Regenerating SCIM API Token Does Not Log Actor In Audit Log

XMLWordPrintable

    • 3
    • Severity 3 - Minor

      Issue Summary

      Regenerating the SCIM API Key does not log the account of the user who performed the action, making it difficult to track down who performed the task.

      Steps to Reproduce

      1. Login to admin.atlassian.com
      2. Navigate to Security -> User Security -> Identity Providers
      3. Click on an IDP with User Provisioning enabled
      4. Click on the ... button next to Provisioning and select Regenerate API Key
      5. Click through the process to create a new key
      6. Navigate to Insights -> Audit Logs
      7. Observe the scim_directory_token_rotated event

      Expected Results

      This event is attributed to your account as you generated the new key

      Actual Results

      The event is attributed to no one or unknown

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. Screenshot 2025-10-30 at 3.02.05 pm.png
          Screenshot 2025-10-30 at 3.02.05 pm.png
          72 kB

              Assignee:
              Unassigned
              Reporter:
              Andrew Delaney
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: