How can we export attribute-level changes (old/new values) from provisioning transactions in SailPoint ISC?

We’re looking to export detailed provisioning transaction logs from SailPoint Identity Security Cloud (ISC), specifically:

• What attributes were synced or changed

• The previous value vs. the new value

• The timestamp and source of the change

The default export options via the UI (Search → Get Report) only allow limited columns and do not include per-attribute diffs or old/new values. Audit events do show some provisioning history, but we haven’t found a way to extract the attribute-level details, especially for Attribute Sync operations.

Our use case is to maintain a detailed audit trail showing what changed on target accounts during provisioning, including identity attribute changes or account sync operations.

Question:

1. Is there a built-in way to export attribute-level changes (old → new) from provisioning transactions?

Any insights or examples would be greatly appreciated!

Get-Events.ps1 (4.7 KB)

You can get those details using the APIs. From the Source’s Attribute Sync Page (/ui/a/admin/connections/sources/sourceId/settings/attribute-sync) you can click Get Events to get a Search Query. If you need to limit that more you can do so. Then with the Search API, get those results and parse the responses to get the previous and new values.

Details when clicking on the event in the Search UI:

Screenshot 2025-12-07 at 17.50.24@2x2110×1816 305 KB

More Details in Postman:

Screenshot 2025-12-07 at 17.48.07@2x1732×1658 338 KB

Example Output from the attached script

Screenshot 2025-12-07 at 17.49.17@2x1912×344 145 KB

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.