Automated operations not being audited in IdentityNow

Hi Team,

Hope you all doing well!

While integrating and maintaining IdentityNow for customer(s) I have come across the following finding:
"There are automated jobs running on the tenant(s) which are not audited in the System activity tab".

The automated jobs that I have identified are as follows:
i. Role refresh.
ii. Consolidated attribute sync job, etc.

It will be really helpful if we have these events audited and present in the system activities tab on the tenant as it will help both the implementers and the customers to understand and plan the architecture of the IdentityNow solution deployment.

I have already raised an Idea on the ideas portal (https://ideas.sailpoint.com)link: [To have the IdentityNow automated jobs logged on the | SailPoint Ideas]

Have you ever come across these automated jobs and has anyone attempted to audit these automated jobs via Rest API’s?

Thank You

Hey Aman, These jobs are mostly performing provisioning and we are not logging these jobs but you can find logging related to provisioning in search. You can also define queries and see which IdentityNow role was assigned what time. Let me know if that helps.

Hi @chirag.patel,

I am aware of these operation queries but what I meant by logging these automated jobs were to have an audited event present on the System activity tab which would show the complete time taken for these jobs to be completed and a brief breakdown of successful and unsuccessful: Create, Add, Remove, Modify, Disable operations.

Hope this clarified my point. Requesting your insight on the above mentioned elaboration.

Thank You.

Hey Aman,
You can report of of successful and unsuccessful: Create, Add, Remove, Modify, Disable operations using search queries but you cannot find out that these operations were part of schedule refresh job or not. There is plan in future to break down the job into smaller parts and also give more control to customers. This might change and depends on what PM decides.

Sample query to get failed create operation in last 24 hours
@accountRequests(source.name.exact:“AD” AND op:Create AND NOT result.status:Committed) AND created:[now-24H TO now]

This will give all create operation on AD source which are not committed in last 24 hours. You can explore about search in details from documentation and write queries which can suit your requirement.