Hello Team,
In the cumulocity, we always feel the requirement for the best audit log records, and recently we have identified that there are no audit log records for the login mechanism.
As checked, in cumulocity we are having the multiple login methods (Basic/OAI/SSO), but when we check the audit logs, nothing is captured there.
So in any tenant, if anyone changes any configuration fields (purposefully or mistakenly), then there is no way to identify which field was changed, which might result in a lot of troubleshooting to find the issue and correct it.
Moreover, if we have any audit logs mentioning that this particular field has been updated from "X" to "Y," then we can have an easy and quick resolution for such issues.
So we are requesting you to check and add the audit records under the audit logs, which will be really helpful for the customer.
If there is any issue with respect to sharing information, security, etc., then you can segregate those records on the basis of access roles and permissions.
We would like to see the below fields in the audit records:
Login method used
Which field was changed?
What has been changed
Changed by who
Timing of the changes
I hope that makes sense and will be helpful for everyone who is working in a complex environment, and such unnoticed changes might affect a complete login access issue.
Please let us know if any other details are required.
Thank You!
Regards,
Akshay