You maybe using a transform or a rule to set the lifecycle state for the identity. Because it system who is calculating these and triggers that event the actor will always come as “system”.
If you manually switch the lifecycle state then you can see the event “Update Identity Attribute Value Passed” where you can see the actor as the user who manually moved the user to different LCS.
Use below search query:
"Update Identity Attribute Value Passed" AND cloudLifecycleState
Hello Julian,
If you want to see who is changing thant attribute you should identify the “Update Idenitty Attribute Value Passed” and the actor will be the one who changes that attribute. If the event is not available you can review the identityprofile and it transform to verify the correct samaccountname calculation
Hi Shekhar, thanks for your response. In this particular case, LCS comes with its final value, directly from RH. Also, client have a team who can log into ISC and manually change LCS. For auditing purpose, he needs to know who entered into ISC and changed somebody LCS.