Skip to main content
Empuls captures the timestamp, IP address, and device information for every user login session and supports secure API integration with SIEM solutions, including Miral, enabling centralized audit logging and anomaly detection.
Empuls maintains a full audit trail of user authentication events across the platform. Every time an employee logs in, Empuls records the exact timestamp, IP address, and device fingerprint associated with that session. This data is immutably stored and accessible to authorized administrators through the security dashboard. For organizations running a Security Information and Event Management (SIEM) stack, Empuls supports structured log export and real-time data feeds via secure APIs. IT and security teams can pull session logs directly into Miral SIEM to correlate Empuls access events with broader enterprise activity, enabling faster detection of unauthorized access or unusual login patterns.

How SIEM integration works

Empuls exposes authenticated API endpoints that deliver structured session log payloads in JSON format. These feeds are consumed directly by Miral or any SIEM platform that supports REST-based ingestion. Each log entry includes actor identity, session origin, login method — SSO, direct, or third-party IdP — and event outcome, giving security analysts the full context they need without manual data pulls. For example, if an employee whose Workday profile reflects a standard office location suddenly authenticates into Empuls from an unrecognized IP in a different geography, Miral flags that event automatically using correlation rules applied to the Empuls log feed. Organizations running SAP SuccessFactors or Darwinbox as their primary HRMS benefit from the same capability — Empuls session data integrates cleanly into broader workforce security workflows without requiring custom middleware.

Compliance and audit readiness

Empuls is built to support enterprise compliance programs. The activity logging infrastructure aligns with access monitoring and audit trail requirements under ISO 27001 and SOC 2 Type II. When compliance auditors request evidence of access controls, administrators export timestamped login records directly from Empuls without needing to reconstruct events retroactively. Organizations that enforce conditional access through Microsoft Azure AD or Okta can further enrich Empuls logs with identity context, creating a unified view of who accessed what, when, and from where across the employee experience stack.

Real-time alerting and anomaly response

Beyond passive logging, Empuls supports webhook-based alerting that security teams route into incident response workflows. Notifications surface in Slack or Microsoft Teams channels monitored by IT security, providing real-time visibility without requiring staff to poll a separate dashboard. Events such as multiple failed login attempts or access from an unrecognized device trigger automated responses through the connected SIEM, reducing mean time to detection. This layered architecture — structured logging, secure API export, SIEM integration, and real-time alerting — gives security and People teams joint visibility into how Empuls is being accessed across the organization at all times. Learn more: Empuls Help Centre — General

SSO and Identity Provider Configuration

Configure single sign-on for Empuls using Azure AD, Okta, or any SAML 2.0-compliant identity provider.

Data Security and Compliance Standards

Understand how Empuls aligns with ISO 27001, SOC 2 Type II, and GDPR requirements for enterprise data protection.