Skip to content

[ZT] SCIM logs #21230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 9, 2025
Merged

[ZT] SCIM logs #21230

merged 3 commits into from
Apr 9, 2025

Conversation

@ranbel
Copy link
Contributor

@ranbel ranbel commented Mar 28, 2025

PCX-15266

@hyperlint-ai
Copy link
Contributor

hyperlint-ai bot commented Mar 28, 2025

Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment.

We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally.

PR Change Summary

Enhanced SCIM documentation with new activity logs and improved user guidance.

  • Added SCIM activity logs documentation for auditing provisioning events.
  • Updated instructions for checking synchronized users and groups in Entra ID.
  • Modified existing content to direct users to SCIM provisioning logs for identity updates.

Modified Files

  • src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
  • src/content/partials/cloudflare-one/access/verify-scim-provisioning.mdx

Added Files

  • src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx
  • src/content/partials/cloudflare-one/access/scim-requires-login.mdx
How can I customize these reviews?

Check out the Hyperlint AI Reviewer docs for more information on how to customize the review.

If you just want to ignore it on this PR, you can add the hyperlint-ignore label to the PR. Future changes won't trigger a Hyperlint review.

Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add hyperlint-ignore to the PR to ignore the link check for this PR.

ranbel
ranbel commented Mar 28, 2025
View reviewed changes
src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx Outdated

SCIM provisioning logs show the following information for each inbound SCIM request:

- **IdP name**: UUID of the identity provider
Copy link
Contributor Author

@ranbel ranbel Mar 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kennyj42 can you help fill in these log field descriptions?

Copy link
Contributor

@ajholland ajholland Mar 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest:

  • IdP name: Name of the Identity Provider
  • Timestamp: Date and time of the request
  • Action: HTTP request method (POST, PUT, PATCH, DELETE)
  • User email: User who received the SCIM identity update
  • Group name: Group that received the SCIM identity update
  • Resource type: SCIM resource that was modified (GROUP or USER)
  • CF resource ID: Consistent identifier for the user or group created by Cloudflare SCIM
  • IDP resource ID: Identifier for the user or group provided by the Identity Provider
  • Outcome: Whether the SCIM request was applied successfully (SUCCESS or ERROR)
  • Request body: HTTP request body containing the data that was added, modified, or removed
  • JSON log: SCIM request log in JSON format

@github-actions
Copy link
Contributor

github-actions bot commented Mar 28, 2025
edited
Loading

Preview URL: https://5fed4fa2.preview.developers.cloudflare.com
Preview Branch URL: https://ranbel-scim-logs.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/cloudflare-one/insights/logs/scim-logs/ https://ranbel-scim-logs.preview.developers.cloudflare.com/cloudflare-one/insights/logs/scim-logs/
https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/entra-id/ https://ranbel-scim-logs.preview.developers.cloudflare.com/cloudflare-one/identity/idp-integration/entra-id/

@ranbel ranbel marked this pull request as ready for review March 31, 2025 17:07
@ranbel ranbel requested review from a team and kennyj42 as code owners March 31, 2025 17:07
ajholland
ajholland reviewed Mar 31, 2025
View reviewed changes
pedrosousa
pedrosousa approved these changes Apr 9, 2025
View reviewed changes
src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx
- **Group name**: Group that received the SCIM identity update
- **Resource type**: SCIM resource that was modified (`GROUP` or `USER`)
- **CF resource ID**: Persistent identifier for the user or group created by Cloudflare SCIM
- **IDP resource ID**: Identifier for the user or group provided by the identity provider
Copy link
Contributor

@pedrosousa pedrosousa Apr 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Not sure if it's really IDP resource ID here or IdP resource ID.

Copy link
Contributor Author

@ranbel ranbel Apr 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UI shows IDP resource ID

@ranbel ranbel merged commit fd71e55 into production Apr 9, 2025
11 checks passed
@ranbel ranbel deleted the ranbel/scim-logs branch April 9, 2025 16:37
RebeccaTamachiro pushed a commit that referenced this pull request Apr 21, 2025
@ranbel @RebeccaTamachiro
[ZT] SCIM logs (#21230)
69d96ce 
* SCIM logs

* update log fields

* update ID description
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pedrosousa pedrosousa pedrosousa approved these changes

@kennyj42 kennyj42 Awaiting requested review from kennyj42 kennyj42 is a code owner

+1 more reviewer

@ajholland ajholland ajholland left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@kennyj42 kennyj42

Labels

product:cloudflare-one size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ranbel @pedrosousa @ajholland @kennyj42