本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# CloudTrail 中的 IAM Identity Center 資訊
<a name="sso-info-in-cloudtrail"></a>

當您建立帳戶 AWS 帳戶 時，您的 上會啟用 CloudTrail。當活動在 IAM Identity Center 中發生時，該活動會與**事件歷史記錄**中的其他 AWS 服務事件一起記錄在 CloudTrail 事件中。您可以在 中檢視、搜尋和下載最近的事件 AWS 帳戶。如需詳細資訊，請參閱[使用 CloudTrail 事件歷史記錄檢視事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。

**注意**  
如需有關使用者識別和追蹤 CloudTrail 事件中使用者動作如何演變的詳細資訊，請參閱 *AWS 安全部落格*中 [IAM Identity Center 的重要 CloudTrail 事件變更](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/)。

若要持續記錄 中的事件 AWS 帳戶，包括 IAM Identity Center 的事件，請建立追蹤。*線索*能讓 CloudTrail 將日誌檔案交付至 Amazon S3 儲存貯體。根據預設，當您在主控台建立線索時，線索會套用到所有 AWS 區域。線索會記錄 AWS 分割區中所有區域的事件，並將日誌檔案交付至您指定的 Amazon S3 儲存貯體。此外，您可以設定其他 AWS 服務，以進一步分析和處理 CloudTrail 日誌中所收集的事件資料。如需詳細資訊，請參閱 *AWS CloudTrail 使用者指南*中的以下主題：
+ [建立追蹤的概觀](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支援的服務和整合](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [設定 CloudTrail 的 Amazon SNS 通知](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [接收多個區域的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)及[接收多個帳戶的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)

當您的 中啟用 CloudTrail 記錄時 AWS 帳戶，日誌檔案中會追蹤對 IAM Identity Center 動作發出的 API 呼叫。IAM Identity Center 記錄會與日誌檔案中的其他 AWS 服務記錄一起寫入。CloudTrail 會根據期間與檔案大小，決定何時建立與寫入新檔案。

**支援 IAM Identity Center APIs CloudTrail 事件**  
下列各節提供有關與 IAM Identity Center 支援的下列 APIs 相關聯的 CloudTrail 事件的資訊：
+ [IAM Identity Center API](#cloudtrail-events-iam-identity-center-operations)
+ [Identity Store API](#cloudtrail-events-identity-store-operations)
+ [OIDC API](#cloudtrail-events-oidc-operations)
+ [AWS 存取入口網站 API](#cloudtrail-events-access-portal-operations)
+ [SCIM API](#cloudtrail-events-scim-api-operations)

## IAM Identity Center API 操作的 CloudTrail 事件
<a name="cloudtrail-events-iam-identity-center-operations"></a>

下列清單包含公有 IAM Identity Center 操作隨事件來源發出的 CloudTrail `sso.amazonaws.com`事件。如需公有 IAM Identity Center API 操作的詳細資訊，請參閱 [IAM Identity Center API 參考](https://docs.aws.amazon.com/singlesignon/latest/APIReference/welcome.html)。

 您可以在 CloudTrail 中找到主控台依賴的 IAM Identity Center 主控台 API 操作的其他事件。如需這些主控台 APIs的詳細資訊，請參閱[服務授權參考](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycenter.html)。


+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html)
+ [
AttachManagedPolicyToPermissionSet](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachManagedPolicyToPermissionSet.html)

+ [
CreateAccountAssignment](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateAccountAssignment.html)

+ [CreateApplication
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplication.html)

+ [
CreateApplicationAssignment](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html)

+ [
CreateInstance
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstance.html)

+ [
CreateInstanceAccessControlAttributeConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstanceAccessControlAttributeConfiguration.html)

+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreatePermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreatePermissionSet.html)

+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html)

+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html)

+  [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplication.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplication.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html)
+  [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html)
+ [
DeleteApplicationGrant
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationGrant.html)

+ [
DeleteInlinePolicyFromPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInlinePolicyFromPermissionSet.html)

+ [
DeleteInstance
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstance.html)
+ [
DeleteInstanceAccessControlAttributeConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstanceAccessControlAttributeConfiguration.html)
+ [
DeletePermissionsBoundaryFromPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionsBoundaryFromPermissionSet.html)
+ [
DeletePermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionSet.html)
+ [
DeleteTrustedTokenIssuer
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteTrustedTokenIssuer.html)
+ [
DescribeAccountAssignmentCreationStatus
s](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentCreationStatus.html)
+  [
DescribeAccountAssignmentDeletionStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentDeletionStatus.html)
 
+ [
DescribeApplication
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplication.html)

+ [
DescribeApplicationAssignment
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationAssignment.html)
+ [
DescribeApplicationProvider
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationProvider.html)
+ [
DescribeInstance
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstance.html)
+ [
DescribeInstanceAccessControlAttributeConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstanceAccessControlAttributeConfiguration.html)
+ [
DescribePermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSet.html) 
+ [
DescribePermissionSetProvisioningStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSetProvisioningStatus.html)
+ [
DescribeTrustedTokenIssuer
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeTrustedTokenIssuer.html)
+ [
DetachCustomerManagedPolicyReferenceFromPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachCustomerManagedPolicyReferenceFromPermissionSet.html)
+ [
DetachManagedPolicyFromPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachManagedPolicyFromPermissionSet.html)
+ [
GetApplicationAccessScope
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAccessScope.html) 
+ [
GetApplicationAssignmentConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAssignmentConfiguration.html) 
+ [
GetApplicationAuthenticationMethod
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAuthenticationMethod.html) 
+ [
GetApplicationGrant
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationGrant.html) 
+ [
GetInlinePolicyForPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetInlinePolicyForPermissionSet.html) 
+ [
GetPermissionsBoundaryForPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetPermissionsBoundaryForPermissionSet.html) 
+ [
ListAccountAssignmentCreationStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentCreationStatus.html)
 
+  [
ListAccountAssignmentDeletionStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentDeletionStatus.html) 
+  [
ListAccountAssignments
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignments.html)
 
+  [
ListAccountAssignmentsForPrincipal
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentsForPrincipal.html) 
+ [
ListAccountsForProvisionedPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountsForProvisionedPermissionSet.html) 
+ [
ListApplicationAccessScopes
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAccessScopes.html) 
+  [
ListApplicationAssignments
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignments.html) 
+  [
ListApplicationAssignmentsForPrincipal
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignmentsForPrincipal.html) 
+  [
ListApplicationAuthenticationMethods
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAuthenticationMethods.html) 
+  [
ListApplicationGrants
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationGrants.html) 
+ [
ListApplicationProviders
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationProviders.html) 
+ [
ListApplications
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplications.html) 
+ [
ListCustomerManagedPolicyReferencesInPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListCustomerManagedPolicyReferencesInPermissionSet.html) 
+ [
ListInstances
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html)
 
+ [
ListManagedPoliciesInPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html) 
+  [
ListPermissionSetProvisioningStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetProvisioningStatus.html) 
+  [
ListPermissionSets
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSets.html) 
+  [
ListPermissionSetsProvisionedToAccount
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetsProvisionedToAccount.html) 
+ [
ListTagsForResource
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTagsForResource.html)
 
+ [
ListTrustedTokenIssuers
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTrustedTokenIssuers.html) 
+ [
ProvisionPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html) 
+ [
PutApplicationAccessScope
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAccessScope.html) 
+ [
PutApplicationAssignmentConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAssignmentConfiguration.html)
 
+ [
PutApplicationAuthenticationMethod
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAuthenticationMethod.html) 
+ [
PutApplicationGrant
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationGrant.html) 
+ [
PutInlinePolicyToPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutInlinePolicyToPermissionSet.html) 
+ [
PutPermissionsBoundaryToPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutPermissionsBoundaryToPermissionSet.html) 
+ [
TagResource
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_TagResource.html)
 
+ [
UntagResource
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UntagResource.html) 
+ [
UpdateApplication
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateApplication.html) 
+ [
UpdateInstance
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstance.html) 
+ [
UpdateInstanceAccessControlAttributeConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstanceAccessControlAttributeConfiguration.html) 
+ [
UpdatePermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdatePermissionSet.html) 
+ [
UpdateTrustedTokenIssuer
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateTrustedTokenIssuer.html) 

## Identity Store API 操作的 CloudTrail 事件
<a name="cloudtrail-events-identity-store-operations"></a>

下列清單包含公有 Identity Store 操作隨事件來源發出的 CloudTrail `identitystore.amazonaws.com`事件。如需公有 Identity Store API 操作的詳細資訊，請參閱 [Identity Store API 參考](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/welcome.html)。

 您可能會在 CloudTrail 中找到具有事件來源的 Identity Store 主控台 API 操作的其他`sso-directory.amazonaws.com`事件。這些 APIs支援 主控台和 AWS 存取入口網站。如果您需要偵測特定操作的發生，例如將成員新增至群組，建議您同時考慮公有和主控台 API 操作。如需這些主控台 APIs的詳細資訊，請參閱[服務授權參考](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentitystore.html)。
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroup.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroup.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroupMembership.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroupMembership.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroup.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroup.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroupMembership.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroupMembership.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteUser.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteUser.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeUser.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeUser.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupId.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupId.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupMembershipId.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupMembershipId.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetUserId.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetUserId.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMembershipsForMember.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMembershipsForMember.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateGroup.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateGroup.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateUser.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateUser.html)

## OIDC API 操作的 CloudTrail 事件
<a name="cloudtrail-events-oidc-operations"></a>

下列清單包含公有 OIDC 操作發出的 CloudTrail 事件。如需公有 OIDC API 操作的詳細資訊，請參閱 [OIDC API 參考](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)。
+ [https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) （事件來源 `sso.amazonaws.com`)
+ [https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html) （事件來源 `sso-oauth.amazonaws.com`)

## AWS 存取入口網站 API 操作的 CloudTrail 事件
<a name="cloudtrail-events-access-portal-operations"></a>

下列清單包含 AWS 存取入口網站 API 操作隨事件來源發出的 CloudTrail `sso.amazonaws.com`事件。標記為在公有 API 中無法使用的 API 操作支援 AWS 存取入口網站的操作。使用 AWS CLI 可能會導致公有 AWS 存取入口網站 API 操作和公有 API 中無法使用的 CloudTrail 事件同時發出。如需公開 AWS 存取入口網站 API 操作的詳細資訊，請參閱[AWS 存取入口網站 API 參考](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/Welcome.html)。
+ Authenticate （不適用於公有 API。 提供 AWS 存取入口網站的登入。)
+ Federate （不適用於公有 API。 為應用程式提供聯合。)
+  [https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_ListAccountRoles.html](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_ListAccountRoles.html) 
+  [https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_ListAccounts.html](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_ListAccounts.html) 
+  ListApplications （不適用於公有 API。 提供使用者指派的資源，以在 AWS 存取入口網站中顯示。) 
+  ListProfilesForApplication （不適用於公有 API。 提供應用程式中繼資料以在 AWS 存取入口網站中顯示。) 
+  [https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) 
+  [https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_Logout.html](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_Logout.html) 

## SCIM API 操作的 CloudTrail 事件
<a name="cloudtrail-events-scim-api-operations"></a>

如需公有 SCIM API 操作的相關資訊，請參閱[AWS 存取入口網站 API 參考](scim-logging-using-cloudtrail.md)。

## IAM Identity Center CloudTrail 事件中的身分資訊
<a name="identity-info-in-cloudtrail-events"></a>

每一筆事件或日誌專案都會包含產生請求者的資訊。身分資訊可協助您判斷下列事項：
+ 請求是使用根使用者還是 AWS Identity and Access Management (IAM) 使用者登入資料提出。
+ 提出該請求時，是否使用了特定角色或聯合身分使用者的暫時安全憑證。
+ 請求是否由其他 AWS 服務提出。
+ 請求是否由 IAM Identity Center 使用者提出。若是如此，CloudTrail 事件中會提供 `userId`和 `identityStoreArn` 欄位，以識別啟動請求的 IAM Identity Center 使用者。如需詳細資訊，請參閱[在 IAM Identity Center 使用者起始的 CloudTrail 事件中識別使用者](sso-cloudtrail-use-cases.md#user-session-iam-identity-center)。

如需詳細資訊，請參閱 [CloudTrail userIdentity 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。

**注意**  
目前，IAM Identity Center 不會發出 CloudTrail 事件，讓使用者使用 [OIDC API](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) 登入 AWS 受管 Web 應用程式 （例如 Amazon SageMaker AI Studio)。這些 Web 應用程式是一組更廣泛的 子集[AWS 受管應用程式](awsapps.md)，其中也包含非 Web 應用程式，例如 Amazon Athena SQL 和 Amazon S3 Access Grants。