Event Timeline

The event timeline lets you scroll through a reverse chronological list of all changes to access that occurred up to and including the selected capture date and time. There are also governance event cards for added or removed entitlements, roles, or identity attributes with additional information about what caused the access or identity attribute change.

The most recent 20 events are displayed. Select the Show Next 20 button to see more.

List elements include:

  • Event icon – green + indicates add, red – indicates remove, blue gavel indicates governance events, and left / right arrows indicate an identity status change, identity attribute change, or account attribute change

  • Event type – types of events include:

    • Changed account

    • Added account

    • Removed account

    • Removed entitlement

    • Added entitlement

    • Removed detected role

    • Added detected role

    • Removed assigned role

    • Added assigned role

    • Changed identity

    • Changed identity status

    • Deleted identity

    • Discovered identity

    • Governance event – Access Request, Certification, or Policy Violation

    • Mitigated policy violation

  • Event timestamp – date and time the event was recorded in the Access History database

  • Type-specific fields or details – configure columns to select which type-specific fields you want to display

Event Timeline Timestamp

The timestamp on an event in the Events Timeline is the date that the event was recorded in the Access History database, not the date and time that the event occurred. Access History events are generated as part of the activities triggered by the Dispatch Access History task. Depending on how frequently that task is run, events in the Access History database may have a later event date and time than the time at which the access change occurred in IdentityIQ. See Setting Up Access History Task.

Note: Not every event captured in the Access History database results in a new identity capture being created. Changes to objects in the IdentityIQ database other than identity objects – such as, for example, changes to Accounts, Roles, or Entitlements that affect the identity – do NOT trigger a new capture. However, when a new capture is triggered by a change to the Identity, such as an added or removed Entitlement or Role, or a change to an identity attribute, the events for changes to the non-identity objects will be included in that capture.

Therefore, it is possible to retrieve the latest capture for an identity in Access History, and for there to be some related events (the ones that in and of themselves don't trigger a capture) that are not yet included because those events were recorded after the latest identity capture was created.

This is a transitory situation, and no events will be lost. They will show up when the next capture is generated. It's also possible that even recent identity-related changes may not be included in the latest capture, if the Dispatch Access History task has not been run since they occurred.