Created by Enrico Benedict Quiñones, last modified by Ivan Dev on Dec 13, 2022

Legend
Event - event that triggers an audit log

Source - WHO triggered the event?

Event Action Type - WHAT the SOURCE did? Values in here

Target - WHO is the event impacting?

Details - results/side effects of the action

Status - Implementation status on IAM side

All audit logs are being published to this topic: backoffice.create_audit_log.command.v1

Event

Event Description

Source

Event Action Type

Target and Attributes

Details

Status

Notes

Create Credentials

Happens during customer onboarding. Credentials correspond to the customer’s set of keys to be used for signing/verification of customer’s requests.

Customer

CREATED (reused existing)

Signing Credentials

  • customerId

  • credentialId

  • id

  • customerId

  • credentialId

  • state

  • createdAt

  • updatedAt

WIP

Revoke Credentials

Permanently blocks the user’s access to the system by tagging the user’s credentials as revoked.

Triggered by slacker?

System

BLOCKED (reused existing)

Signing Credentials

  • customerId

  • credentialId

  • id

  • customerId

  • credentialId

  • state

  • createdAt

  • updatedAt

WIP

Source initially set as System because this can be triggered by slacker/other backend systems.

Lock Credentials

Temporarily locks the user’s access to the system by tagging the user’s credentials as locked.

Triggered by slacker?

System

DEACTIVATED (reused existing)

Signing Credentials

  • customerId

  • credentialId

  • id

  • customerId

  • credentialId

  • state

  • createdAt

  • updatedAt

WIP

Source initially set as System because this can be triggered by slacker/other backend systems.

Unlock Credentials

Unlocks the user’s access to the system by tagging the user’s credentials as unlocked.

Triggered by slacker?

System

ACTIVATED (reused existing)

Signing Credentials

  • customerId

  • credentialId

  • id

  • customerId

  • credentialId

  • state

  • createdAt

  • updatedAt

WIP

Source initially set as System because this can be triggered by slacker/other backend systems.

Login Credentials

Enables the user to have an active session.

System

LOGGED_IN (reused existing)

Signing Credentials

  • customerId

  • credentialId

  • id

  • customerId

  • credentialId

  • state

  • createdAt

  • updatedAt

WIP

Logout Credentials

Log out users session.

System

LOGGED_OUT (reused existing)

Signing Credentials

  • customerId

  • credentialId

  • id

  • customerId

  • credentialId

  • state

  • createdAt

  • updatedAt

WIP

Initiate Step Up Authentication

Initiation of step up authentication where a step up challenge is created and face liveness license is returned to the frontend.

Customer

STEP_UP_INITIATED (new)

Step Up Authentication

  • customerId

  • challengeData

  • id

  • challengeData

  • customerId

  • livenessId

  • state

  • verificationResult

  • createdAt

  • updatedAt

WIP

Check Step Up Authentication

Second step in the step up authentication process where the face verification/liveness result is retrieved.

Customer

STEP_UP_CHECKED (new)

Step Up Authentication

  • customerId

  • challengeData

  • id

  • challengeData

  • customerId

  • livenessId

  • state

  • verificationResult

  • createdAt

  • updatedAt

WIP

Consume Step Up Authentication

Final step in the step up authentication process where the step up is finally used in the processing of the request.

Customer

STEP_UP_CONSUMED (new)

Step Up Authentication

  • customerId

  • challengeData

  • id

  • challengeData

  • customerId

  • livenessId

  • state

  • verificationResult

  • createdAt

  • updatedAt

WIP

Generate Ably Token

Issued upon customer login to be used for Ably-related operations.

Customer

CREATED (reused existing)

Ably JWT Token

  • customerId

  • customerId

  • issueTime

  • expirationTime

  • capability

WIP

Successful App Login

TODO

Include the following details:

  • Device used

  • IP Address used

  • Location (if possible)

Failed App Loging

TODO

App Logout

TODO

Number of login retries/attempts

TODO

Successful Back-office Login

TODO

Failed Back-office Login

TODO

Back-office Logout

TODO

Registration of Device

TODO

Registration Attempts

TODO

Include the following details:

  • IMEI of device used

PIN or Passcode Change

TODO

Customer calls for support

Customer

CUSTOMER_VERIFICATION_INITIATED

customerId

  • timestamp

Successful customer verification from app

Customer

CUSTOMER_VERIFICATION_FROM_APP_SUCCESSFUL

customerId

  • timestamp

Customer is requested to verify questions

System

CUSTOMER_VERIFICATION_QUESTIONS_ASKED

verificationId

  • security questions

  • security questions - (1-5) or (1-3) depending if phone is verified or not

Successful customer verification from security questions

System

CUSTOMER_VERIFICATION_QUESTIONS_SUCCESSFUL

verificationId

  • question results

  • final result

  • questions results - result per question if its OK or NOK

  • final result - result of the combined results per question
    SUCCESS/FAILED

Failed customer verification from security questions

System

CUSTOMER_VERIFICATION_QUESTIONS_FAILED

verificationId

  • question results

  • final result

  • questions results - result per question if its OK or NOK

  • final result - final result of the combined results per question
    SUCCESS/FAILED