Custom auditing with IdentityIQ

32 Kudos

Introduction
Setup a new AuditAction
Call the audit functions
Check your audit event

Introduction

If you want add custom auditing to your workflow, rules, etc, it's as easy as (1), (2), (3).

Setup a new AuditAction

1. Setup a new AuditAction in the AuditConfig object

From the debug page, add the following to the AuditConfig object:

Call the audit functions

2. Call the audit functions from beanshell in a rule, task or workflow step as needed

The signature for the logAs function is:

static public boolean logAs(String actor, String action, String target,

String arg1, String arg2, String arg3,

String arg4) {

import sailpoint.server.Auditor;

Auditor.logAs("source", "didsomething", "target","string1", "string2", "string3", "string4");

context.commitTransaction();

Alternatively, you can add a check so that you only create a log entry if the type of event you are interested in logging is turned on in the UI (i.e. that it's enabled)

if (Auditor.isEnabled("didsomething")) {

Auditor.logAs("source", "didsomething", "target","string1", "string2", "string3", "string4");

context.commitTransaction();

}

This will cause the audit event to only be written if you have the "didsomething" audit event turned on in the UI (i.e. enabled).

Check your audit event

3. Check to see that your audit event was created successfully:

From the debug page or Advanced Analytics, search for Audit events:

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE AuditEvent PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<String1>string1</String1>

<String2>string2</String2>

<String3>string3</String3>

<String4>string4</String4>

</AuditEvent>

Of course, you can replace all the actor, target and string 1 through string 4 with your own custom audit information.

The key thing is that the action parameter matches the name of the AuditAction object ("didsomething" in our example.)

Custom auditing with IdentityIQ