Help Center/ IAM Identity Center/ User Guide/ Auditing/ Key Operations Supported by CTS
Updated on 2024-02-21 GMT+08:00

Key Operations Supported by CTS

With Cloud Trace Service (CTS), you can record IAM Identity Center operations for later query, auditing, and backtracking.

Table 1 IAM Identity Center operations that can be recorded by CTS

Operation

Resource Type

Event Name

Enabling IAM Identity Center

Instance

StartIdentityCenter

Disabling IAM Identity Center

Instance

DeleteIdentityCenter

Registering a region

Instance

RegisterRegion

Updating single sign-on (SSO) configuration

Instance

UpdateSsoConfiguration

Updating the MFA device management in the identity store

Instance

UpdateMfaDeviceManagementForIdentityStore

Adding a user-defined domain name

Instance

CreateAlias

Enabling access control attributes for a specified instance

Instance

CreateInstanceAccessControlAttributeConfiguration

Disabling access control attributes for a specified instance

Instance

DeleteInstanceAccessControlAttributeConfiguration

Updating access control attributes for a specified instance

Instance

UpdateInstanceAccessControlAttributeConfiguration

Assigning users/groups to a specified account with a specified permission set

AccountAssignment

CreateAccountAssignment

Removing users/groups from a specified account with a specified permission set

AccountAssignment

DeleteAccountAssignment

Deleting all permission sets associated with a user/group

AccountAssignment

DisassociateProfile

Creating a permission set in a specified IAM Identity Center instance

PermissionSet

CreatePermissionSet

Deleting a specified permission set

PermissionSet

DeletePermissionSet

Updating a specified permission set

PermissionSet

UpdatePermissionSet

Attaching a system-defined policy to a permission set

PermissionSet

AttachManagedPolicyToPermissionSet

Detaching a system-defined policy from a permission set

PermissionSet

DetachManagedPolicyFromPermissionSet

Attaching a system-defined role to a permission set

PermissionSet

AttachManagedRoleToPermissionSet

Detaching a system-defined role from a permission set

PermissionSet

DetachManagedRoleFromPermissionSet

Attaching a specified permission set to a specified account

PermissionSet

ProvisionPermissionSet

Deleting a custom policy from a specified permission set

PermissionSet

DeleteCustomPolicy

Attaching a custom policy to a permission set

PermissionSet

PutCustomPolicy

Generating a credential for an IAM Identity Center user after user login

User

Authenticate

Activating a device authorization code

User

ActiveDevice

Canceling a device authorization code

User

CancelDevice

Creating a user

User

CreateUser

Deleting a user

User

DeleteUser

Updating a user

User

UpdateUser

Disabling a user

User

DisableUser

Enabling a user

User

EnableUser

Creating a virtual MFA device

User

CreateMfaDeviceForUser

Deleting a virtual MFA device

User

DeleteMfaDeviceForUser

Updating MFA information

User

UpdateMfaDeviceForUser

Sending an email containing the password reset link or a one-time password

User

UpdatePwdMode

Resetting a user password

User

ResetPassword

Sending an email verification link

User

VerifyEmail

Updating the email verification status

User

UpdateEmailStatus

Creating a group

Group

CreateGroup

Deleting a group

Group

DeleteGroup

Updating a group

Group

UpdateGroup

Adding a user to a group

GroupMembership

CreateGroupMembership

Removing a user from a group

GroupMembership

DeleteGroupMembership

Batch adding IAM Identity Center users to groups

GroupMembership

BatchCreateMembership

Batch removing IAM Identity Center users from groups

GroupMembership

BatchDeleteMembership

Batch replacing IAM Identity Center users in groups

GroupMembership

BatchReplaceMembership

Creating external identity provider configuration

IdP

CreateExternalIdPConfigurationForDirectory

Enabling external identity provider

IdP

EnableExternalIdPConfigurationForDirectory

Deleting external identity provider configuration

IdP

DeleteExternalIdPConfigurationForDirectory

Disabling external identity provider

IdP

DisableExternalIdPConfigurationForDirectory

Updating external identity provider configuration

IdP

UpdateExternalIdPConfigurationForDirectory

Deleting a certificate

IdP

DeleteExternalIdPCertificate

Importing a certificate

IdP

ImportExternalIdPCertificate

Creating a bearer token

IdP

CreateBearerToken

Creating the tenant information corresponding to the identity source

IdP

CreateProvisioningTenant

Deleting a bearer token

IdP

DeleteBearerToken

Deleting the tenant information corresponding to the identity source

IdP

DeleteProvisioningTenant