Update audit log for Users & Team entities to show what user made the change | Voters

Update audit log for Users & Team entities to show what user made the change

Donald Scott

Currently I can see that a change to a User or Team was made, I cannot see who made it. The audit log record only shows "updated by": "port-internal" as in the screenshot as opposed to an actual user. This is important for compliance auditing

October 10, 2024

Guy Berman

Hi Donald Scott, thanks for raising this! 
After syncing internally, we’re making a short-term fix so that any updates previously shown as “port-internal” but actually initiated by a real user (for example via the Admin API) will correctly display the acting user, while system-initiated updates will remain “port-internal” for now.
We’ll also update our documentation to clearly explain when “port-internal” appears so this isn’t a security concern going forward.
Longer term, we plan to improve audit logs so system operations include specific sources (e.g., SCIM integration or login events) instead of the generic “port-internal.”