Most default auditing is carried out by internal Identity Manager components. There are, however, interfaces that allow events to be generated from workflows or from Java code.
The default Identity Manager audit instrumentation focuses on four main areas:
Provisioner. An internal component known as the provisioner may generate audit events.
View Handlers. In the view architecture, the view handler generates audit records. A view handler should always audit when objects are created or modified.
Session. The session methods (such as checkinObject, createObject, runTask, login, and logout) create an audit record after completing an auditable operation. Most of the instrumentation is pushed into the view handlers.
Workflow. By default, only the approval workflows are instrumented to generate audit records. These generate an audit event when requests are approved or rejected. The workflow feature’s interface to the audit logger is through the com.waveset.session.WorkflowServices application. See the next section for more information.