Key Operations Supported by CTS
With Cloud Trace Service (CTS), you can record IAM Identity Center operations for later query, auditing, and backtracking.
Operation |
Resource Type |
Event Name |
---|---|---|
Enabling IAM Identity Center |
Instance |
StartIdentityCenter |
Disabling IAM Identity Center |
Instance |
DeleteIdentityCenter |
Registering a region |
Instance |
RegisterRegion |
Updating single sign-on (SSO) configuration |
Instance |
UpdateSsoConfiguration |
Updating the MFA device management in the identity store |
Instance |
UpdateMfaDeviceManagementForIdentityStore |
Adding a user-defined domain name |
Instance |
CreateAlias |
Enabling access control attributes for a specified instance |
Instance |
CreateInstanceAccessControlAttributeConfiguration |
Disabling access control attributes for a specified instance |
Instance |
DeleteInstanceAccessControlAttributeConfiguration |
Updating access control attributes for a specified instance |
Instance |
UpdateInstanceAccessControlAttributeConfiguration |
Assigning users/groups to a specified account with a specified permission set |
AccountAssignment |
CreateAccountAssignment |
Removing users/groups from a specified account with a specified permission set |
AccountAssignment |
DeleteAccountAssignment |
Deleting all permission sets associated with a user/group |
AccountAssignment |
DisassociateProfile |
Creating a permission set in a specified IAM Identity Center instance |
PermissionSet |
CreatePermissionSet |
Deleting a specified permission set |
PermissionSet |
DeletePermissionSet |
Updating a specified permission set |
PermissionSet |
UpdatePermissionSet |
Attaching a system-defined policy to a permission set |
PermissionSet |
AttachManagedPolicyToPermissionSet |
Detaching a system-defined policy from a permission set |
PermissionSet |
DetachManagedPolicyFromPermissionSet |
Attaching a system-defined role to a permission set |
PermissionSet |
AttachManagedRoleToPermissionSet |
Detaching a system-defined role from a permission set |
PermissionSet |
DetachManagedRoleFromPermissionSet |
Attaching a specified permission set to a specified account |
PermissionSet |
ProvisionPermissionSet |
Deleting a custom policy from a specified permission set |
PermissionSet |
DeleteCustomPolicy |
Attaching a custom policy to a permission set |
PermissionSet |
PutCustomPolicy |
Generating a credential for an IAM Identity Center user after user login |
User |
Authenticate |
Activating a device authorization code |
User |
ActiveDevice |
Canceling a device authorization code |
User |
CancelDevice |
Creating a user |
User |
CreateUser |
Deleting a user |
User |
DeleteUser |
Updating a user |
User |
UpdateUser |
Disabling a user |
User |
DisableUser |
Enabling a user |
User |
EnableUser |
Creating a virtual MFA device |
User |
CreateMfaDeviceForUser |
Deleting a virtual MFA device |
User |
DeleteMfaDeviceForUser |
Updating MFA information |
User |
UpdateMfaDeviceForUser |
Sending an email containing the password reset link or a one-time password |
User |
UpdatePwdMode |
Resetting a user password |
User |
ResetPassword |
Sending an email verification link |
User |
VerifyEmail |
Updating the email verification status |
User |
UpdateEmailStatus |
Creating a group |
Group |
CreateGroup |
Deleting a group |
Group |
DeleteGroup |
Updating a group |
Group |
UpdateGroup |
Adding a user to a group |
GroupMembership |
CreateGroupMembership |
Removing a user from a group |
GroupMembership |
DeleteGroupMembership |
Batch adding IAM Identity Center users to groups |
GroupMembership |
BatchCreateMembership |
Batch removing IAM Identity Center users from groups |
GroupMembership |
BatchDeleteMembership |
Batch replacing IAM Identity Center users in groups |
GroupMembership |
BatchReplaceMembership |
Creating external identity provider configuration |
IDP |
CreateExternalIdpConfigurationForDirectory |
Enabling external identity provider |
IDP |
EnableExternalIdpConfigurationForDirectory |
Deleting external identity provider configuration |
IDP |
DeleteExternalIdpConfigurationForDirectory |
Disabling external identity provider |
IDP |
DisableExternalIdpConfigurationForDirectory |
Updating external identity provider configuration |
IDP |
UpdateExternalIdpConfigurationForDirectory |
Deleting a certificate |
IDP |
DeleteExternalIdpCertificate |
Importing a certificate |
IDP |
ImportExternalIdpCertificate |
Creating a bearer token |
IDP |
CreateBearerToken |
Creating the tenant information corresponding to the identity source |
IDP |
CreateProvisioningTenant |
Deleting a bearer token |
IDP |
DeleteBearerToken |
Deleting the tenant information corresponding to the identity source |
IDP |
DeleteProvisioningTenant |
Adding tags to the specified resource |
Tag |
CreateTagResource |
Deleting specified tags from specified resources |
Tag |
DeleteTagResource |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.