Audit Events¶

DotID records audit events for every write operation performed through the platform. Events are stored by the audit service and visible in TraceBook (console.flexgalaxy.com/tracebook/).

Each audit event contains:

accountId — the account in which the action occurred
eventSource — service namespace (e.g. iam, organizations)
eventName — specific operation (e.g. CreateUser)
actorId — Keycloak sub of the user who performed the action
details — key-value metadata about the action

Account Lifecycle ¶

Recorded by account management. The accountId field is the target account’s own UUID.

Event Name	Source	Details
`CreateAccount`	`accounts`	`accountName`
`UpdateAccount`	`accounts`	`accountName`
`CloseAccount`	`accounts`	`accountName`, `cancellationWindowDays`
`ReopenAccount`	`accounts`	`accountName`
`DeleteAccount`	`accounts`	`accountName`
`UpdateAccountStatus`	`accounts`	`accountName`, `newStatus`
`ProvisionMemberAccount`	`accounts`	`email`, `accountName`

Organization Management ¶

Recorded by organization management. The accountId field is the management account of the organization.

Event Name	Source	Details
`CreateOrganization`	`organizations`	`orgName`, `orgId`
`DeleteOrganization`	`organizations`	`orgId`, `orgName`
`CreateOu`	`organizations`	`orgId`, `ouName`, `parentId`
`DeleteOu`	`organizations`	`orgId`, `ouId`
`MoveAccountToOu`	`organizations`	`orgId`, `accountId`, `targetOuId`
`RemoveAccount`	`organizations`	`orgId`, `accountId`, `accountName`
`LeaveOrganization`	`organizations`	`orgId`, `accountId`

Delegated Administration ¶

Recorded by delegated administration management.

Event Name	Source	Details
`RegisterDelegatedAdmin`	`organizations`	`orgId`, `accountId`, `serviceName`
`DeregisterDelegatedAdmin`	`organizations`	`orgId`, `accountId`, `serviceName`

IAM Users ¶

Recorded by IAM user management. The accountId field is the account the user belongs to.

Event Name	Source	Details
`CreateUser`	`iam`	`email`, `userId`
`UpdateUser`	`iam`	`userId`
`DeleteUser`	`iam`	`userId`
`ResetUserPassword`	`iam`	`userId`

Identity Center Users ¶

Recorded by Identity Center user management. IDC users are organization-level users managed through Identity Center. The accountId field is the management account of the organization.

Event Name	Source	Details
`CreateIdcUser`	`identity-center`	`username`, `userId`
`DeleteIdcUser`	`identity-center`	`username`, `userId`
`ResetIdcUserPassword`	`identity-center`	`username`, `userId`

IAM Groups ¶

Recorded by IAM group management.

Event Name	Source	Details
`CreateGroup`	`iam`	`groupName`, `groupId`
`UpdateGroup`	`iam`	`groupName`, `groupId`
`DeleteGroup`	`iam`	`groupName`, `groupId`
`AddGroupMember`	`iam`	`groupName`, `groupId`, `userId`
`RemoveGroupMember`	`iam`	`groupName`, `groupId`, `userId`

IAM Policies ¶

Recorded by IAM policy management.

Event Name	Source	Details
`CreatePolicy`	`iam`	`policyName`, `policyId`
`UpdatePolicy`	`iam`	`policyName`, `policyId`
`DeletePolicy`	`iam`	`policyId`
`SetDefaultPolicyVersion`	`iam`	`policyId`, `versionNumber`
`AttachPolicy`	`iam`	`policyId`, `principalId`, `principalType`
`DetachPolicy`	`iam`	`policyId`, `principalId`

Permission Sets ¶

Recorded by permission set management. Permission set operations are platform-global.

Event Name	Source	Details
`CreatePermissionSet`	`iam`	`name`, `permissionSetId`
`UpdatePermissionSet`	`iam`	`name`, `permissionSetId`
`DeletePermissionSet`	`iam`	`name`, `permissionSetId`
`AttachPermissionSetPolicy`	`iam`	`permissionSetId`, `policyId`
`DetachPermissionSetPolicy`	`iam`	`permissionSetId`, `policyId`

Service Quotas ¶

Recorded by service quota management. The accountId field is the organization ID (quotas are org-scoped).

Event Name	Source	Details
`SubmitQuotaIncreaseRequest`	`service-quotas`	`quotaId`, `quotaName`, `requestedValue`
`ApproveQuotaIncreaseRequest`	`service-quotas`	`requestId`, `quotaName`, `newValue`
`DenyQuotaIncreaseRequest`	`service-quotas`	`requestId`, `reason`

Summary ¶

Category	Count	Event Names
Account Lifecycle	7	Create, Update, Close, Reopen, Delete, UpdateStatus, ProvisionMember
Organization	7	CreateOrg, DeleteOrg, CreateOu, DeleteOu, MoveAccount, RemoveAccount, Leave
Delegated Admin	2	Register, Deregister
IAM Users	4	Create, Update, Delete, ResetPassword
IDC Users	3	Create, Delete, ResetPassword
IAM Groups	5	Create, Update, Delete, AddMember, RemoveMember
IAM Policies	6	Create, Update, Delete, SetDefaultVersion, Attach, Detach
Permission Sets	5	Create, Update, Delete, AttachPolicy, DetachPolicy
Quotas	3	Submit, Approve, Deny
Total	42