We are using okta to provide SSO for corporate customers. We are supporting both a JIT flow and a manual user creation flow.
In the manual flow admin users in our application provision users. We use the api/v1/users?activate=true&provider=true to create these users.
In the syslog the event shows that the actor is the service account that created the token we use for administrative operations in okta.
Ideally I would like to have the Actor in the syslog be the user in our application who provisioned the user. (also an Okta user).
I would be satisfied if I could annotate the Syslog entry with a note indicating which user initiated the request.
I would also be satisfied if i could add a custom log entry that encapsulates the changes done through the API and the application user who did them.
This come from a requirement to track the who, what, where, when of any change to a user.
Any thought would be appreciated.