Can operations modified by a before provisioning rule be logged in the user events UI?

Hello everyone!

We’re having some unexpected deletions from our AD environment, and we’re seeing no user event logs indicating that SailPoint deleted the account. We confirmed that SailPoint did delete the account due to some coexistence with another identity management system, which is ok for now. The problem is we suspect it’s our before provisioning rule changing the ‘modify operation’ to a ‘delete operation’ by design; however, we would like to see this delete event in the user event logs for troubleshooting.
Can operations modified by a before provisioning rule be logged in the user events UI? Has anyone else dealt with similar use cases?

Thanks in advance

If SailPoint is deleting the account, you’ll see corresponding entries in the account activity logs or audit events.

If you’d like, you can add extra logging in the before-provisioning rule to verify that SailPoint is performing that action.

Thanks for the reply. The problem is we don’t see these corresponding entries in the account activity logs.

Can you clarify regarding adding extra logging? Is it best to create another connector rule for these event triggers?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.