Almost from the beginning, the Akamai Identity Cloud Console has provided a way to track, and to audit, changes to user profiles. For example, suppose Maria Fuentes – who used to get marketing and promotional materials for people who live in the Portland, OR area – has suddenly started getting marketing and promotional materials for people who live in the Seattle, WA area. By checking Maria’s profile change audit data, you can see that, on May 29th, an agent mistakenly changed her address (city, state, and zip code) to one in the Seattle area:
As this example shows, the ability to monitor audit logs for user profile changes is a very useful tool.
At the same time, however, the Console has evolved to be being more than just a repository for user profiles: the Console is also used for everything from managing properties (API clients) and applications to restoring and promoting flows. It’s definitely useful to know who has made an update to a user profile; however, it’s equally useful to know who has created a new API client, deleted a flow, or assigned a new role to a Console agent.
And now, thanks to the addition of Console Audit Logs, you can do just that. In fact, you can now audit pretty much anything that an agent does in the Identity Cloud Console.
But only if the agent does those things in the Console itself. If an agent uses the Console to change an application setting or to reset a client secret then those actions are recorded in the audit logs. However, if an agent employs the Configuration APIs to change an application setting or to reset a client secret then those actions will not be recorded in the Console audit logs. That’s because the Configuration APIs use API client credentials for authentication, and those credentials cannot be tied back to an individual user.
Updated over 1 year ago