Identity management reference

Overview

This article describes identity management settings. You can use identity management to control authentication and authorization in your Code42 environment. These settings are only available in Code42 cloud environments. 

Considerations

Definitions

authentication: The process of identifying and verifying users in a system. Methods for authentication include: 

  • Local Code42 directory
  • Single sign-on (SSO)
  • Multi-factor authentication (MFA)

authentication provider: Allows access to Code42. When enabled, users sign in using the authentication provider instead of Code42. Examples of authentication providers include Okta, Google SSO, Ping, Entra ID (Azure AD), OneLogin, and Microsoft AD FS. 

Code42 User Directory Sync Tool: Uses LDAP to automate user management between your directory service and your Code42 environment. This differs from other provisioning providers because it uses LDAP rather than SCIM.  

identity management: An IT administrative area or market that deals with users in a IT system and gives them access to the right resources within the system. 

identity provider (IdP): A general term to refer to a system that contains user identities. Identity provider can refer to a system performing authentication, provisioning, or both. Examples of identity providers include Okta, Google SSO, Ping, Entra ID (Azure AD), and OneLogin. 

SCIM provisioning: An open standard protocol for automating user management. 

provisioning provider: Automates user management. Applications like Code42 sync with a provisioning provider and then create, update, or deactivate users based on the provisioning provider's user profile. Examples of provisioning providers include Okta, Ping, and Entra ID (Azure AD). 

single sign-on (SSO):  SSO is one type of authentication method. It allows a user to use the same credentials to sign in to multiple applications.

Authentication

Authentication provider settings enable you to use a third-party application to authenticate users in the Code42 environment. For example, use these settings to configure a provider for single sign-on authentication.  

To view the authentication provider settings:

  1.  Sign in to the Code42 console.
  2.  Go to Administration > Integrations > Identity Management
  3. Select Authentication.

Authentication provider main screen

Add authentication provider

From the Authentication tab, click Add authentication provider.

Add authentication provider

Item Description
a Display Name Sets the name of your organization's authentication provider. This is a descriptive label and the text entered here is displayed to the user on the sign-in screen of the Code42 agent and Code42 console.
b Provider's Metadata

Sets the format for the authentication provider's metadata. Choose either to enter a URL or upload an XML file. 

c Enter URL 
or
Upload XML File

Enter URL: Sets the URL for the standalone identity provider or identity federation metadata file. The Code42 cloud must be able to access this URL.

Upload XML File: Uploads the XML file. 

Use metadata URL for federations
Code42 cloud environments do not support uploading an XML file for federations. Use the metadata URL to configure the federation instead. 
Custom domains are not supported
When entering the URL for the XML metadata file, custom domains are not supported. You must use the standard domain of your identity provider. 

 

 

Authentication provider

The following screen appears when you configure a standalone identity provider. 

Authentication provider details

Item Description Click to:
a Display name Displays the name of your authentication provider.    
b Actions

Menu with the following actions: 

 
c Code42 Service Provider Metadata URL

Displays the URL for the SAML 2.0 metadata file. This file is used by the authentication provider(s).

 

To view the contents of the metadata XML file, open the link in a web browser. The file contains Code42 URLs needed by your service provider to connect to Code42, including URLs to the server, entity ID, and Assertion Consumer Service (ACS).

View the metadata XML file.
d Attribute mapping

Maps Code42 usernames to the provider's name identifier or a custom attribute. 

  • Username: Specify the identity provider's name ID or attribute that maps to the Code42 username.
    • Select Use nameid to use the identity provider's name ID.
    • Select Use attribute tag to enter a custom identity provider attribute.
  • Email (Use nameid only): Enter the identity provider attribute that contains user email addresses.
  • First Name: Enter the identity provider attribute that contains user first names.
  • Last Name: Enter the identity provider attribute that contains user last names.
Edit attribute mappings.
e Organizations in Use

Displays the organizations that use this provider as the authentication method.

 

You can also manage the organizations that use this authentication provider from organization settings.

Change organizations that use the authentication provider.
f SAML attributes Displays the SAML context and class references in your identity provider's SSO requests, as well as the digest and signature algorithms to use.  Set the SAML attributes.
g Local users

Displays users who are set to use local authentication only. These users are meant for troubleshooting issues with your authentication provider. 

 

Local users cannot be managed with provisioning.

Add users to the list.

Federation

federation is a group of organizations that have formed trusts. With federations, the identity provider simply shares a token with the service provider to authenticate a user instead of supplying the user's credentials. When you enter the metadata URL, Code42 automatically detects if the metadata belongs to a federation or a single provider. If it is a federation, you are automatically directed to the federation details configuration page.

Federated authentication provider

Item   Description
a Display name Displays the name of your authentication provider.  
b Actions

Menu with the following actions: 

c Attribute mapping

Maps Code42 usernames to the provider's name identifier or a custom attribute.

  • Username: Specify the identity provider's name ID or attribute that maps to the Code42 username.
    • Select Use nameid to use the identity provider's name ID.
    • Select Use attribute tag to enter a custom identity provider attribute.
  • Email (Use nameid only): Enter the identity provider attribute that contains user email addresses.
  • First Name: Enter the identity provider attribute that contains user first names.
  • Last Name: Enter the identity provider attribute that contains user last names.
d Edit

Edits the attribute mappings.

 

In the resulting Attribute Mapping dialog, select the Use default mapping check box to use the default attribute mappings. Deselect the check box to enter your own values.

e Federated Identity Providers Lists all of the Federated Identity Providers that have been added for this federation. Click the name of the provider to view the details.
f Add Adds a new federated identity provider.
g Local users

Displays users who are set to use local authentication only. These users are meant for troubleshooting issues with your authentication provider. 

 

Local users cannot be managed with provisioning.

Add an identity provider to this federation

Add a federated identity provider

Item   Description
a Select a Provider URL Selects an identity provider from the list of available providers. Begin typing to search for the correct provider. 
b Display Name Sets the display name for the identity provider

Federated identity provider details

To view the identity provider details, click the identity provider's name under the Federation details. 

Federated identity provider details

Item   Description
a Display name Displays the name of your authentication provider.  
b Actions

Menu with the following actions: 

c Code42 Service Provider Metadata URL Displays the URL for the SAML 2.0 metadata file. This file is used by the authentication provider(s).
d Attribute Mapping

Maps Code42 usernames to the provider's name identifier or a custom attribute.

  • Username: Specify the identity provider's name ID or attribute that maps to the Code42 username.
    • Select Use nameid to use the identity provider's name ID.
    • Select Use attribute tag to enter a custom identity provider attribute.
  • Email (Use nameid only): Enter the identity provider attribute that contains user email addresses.
  • First Name: Enter the identity provider attribute that contains user first names.
  • Last Name: Enter the identity provider attribute that contains user last names.
e Edit

Edits attribute mappings.

 

In the resulting Attribute Mapping dialog, select the Inherit from federation check box to inherit the attribute mappings from the federated authentication provider. Deselect the check box to enter your own values.

f Organizations in Use Displays the number of organizations that use this provider as the authentication method.
g SAML attributes Displays the SAML context and class references in your identity provider's SSO requests, as well as the digest and signature algorithms to use. Click the edit button to set the SAML attributes.
h Local Users

Displays users who are set to use local authentication only. These users are meant for troubleshooting issues with your authentication provider. 

 

Local users cannot be managed with provisioning.

Provisioning

Provisioning provider settings allow you to connect to a third-party application where your users are stored, and automatically add them to Code42. To view the provisioning provider settings:

  1. Sign in to the Code42 console.
  2. Select Administration > Integrations > Identity Management
  3. Select Provisioning.

Provisioning provider main screen

Add Provisioning Provider

To view, go to Provisioning, then click Add Provisioning Provider. Choose either Add SCIM Provider or Add Code42 User Directory Sync.

The following dialog appears when you select Add SCIM Provider. 

Add SCIM Provisioning Provider dialog

Item Description
a Display Name Sets the name for the SCIM provider or Code42 User Directory Sync.
b Authentication Credential Type

Sets the type of credential authentication to use:

  • API credentials (default)
    Generates a password.
  • OAuth token
    Generates a token for use with SCIM providers who accept OAuth tokens for credentials.

Credentials

After you enter a username for the provisioning provider, the credentials appear. Your provider may require some or all of these credentials to create a service account for syncing between your directory and Code42. 

SCIM Provider Created dialog
 

Item Description
a Base URL The URL for interacting with the Code42 provisioning API. 
b Username Username for the service account. 
c

Password

or

Token

Password or token for the service account. Which appears appears depends on whether you selected API Credentials or OAuth token in the Add SCIM Provisioing Provider dialog box.

 

This password or token appears only once, so save it in a secure location.

SCIM provisioning provider

Appears when configuring a SCIM provisioning provider. 

SCIM provisioning provider

Item Description Click to view
a Name Displays the name of your provisioning provider.  
b Actions

Menu with the following actions: 

  • Edit This Provider Name
    Change the provisioning provider's displayed name.
  • Configure Authentication Type
    Allows you to choose either password or token authentication.
  • Apply Org and Role Settings
    Apply any organization or role changes. May take up to an hour for the changes to be implemented.
  • Add New SCIM Provider 
    Add a SCIM provisioning provider.
  • Add Code42 User Directory Sync
    Add a User Directory Sync provisioning provider.
  • Delete This Provider
    Remove this provisioning provider from the system.
 
c Provider Credentials

Displays user credentials. This user performs directory sync between your provider and Code42. These credentials are used by the provisioning provider.


Type is either SCIM Provider or Code42 User Directory Sync

 
d Regenerate Credentials

Regenerates credentials, either API credentials or an OAuth token. The regenerated password or token appears on the SCIM Provider Updated dialog. Copy the newly-generated password or token to the SCIM provisioning provider.

 

Credentials were originally generated when you added the SCIM provisioning provider. You may need to regenerate credentials in certain circumstances, such as when a new administrator takes over management of the SCIM provisioning provider in Code42.

 
e Deactivation Delay
 

Displays the amount of time Code42 waits to deactivate a user once the provider has sent the update. The maximum deactivation delay is 90 days.

Even if you configure Code42 to wait to deactivate a user, the user is immediately blocked. The user is then deactivated after the configured time. If you need to cancel a pending user deactivation during the delay period, unblock the user.

 

Deactivation of users on legal hold

Backup agent and legacy agent only

If users who are custodians under a legal hold are subsequently selected for deactivation (for example, from the Code42 console, a provisioning provider, or API), they are not deactivated immediately because their data must be retained for legal hold purposes. Instead, they are blocked. Once these blocked users are released from legal hold, they are deactivated automatically. 

 
f

Edit

Edits the deactivation delay setting.   
g

Organization Mapping

 

Displays how Code42 assigns organizations to users who are added from the provisioning provider.

 

Only configurable for SCIM provisioning providers.

 
h

Edit 

Change how Code42 maps provisioned users. Choose between the following mapping methods: 
  • Create new users in the organization below 
    Maps new users to a single organization.
  • Map users to organizations based on the provider's "c42OrgName" attribute
    Maps groups to organizations based on the providers' "c42OrgName" attribute.
  • Map users to organizations using SCIM groups
    Create mappings of SCIM groups to organizations.  You must first send SCIM groups to Code42 to use this option. If SCIM group are not sent to Code42 (for example, using the /Groups API resource in the SCIM protocol), the "There are no SCIM groups available" message displays. After sending the SCIM groups, the Add Mapping button displays.
Organization Mapping Method
i

Organization name

Displays a Code42 organization or the Add Mapping button.

 
j Role Mapping Displays how roles are mapped from the provisioning provider to Code42.  
k Edit

Change now roles are mapped from the provisioning provider to Code42. Choose:

  • Manually
    Assign roles manually in Code42. Roles are not mapped from the provisioning provider.
  • Map SCIM groups to Code42 roles
    Map the SCIM groups in the provisioning provider to roles in Code42. You must first send SCIM groups to Code42 to use this option. If SCIM group are not sent to Code42 (for example, using the /Groups API resource in the SCIM protocol), the "There are no SCIM groups available" message displays. After sending the SCIM groups, an Add Role Mapping button displays.
Edit Role Mapping
l

Edit mapped roles 

 

or 

 

Add Role Mapping
 

SCIM provisioning providers only

Maps Code42 roles and permissions to groups.

  • Allows you to edit mapped roles if roles have already been mapped (pictured).
  • If role mapping has not been performed yet, an Add Role Mapping button appears. The button appears only if SCIM groups have already been sent from your provider. 
Add Role Mapping

Select Roles

 

Code42 User Directory Sync only

Select roles to be managed by the Code42 User Directory Sync Tool. This means only roles checked in this list will be automatically updated by the tool. Roles that aren't checked here must be manually updated in the Code42 console. 

 

See the Roles reference for more information on each role. 

View a list of roles within your Code42 environment

Edit Organization Mapping Method for SCIM provider

To view organization mapping methods, select the edit icon Edit icon next to Organization Mapping. 

Single organization

Assigns all users to the same Code42 organization. If you choose this option, create organizations in the Code42 console before you begin.

Example use case
Use this option if you manage users in the Code42 console. For example, all users that are provisioned from the provisioning provider are added to the same organization. You can then move the users from that single organization to additional organizations in the Code42 console. 

Mapping to single organization

Item Description
a Create new users in the organization below Code42 assigns new users to the selected organization.  
b Select an organization Select the organization where you want to place new users.
"C42OrgName" attribute

The "c42OrgName" attribute creates new organizations or assigns users to existing organizations based on the value for the user attribute c42OrgName. This value becomes the name for the Code42 organization. This attribute is managed on the provisioning provider. 

Example use case
Use this method if you want to manage users in the provisioning provider (and not in the Code42 console). The value for this attribute becomes the name for the Code42 organization. Code42 creates new organizations or assigns users to existing organizations based on the value. 

Mapping to C42OrgName attribute

Item Description
a Map users to organizations based on the provider's "c42OrgName" attribute Code42 assigns users to the selected organization using the "c42OrgName" attribute. 
b Select an organization Select the organization where you want to place unmapped users.
SCIM group

Assigns users to Code42 organizations based on their SCIM group. If you choose this option, create organizations in the Code42 console before you begin.

Example use case
Use this mapping method if your users are already assigned to SCIM groups. For example, a user is part of a two different SCIM groups: an executive group and a UK group. You want this user's backup policies to match the other executives in your company, so this user should be assigned to the same Code42 organization as the other executives. In the Code42 console, you can choose the executive group to take priority over the UK group. This way you can place all of the executives in your company in the same organization and ensure they have the same backup policies.


Custom SCIM mapping.

Item Description
a Map users to organizations using SCIM groups.

Code42 assigns users to the selected organization based on SCIM groups.  To use this option, SCIM groups must first be sent to Code42 (for example, using the /Groups API resource in the SCIM protocol).

 

After you click Save, click Add Mapping to map roles to Code42 groups.

b Select an organization Select the organization where you want to place unmapped users.

Add Mapping

To view, click Add Mapping. Use Add Organization Mapping to map SCIM groups to Code42 organizations. To use this option, SCIM groups must first be sent to Code42 (for example, using the /Groups API resource in the SCIM protocol).

Provisioning provider add mapping

Item Description
a Select a SCIM group Displays all the SCIM groups that your provider has sent to the Code42 console. Only groups that have not been mapped appear in this list.
b Select a Code42 organization Displays the organization tree for your Code42 console. 

Edit Role Mapping

To view, select the edit icon Edit icon next to Role Mapping.

Edit Role Mapping dialog

Item Description
a Manually Assign roles manually in Code42. Roles are not mapped from the provisioning provider. 
b Map SCIM groups to Code42 roles

Map the SCIM groups in the provisioning provider to roles in Code42. To use this option, you must first send SCIM groups to Code42 (for example, using the /Groups API resource in the SCIM protocol).

 

If SCIM group are not sent to Code42, the "There are no SCIM groups available" message displays. After sending the SCIM groups, an Add Role Mapping button displays. 

Add Role Mapping

To view, click Add Role Mapping.

Add role mapping

Item Description
a Select a SCIM group Displays all the SCIM groups that have been pushed to your Code42 console (for example, using the /Groups API resource in the SCIM protocol). Only groups that have not been mapped appear in this list.
b Select a Code42 role Displays a list of all the Code42 roles. Learn more about Code42 roles and permissions below.

Code42 User Directory Sync

Appears when configuring Code42 User Directory Sync. 

Code42 User Directory Sync configuration page

Item Description Click to view
a Name Display name for this User Directory Sync instance  
b Actions

Menu with the following actions: 

 
c Provider Credentials

Displays user credentials. This user performs directory sync between your provider and Code42. 

 

Click Regenerate password to create a new password if needed for the user. If you generate a new password for the user, you must also run the C42UserDirectorySync.bat --scim-password command to reconfigure the scim.password property with the new password

 
d Deactivation Delay
 

Displays the amount of time Code42 waits to deactivate a user after a synchronization is run. The maximum deactivation delay is 90 days.
 

Click the edit icon Edit icon to change the length of time to delay deactivation.

Even if you configure Code42 to wait to deactivate a user, the user is immediately blocked. The user is then deactivated after the configured time. If you need to cancel a pending user deactivation during the delay period, unblock the user.

 

Deactivation of users on legal hold

Backup agent and legacy agent only

If users who are custodians under a legal hold are subsequently selected for deactivation (for example, from the Code42 console, a provisioning provider, or API), they are not deactivated immediately because their data must be retained for legal hold purposes. Instead, they are blocked. Once these blocked users are released from legal hold, they are deactivated automatically. 

 
e

Organization Mapping

 

Disabled within the Code42 console. To configure how users are mapped to Code42 organizations, use the Org script in the Code42 User Directory Sync Tool. 

 
f Edit  Change how Code42 maps provisioned users to organizations.  Edit Organization Mapping Method
g

Role Mapping

Displays which roles the User Directory Sync automatically updates. 

 
h Edit 

Enable a method for mapping roles to users. Choose either Manually or Select roles from the Code42 User Directory Sync.

  • Manually: You must update roles within the Code42 console
  • Select roles from the Code42 User Directory Sync: Code42 automatically updates a user's roles based on the role script
Edit Role Mapping
i Select Roles

Select roles to be managed by the Code42 User Directory Sync Tool. This means only roles checked in this list will be automatically updated by the tool. Roles that aren't checked here must be manually updated in the Code42 console. 
 

See the Roles reference for more information on each role. 

View a list of roles within your Code42 environment.

Edit Organization Mapping Method for User Directory Sync

To view organization mapping methods, select the edit icon Edit icon next to Organization Mapping. 

Create new users in an existing Code42 organizationn

Assigns new users to the same Code42 organization and does not map new users based on the User Directory Sync org script. If you choose this option, create organizations in the Code42 console before you begin.

Example use case
Use this option if you want to manage new users in the Code42 console. All users that are provisioned from User Directory Sync are added to the same organization. You can then move the users from that single organization to additional organizations in the Code42 console. 

Add new users to one organization.

Item Description
a Create new users in the organization below and do not map users based on the User Directory Sync's org script Code42 assigns new users to the selected organization.  
b Select an organization Select the organization where to place new users. 
User Directory Sync org script

Assigns users to organizations based on the User Directory Sync org script.   

Example use case
Use this method if you want to manage users in the User Directory Sync (and not in the Code42 console). Code42 creates new organizations or assigns users to existing organizations based on the org script.  

Map using UDS org script.

Item Description
a Map users to organizations based on the User Directory Sync's org script Code42 assigns users to the selected organization using the User Directory Sync org script. 
b Select an organization Select the organization where you want to place unmapped users. 

Select roles

To view, go to the Provisioning, and click Select Roles. This is a security measure to prevent users from elevating their privilege within Code42 environment. 

Select roles

Item Description
a Choose Roles Displays all of the roles available in your Code42 environment. To learn more about what the permissions, limitations, and example use cases for each role, see the

Roles reference.

b Enable or disable role

Enable or disable roles from automatic provisioning.

  • Enabled: Code42 automatically adds or removes this role based on your role script.
  • Disabled: Even if your role script includes this role, Code42 will not update a user to add or remove this role. You must manually update in the Code42 console. 

Apply organization and role settings

Should you need to change organization and role settings and want them to be applied to all provisioned users in Code42 immediately, use the Apply Org and Role Settings option in the action menu of the target provisioning provider.

Use with caution

Applying the organization and role settings to all provisioned users with the Apply Org and Role Settings option could be a destructive action because organization assignment changes may impact your currently provisioned user's archive configurations. Both organization and role settings are applied simultaneously and complete asynchronously.

Steps

To apply organization and role changes to either a SCIM provisioning provider or a Code42 User Directory Sync provisioning provider, complete the following: 

  1. Sign in to the Code42 console.
  2. Go to Administration > Integrations > Identity Management > Provisioning.
  3. Select a provisioning provider.
  4. Choose Actions > Apply Org and Role Settings.

    Apply org and role settings

  5. Click Apply.
    It may take up to one hour for the changes to be applied to all affected users.

Apply settings for organizations and roles mapped with SCIM groups

In order to map SCIM groups to Code42 organizations or roles, you must first push those SCIM groups to Code42 so they are available for mapping. You can do this by provisioning the users in their groups (or by using a push method such as the /Groups API resource in the SCIM protocol). However, this means that initially the users are placed in the default organizations and roles rather than the ones you want to map them to. 

To move users to the correct organizations and roles, map your organizations and roles and then apply the mappings:

  1. Provision users with their groups. Although this places the users in default organizations and assigns default roles, it also pushes the SCIM groups to Code42 so they appear in the Code42 console.
  2. Now that the SCIM groups appear in the Code42 console, you can use them to configure organization mapping and configure role mapping.
  3. Run Apply Org and Role Settings to apply the newly configured organizations and role assignments to the already-provisioned users. Users are moved to the correct organizations and roles.

Use cases

See the following sections for situations where applying mappings may be useful.

SCIM provisioning provider
Configure mappings first
Ensure you've configured the organization and role mappings in the provisioning provider details page before applying mappings with the Apply organization and role settings dialog.
Organization mapping

You have configured your identity provider to provision the "c42OrgName" user attribute. Apply mappings when:

  • You have recently configured the Code42 mapping method to use "C42OrgName" and would like to move all existing provisioned users to their "c42OrgName" organization.
  • You have manually moved users into other organizations and would like them moved back to their "c42OrgName" organization.

You have configured your identity provider to provision user group information. Apply mappings when:

  • You have recently configured the Code42 mapping method to use SCIM groups and would like to move all existing provisioned users in manually assigned organizations to their mapped organization.
  • You have manually moved provisioned users into other organizations and would like them moved back to their mapped organization.
  • You have updated the SCIM group mappings and would like existing provisioned users to be moved into their newly mapped organizations immediately.
Role mapping

You have configured your identity provider to provision user group information. Apply mappings when:

  • You have recently configured the Code42 mapping method to use SCIM groups and would like to move all existing provisioned users in manually assigned roles into newly mapped roles.
  • You have manually assigned roles to provisioned users and would like them re-assigned to their mapped roles.
  • You have updated the SCIM group mappings and would like existing provisioned users to be assigned into their newly mapped roles immediately.
Code42 User Directory Sync
Full sync
You should run a full sync to reprovision all users to Code42 using the Code42 User Directory Sync rather than applying organization and role mappings. However, in some cases, accessing the Code42 User Directory Sync or running a full sync may not be an option. In those cases you can apply mappings with the Apply organization and role settings dialog.
Organization mappings
  • You had previously configured mapping to use the org script, but recently updated the Code42 mapping method to use the "User Directory Sync Org Script".  Apply mappings when you would like to move all existing provisioned users in their manually assigned organizations to the scripted organization.
  • You have mapping configured to use the "User Directory Sync Org Script", but later manually moved provisioned users into other organizations. Apply mapping changes to move users back to their scripted organization.
Role mappings

You have configured the User Directory Sync role script to provision user's roles information. Apply mappings when you have updated the role allowlist and would like update provisioned users accordingly.

Sync Log

The sync log displays all of the updates made to your Code42 environment from the provisioning provider. 

To view the Sync Log:

  1. Sign in to the Code42 console.
  2. Select Administration > Integrations > Identity Management
  3. Click Sync Log
Data in the Sync Log is retained for 90 days
As of September 22, 2021, the Sync Log retains data for only 90 days. If you want to retain Sync Log data older than the last 90 days, you must export the data before September 22, 2021. After that date, to retain Sync Log data older than 90 days, export the data on a regular basis and keep it in your own storage systems. For more information, see Export Sync Log data.

Sync log

Item Description Click to view
a Date selector Selects the timeframe for which logs to display. Click to view a calendar date picker.
b Refresh Table Retrieves the most recent synchronization changes. Click to view the latest log entries.
c Export CSV Exports all of the sync logs to a .CSV file. Use this option to filter the logs further.  Click to start downloading a CSV file.
d Provider Displays the provider that made the update. Click to sort.
e User Impacted Displays the Code42 username.  Click to sort.
f Change type

Displays how the user was changed. Change types are: 

  • Added
  • Created
  • Modified
  • Deactivated
  • Removed
  • Sync Failure
  • Not in Role Mapping
  • Removed
Click to sort.
g Attribute changed

Displays what part of the user changed. Attribute changes can be to: 

  • Country
  • Department
  • Division
  • Email
  • Employment Type
  • External ID
  • First Name
  • Last Name
  • Locality
  • Manager
  • Organization 
  • Region
  • Role
  • Title
  • User Name
Click to sort.
h New Value

Displays the new value for the attribute that was changed.

 

Note: Organization attribute values include the orgId, and Manager attribute values include the userId.

Click to sort.
i Old value Displays the old value for the attribute that was changed. Click to sort.
j Date changed Displays the date the change occurred.  Click to sort.
Provisioning updates also appear in the Audit Log

In addition to appearing in the Sync Log, updates resulting from provisioning also appear in the Audit Log. For example, newly-provisioned users appear in the Add user event type, users deactivated by provisioning appear in the Deactivate user event type, and provisioned user attributes changes appear in the External attributes change event type. 

Whenever the acting user in an Audit Log event is a SCIM provisioning system, the username of the acting user in the event appears as the provisioning provider Username credentials from Code42 (for example, "okta_1234@cloud.code42.com"). 

External resources