Use the Identity and Access Audit to understand changes made for users, groups, roles, and ACLs.

Identity and Access Audit helps to understand the critical information about who has modified what, where and when in user accounts, groups and roles.

Helps to detect malicious users and track unusual activity in the ServiceNow® instance and adhere with compliance standards of being able to track access changes.

Identity and Access Audit (Identity Security Audit) is a plugin (com.glide.security.audit), which is auto-installed.

Auditing feature can be turned on or off by toggling theglide.identity.security.audit.enabled system property. By default, the property is set true.

Identity and Access Audit enables you to:

  • View the changes made in the last 30 days to users, groups, role ACL attributes, role memberships, group memberships, and ACL roles.​
  • Track the changes in your ServiceNow instance.
  • Help mitigate potential security and regulatory risks.
  • Demonstrate compliance with auditors for different groups within the organization.
  • Demonstrate that the organization isn’t vulnerable to threats related to a lack of visibility in the user group and role changes.

User personas in Identity Access and Audit

Following are the different user personas in Identity and Access Audit:

  • Admin​: View the audit records and the configuration.​
  • Security Admin: View these audit trails. Modify the configuration to enable or disable auditing for a certain table or modify the fields that are being audited.

Audit Tables

The following tables can be audited using Identity and Access Audit​:

  • Group [sys_user_group]​
  • Role [sys_user_role]​
  • Access Control [sys_security_acl]​
  • User [sys_user]​
  • Group Role [sys_group_has_role]​
  • User Role [sys_user_has_role]​
  • Access Roles [sys_security_acl_role]​
  • Contained Role [sys_user_role_contains]​
  • Group Member [sys_user_grmember]​

Modules in Identity and Access Audit

Identity and Access Audit has the following modules on the ServiceNow instance: