailed information for each session. The fo * **Client Interface**: Indicates how the session was initiated. Options include: Web Portal - CLI, Web Portal - Web, CLI and Desktop Application) * **User**: The username of the individual who initiated the session. * **Gateway Name**: The name of the gateway through which the session is managed. -* **Resource Type**: The type of resource accessed during the session. Examples include: SSH, RDP, web, databases, Kubernetes (K8s), and more. +* **Resource Type**: The type of resource accessed during the session. Examples include: SSH, RDP, databases, Kubernetes (K8s), and more. * **Secret Name**: The identifier for the secret used during the session. * **Session ID**: The unique Secure Remote Access session identifier. * **Status**: The current state of the session (For example, active, closed, or terminated). From 5f44cc96bee8724ecfdd3d3cb4d32a32d5699a3d Mon Sep 17 00:00:00 2001 From: Harrison Sherwin - Akeyless Date: Mon, 15 Jun 2026 12:44:58 -0600 Subject: [PATCH 3/5] DOCS-960: align Session Overview interface options with UI --- .../sra-session-management/sra-sessions-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md index eae087f58..56a205de4 100644 --- a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md +++ b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md @@ -18,7 +18,7 @@ For CLI-driven monitoring and automation, use `list-sra-sessions` to query the s The Session Overview page displays detailed information for each session. The following key details are provided: -* **Client Interface**: Indicates how the session was initiated. Options include: Web Portal - CLI, Web Portal - Web, CLI and Desktop Application) +* **Client Interface**: Indicates how the session was initiated. Options include Portal CLI, Portal Web, and CLI. * **User**: The username of the individual who initiated the session. * **Gateway Name**: The name of the gateway through which the session is managed. * **Resource Type**: The type of resource accessed during the session. Examples include: SSH, RDP, databases, Kubernetes (K8s), and more. From cdf22103bb0aac4a980f4e14e9a38ba92392d03b Mon Sep 17 00:00:00 2001 From: Harrison Sherwin - Akeyless Date: Tue, 16 Jun 2026 11:27:49 -0600 Subject: [PATCH 4/5] DOCS-960: address PR review comments --- .../sra-session-management/sra-sessions-overview.md | 4 ++-- .../sra-web-access-session-recording.md | 2 +- .../sra-setup/sra-web-access-on-k8s/index.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md index 56a205de4..e8597b2e7 100644 --- a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md +++ b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-sessions-overview.md @@ -27,7 +27,7 @@ The Session Overview page displays detailed information for each session. The fo * **Status**: The current state of the session (For example, active, closed, or terminated). * **Duration**: The length of time the session has been active. -For Zero Trust Web Access sessions, the same session ID is used in Session Overview, Audit Log entries, and recording artifacts. +For Secure Remote Access sessions, the same session ID is used in Session Overview and Audit Log entries. ## Real-Time Updates @@ -73,7 +73,7 @@ For API details, see [List SRA Sessions](https://docs.akeyless.io/reference/list Every session update is captured in the Audit Log, including the Secure Remote Access Session ID. This ensures that any changes (such as status updates or modifications) are recorded for compliance and troubleshooting purposes. -For Zero Trust Web Access session events, user identity is recorded in `sra_unique_identifier`. +For Secure Remote Access session events, user identity is recorded in `sra_unique_identifier`. ## Permissions diff --git a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-web-access-session-recording.md b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-web-access-session-recording.md index 313178d6b..0ce5afc7b 100644 --- a/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-web-access-session-recording.md +++ b/docs/Secure Remote Access/sra-admin-guides/sra-session-management/sra-web-access-session-recording.md @@ -33,7 +33,7 @@ For ongoing Secure Remote Access session behavior, manage web and SSH settings t ## Session Correlation -ZTWA recordings, Session Overview entries, and Audit Log events are correlated by the same Secure Remote Access session identifier. +ZTWA recordings use the same Secure Remote Access session identifier that appears in Session Overview and Audit Log entries. For supported ZTWA versions, this identifier is a 24-digit numeric session ID. diff --git a/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md b/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md index e45681171..15c99a418 100644 --- a/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md +++ b/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md @@ -263,7 +263,7 @@ For supported ZTWA versions, recordings, Session Overview entries, and Audit Log #### Session visibility prerequisites -If browser sessions work but Session Overview and Audit Log entries do not appear, verify the following: +If browser sessions work but Session Overview and Audit Log entries do not appear, verify the following. These prerequisites are required for audit logs and session recording correlation: * Use a ZTWA version that includes session reporting (`v2.0.0-rc6` or later). * Ensure `clusterName` exactly matches the connected Akeyless Gateway cluster name. From 844d496048b8824e2236aa017defdef38f924547 Mon Sep 17 00:00:00 2001 From: Harrison Sherwin - Akeyless Date: Tue, 16 Jun 2026 11:33:45 -0600 Subject: [PATCH 5/5] DOCS-960: make ZTWA deployment prerequisites explicit --- .../sra-setup/sra-web-access-on-k8s/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md b/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md index 15c99a418..5a9e16539 100644 --- a/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md +++ b/docs/Secure Remote Access/sra-setup/sra-web-access-on-k8s/index.md @@ -263,7 +263,7 @@ For supported ZTWA versions, recordings, Session Overview entries, and Audit Log #### Session visibility prerequisites -If browser sessions work but Session Overview and Audit Log entries do not appear, verify the following. These prerequisites are required for audit logs and session recording correlation: +If browser sessions work but Session Overview and Audit Log entries do not appear, the deployment must meet the following requirements for audit logs and session recording correlation: * Use a ZTWA version that includes session reporting (`v2.0.0-rc6` or later). * Ensure `clusterName` exactly matches the connected Akeyless Gateway cluster name. @@ -271,6 +271,8 @@ If browser sessions work but Session Overview and Audit Log entries do not appea * If the Gateway certificate is private or self-signed, provide trust material to ZTWA. * Ensure the Gateway is running and registered in the same Akeyless account. +The same cluster name and Gateway Access ID are required to correlate audit logs and session recordings. + #### Recording quality Set `sessionRecording.quality` to one of: