We recently began to configure the SAML Authentication Service in 8.2.1. (The following appears applicable to 8.3.* as well). The rule's Mapping tab works conveniently to record SAML Assertion user attributes to the Operator both on initial operator provisioning and subsequent logins, but the previous user state is not saved as a History snapshot.
Our feature request: A configuration toggle that triggers user attribute change detection and records the replaced user state snapshot when saving the changed operator record. Better yet, perhaps functionality could be codified in an extensible Flow. Then developers could support application-level responses to the change event.
Similar and even better feature request: Supply this user change management follow-through formally with first class support for SCIM, which is supported by every major identity provider (IDP).
In BPM contexts, aggressively updating user roles and authorizations as they evolve in the enterprise will reduce exception management and make auditors happy.
Building #2, Sarbanes Oxley controls can be reduced to IT controls if authorizations and logged changes to authorizations roll out in (near) real-time. Support for SCIM and enhanced change capture on Operators should be a big win for all Pega customers concerned with business controls.
Bundling this as SCIM support provides Plug and Play, no-code automation.
FWIW, while exploring this we stumbled on Operator snapshots not being recording at all in 8.3, even when Saving from the Operator form. This is addressed in the referenced SR.
Thanks for reading!
***Edited by Moderator Marissa to update SR Details***
A feedback request has been created on your behalf in our internal portal. The feedback ID is tagged to the issue description above (under Related Support Case Number). Use this FDBK ID as reference to connect with your Pega Account Executive to track the progress of this request.