We basically want to a quick way for the compliance team to confirm the users was added to birthright role X on this specific date and was removed from that same role on this specific date.
Does this exist?
1 Like
You can use Search and filter on events with following search query:
created:[now-1y TO now] AND (name.exact:"Add Role Passed" OR name.exact:"Remove Role Passed")
Sometimes you may have to look for “Add Entitlement Passed” event as well if the activity doesn’t reflect as Roles event.
2 Likes
The only problem I see here is that the gui does not do a good job of exporting the details in a report. Using the search query above did not produce the results I would need for an audit.
I created my own powershell script to get this info… I thought I’d share as this may be helpful to others searching for the same thing.
troubleshooting and proving out audit cases.
This script will export two reports
- Access profile history for and Identity
- Role History for an identity.
This report will show all AP/roles that have been added and removed from an identity
Unzip file to C:\temp
run Get_Idenitity_History.bat
enter a valid bearer token from an admin account:
enter a singe identity id
enter your tenate api address
The script will export a csv report that will be located in c:\temp. Make sure the temp folder exist or the script will not work
the script is basic and does not have any type of error checking. but again this is way better than what is provided by the GUI .
Get_Idenitity_History.zip (1.3 KB)
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.