There are multiple ways to get this.
If you are just doing it one time, you can look at the system logs and use the following search filter
(eventid eq globalprotectportal-config-succ). This could take a really long time depending on how long you keep logs for some might want to also add a date filter like (receive_time in last-30-days).
Also you can use the API using the following
are you using local users or are you going through an authentication protocol (kerberos, ldap, ...) ?
locally created users will show up in the configuration log and is not part of the reporting capabilities (as these are traffic oriented)
if you export system logs a SIEM might be able to craft a nice report
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!