The Audit Native Change To Account Attributes workflow is launched when reconciliation or the provisioner detects a change to the attributes of a resource account that was not initiated through Identity Manager. Only user-specified attributes are monitored for changes. By default, no attributes are monitored.
The following parameters are passed to the workflow:
resource. Resource object where the account was changed natively.
accountID. Name of the resource account that was changed natively.
prevAttributes. Map containing the monitored resource account attributes recorded by Identity Manager.
newAttributes. Map containing the monitored resource account attributes currently set on the resource.
attributeChanges. Map containing the List of generic objects that indicate which attributes have changed. Each object contains the previous and new values.
formattedChanges. String representing the attribute changes in compact format, suitable for an audit record.
To audit native changes, you must do the following:
On the Edit Reconciliation Policy page, select the Detect native changes to account attributes option from the Attribute-level reconciliation drop-down menu. You might need to uncheck the Inherit resource type policy check box to display a list of attributes. Select the attributes to audit.
Add Changes Outside Identity Manager to the list of audit events. To do this, select the Configure tab, then Audit Events on the left.