Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1133

Better audit logging for SCIM provisioning events.

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      At the moment, some provisioning activities are logged in the Organization Audit logs but they are not very descriptive. 

      ie. Changing the account details and deactivating an account in the IDP is logged as the same activity in Audit log. 

       

      Identity Provider  Updated account profile for email@domain.com
      Identity Provider  Updated account profile for email@domain.com

       

      Suggestion 

      Provide more details on audit logs based on user provisioning

      • Specify that provisioning is the actor. 
      • Log specific user account changes.
      • Log specific group changes.

       

      Suggestion 

            [ACCESS-1133] Better audit logging for SCIM provisioning events.

            Kat N made changes -
            Resolution New: Duplicate [ 3 ]
            Status Original: Gathering Interest [ 11772 ] New: Closed [ 6 ]
            Kat N made changes -
            Link New: This issue relates to ACCESS-1148 [ ACCESS-1148 ]
            Shawn C (Inactive) made changes -
            Component/s New: User Sync - SCIM Maintenance [ 66413 ]
            Narmada Jayasankar made changes -
            Assignee Original: ani [ ajagalpure ] New: Jonathon Yu [ jyu@atlassian.com ]
            Ramon M made changes -
            Description Original: At the moment, some provisioning activities are logged in the Organization Audit logs but they are not very descriptive. 

            ie. Changing the account details and deactivating an account in the IDP is logged as the same activity in Audit log. 

             
             
            Identity Provider| Updated account profile for *email@domain.com*|

            Identity Provider| Updated account profile for *email@domain.com*|

             

            *Suggestion* 

            Provide more details on audit logs based on user provisioning
             * Specify that provisioning is the actor. 
             * Log specific user account changes.
             * Log specific group changes.

             

            Suggestion 
            New: At the moment, some provisioning activities are logged in the Organization Audit logs but they are not very descriptive. 

            ie. Changing the account details and deactivating an account in the IDP is logged as the same activity in Audit log. 

             
            |Identity Provider| Updated account profile for *email@domain.com*|
            |Identity Provider| Updated account profile for *email@domain.com*|

             

            *Suggestion* 

            Provide more details on audit logs based on user provisioning
             * Specify that provisioning is the actor. 
             * Log specific user account changes.
             * Log specific group changes.

             

            Suggestion 
            Ramon M made changes -
            Description Original: At the moment, some provisioning activities are logged in the Organization Audit logs but they are not very descriptive. 

            ie. Changing the account details and deactivating an account in the IDP is logged as the same activity in Audit log. 

             
            ||Date||Location||Actor||Activity||
            |Sep 24, 202109:39 GMT+2| |

            Identity Provider| 
            Updated account profile for *email@domain.com*|
            |Sep 24, 202109:36 GMT+2| |

            Identity Provider| 
            Updated account profile for *email@domain.com*|

             

            *Suggestion* 

            Provide more details on audit logs based on user provisioning
             * Specify that provisioning is the actor. 
             * Log specific user account changes.
             * Log specific group changes.

             

            Suggestion 
            New: At the moment, some provisioning activities are logged in the Organization Audit logs but they are not very descriptive. 

            ie. Changing the account details and deactivating an account in the IDP is logged as the same activity in Audit log. 

             
             
            Identity Provider| Updated account profile for *email@domain.com*|

            Identity Provider| Updated account profile for *email@domain.com*|

             

            *Suggestion* 

            Provide more details on audit logs based on user provisioning
             * Specify that provisioning is the actor. 
             * Log specific user account changes.
             * Log specific group changes.

             

            Suggestion 
            Ramon M created issue -

              jyu@atlassian.com Jonathon Yu
              rmacalinao Ramon M
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: