Idea ID: 2834211

Drivers could write changes as their security equivalent - used for auditing

Status : New Idea
7 months ago

Issue: When an IdM driver makes a change to an object (attributes for example). The change is recorded as made by the IdM engine server.

In instances where changes can originate from a number of sources, the tracking of where the change originate is impossible. Even with auditing on an attribute level and a SIEM system, the result is just "something" originating on this server made those changes.

Would it not be splendid, if the changes were actually performed as the entity which the driver is security equal to?

What would we gain with this?

Traceability (which driver runs amok?)

Compliance (and this is far more important). Who or at least WHAT made the change?