The closest I can see getting from the iAP proper would by to turn on logging on the intersting ACLs in the ACL for your users' role. You'll likely get the IP address of the destination though and have to work out the site and/or URL on your own.
If you want to know site names and URLs etc, you'll want to monitor the traffic upstream with a proxy or sniffer etc.