Background

As of Crowd 2.12.0, the application now provides an audit log to record:

• Changes to the system configuration of Crowd
• Adding or removing applications, updating application configuration
• Adding or removing directories, updating directory configuration

Feature request summary

This feature request is to optionally extend the audit logging to include all user/group/membership changes as well (e.g. add/remove/disable). It would record who made those changes, whether by an admin (in which case the admin's username would be recorded) or as part of an automated process (such as an LDAP sync). If users or groups are removed from the system entirely, this log should document their removal as well as their final membership information prior to the removal from Crowd.

Use cases

• Provides details audit trail to see which administrators made changes in user management
• Aids in recovery of users/groups accidentally removed from Crowd by retaining their membership information in the logs