When using NIOS Identity Mapping, you need Kerberos auditing logs to be enabled on the domain controllers to get event_id 4624, event_id 4634 plus others.

event_id: 4624 identifies the user, IP address, first seen and last seen

First of all, check your auditing settings:

1. In the Group Policy Management Editor → Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy. Set the following audit policies:
   • Audit account management: “Success”
   • Audit directory service access: “Success”
   • Audit logon events: “Success” and “Failure”
   1. Alternatively, you can set Advanced audit policies: In the Group Policy Management Editor → Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration → Audit Policies. Set the following audit policies:

• Account Logon
  • Audit Kerberos Authentication Service: “Success, Failure”
  • Audit Kerberos Service Ticket Operations: “Success, Failure”
  • Audit Other Account Logon Events : “Success, Failure”
• Account Management
  • Audit Computer Account Management: “Success”
  • Audit Distribution Group Management: “Success”
  • Audit Security Group Management: “Success”
  • Audit User Account Management: “Success”
• DS Access
  • Audit Directory Service Access: “Success”
• Logon/Logoff
  • Audit Logoff: “Success”
  • Audit Logon: “Success”
  • Audit Other Logon/Logoff Events: “Success”
  • Audit Special Logon: “Success”

• In Grid Properties > General > Advanced you need to tick “Enable Networks Users Feature”. Microsoft Servers appears under “Grid” and “Network Users” not appears under “Data Management”
• In Grid Properties > Microsoft Integration you can set user timeout
• When configuring the Microsoft Server in NIOS you must set logging level to Debug.