[SERVICE:GC Secure Artifacts] Establish Account Monitoring, Notifications, and Audit Log Relay #31
Description
Epic Link
Task Description
To ensure the security, integrity, and operational resilience of GC Secure Artifacts, we need a unified way to track the full lifecycle of user accounts — from onboarding, to active use, to deactivation.
The objective is twofold:
- Detect and respond when accounts become disabled, inactive, or otherwise invalid.
- Provide visibility and auditability to departments that require logs for compliance and monitoring.
This work should build on open standards like SCIM (System for Cross-domain Identity Management), which is supported by JFrog, while integrating with Aurora’s notification and logging pipelines.
Target Quarter
Q1 2026
Client / Partner
SSC-Aurora
Acceptance Criteria
- SCIM integration: Validate feasibility of using SCIM to propagate account status from the IdP to JFrog, and confirm which attributes (e.g., active=false) can be consumed.
- Notification workflow: Define who receives alerts (e.g., Aurora ops, requesting department) and how they are delivered (preferably via GC Notify and Teams/Email).
- Disabled account protocol: Establish a repeatable response when an account is disabled (token revocation, service account review, automated ticket creation).
- Audit log relay: Ensure departments can optionally receive filtered account events/logs for their own compliance needs.
- Security & privacy: Protect PII in notifications and logs; define clear retention and access controls.
Metadata
Metadata
Assignees
Labels
No labels