I’m trying to evaluate Okta as a potential fit for our needs. I’m curious if there is logging for changes that are done to users. Say, you integrate with AWS for SSO and you change what roles a user can assume. Is there logging that is done for these changes? So you can see the history of changes to a user and who made those changes?
Currently we log any changes made to the user in the system log.
If any user is granted an admin access or revoked access to certain apps etc, the events are logged and you can query them.
You should be able to see a dashboard like this -
Having said that, I’m not sure if all types of user events are logged.
And some details might not be available. For example, in the screenshot above, a user was granted “Read-only Admin” permissions. But the log only indicates that a user privilege was granted to a user. It doesn’t mention which exact role the user was given.
I suggest you to send an email to support@okta.com to get more details on your particular use case.