SCIM Audit Logging Now Available

Cloudflare dashboard SCIM (System for Cross-domain Identity Management) provisioning operations are now captured in Audit Logs v2, providing complete visibility into user and group changes made by your identity provider.

Logged Actions

The following SCIM operations are now tracked:

User Operations:

• Create SCIM User: User provisioned from IdP
• Replace SCIM User: User fully replaced via PUT operation
• Update SCIM User: User attributes modified via PATCH operation
• Delete SCIM User: Member deprovisioned

Group Operations:

• Create SCIM Group: Group provisioned from IdP
• Update SCIM Group: Group membership or attributes modified
• Delete SCIM Group: Group deprovisioned

What This Means for You

Organizations can now audit and track all identity management changes happening through SCIM integrations. This enhances security compliance, troubleshooting, and access control visibility across your Cloudflare account.

For complete details, refer to the Audit Logs v2 documentation.