Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
38
-
Description
At the moment, the user provisioning administration is quite limited. Troubleshooting sync issues from third party IDPs can be really difficult because of this. Management of synced users and groups gets even more difficult when there are thousands of objects involved.
Suggestion : Provide a more comprehensive interface for managing user provisioning integrations
1. Allow to filter by group name in the provisioning page
2. Allow to view the group members within the org administration without the need to switch over to the site administration groups.
3. Allow to export SCIM user and group data
4. Detailed provisioning events in the org audit log - ACCESS-1133 / ACCESS-1200
- ie. Changing the account details and deactivating an account in the IDP is logged as the same activity in Audit log.
Identity Provider Updated account profile for email@domain.com Identity Provider Updated account profile for email@domain.com
5. Better sync troubleshooting logs - ACCESS-1038
6. Filter capability for managed accounts based on synced status - ACCESS-953
7. Allow to export or extract the logs via API.
8. Better logging on group membership changes (ie. membership added on identity, membership propagated on specific sites.)
9. Provide information on problematic users that are blocking the move of users between authentication policies.
Attachments
Issue Links
- is duplicated by
-
ACCESS-1261 Integrate the user provisioning troubleshooting logs with the org audit logs
- Closed
- is related to
-
ACCESS-1038 Improve User Provisioning Troubleshooting log
- Closed
-
ACCESS-1133 Better audit logging for SCIM provisioning events.
- Closed
-
ACCESS-1200 Add user provisioning troubleshooting logs to org Audit logs
- Closed
- relates to
-
ACCESS-953 Identify managed accounts by their sync status in API and UI
- Gathering Interest
-
ENT-841 Loading...
- is addressed by
-
ENT-730 Loading...