本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# IAM 身份中心信息位于 CloudTrail
<a name="sso-info-in-cloudtrail"></a>

CloudTrail 在您创建账户 Amazon Web Services 账户 时已在您的账户上启用。当 IAM Identity Center 中发生活动时，该活动会与其他 Amazon 服务 CloudTrail 事件一起记录在**事件历史**记录中。您可以在中查看、搜索和下载最近发生的事件 Amazon Web Services 账户。有关更多信息，请参阅[使用事件历史查看 CloudTrail 事件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。

**注意**  
有关 CloudTrail 事件中用户识别和用户操作跟踪如何演变的更多信息，请参阅*Amazon 安全博客*[中的 IAM Identity Center CloudTrail 事件的重要更改](https://www.amazonaws.cn/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/)。

要持续记录您的事件 Amazon Web Services 账户，包括 IAM Identity Center 的事件，请创建跟踪。*跟踪*允许 CloudTrail 将日志文件传输到 Amazon S3 存储桶。预设情况下，在控制台中创建跟踪时，此跟踪应用于所有 Amazon 区域。跟踪记录 Amazon 分区中所有区域的事件，并将日志文件传送到您指定的 Amazon S3 存储桶。此外，您可以配置其他 Amazon 服务，以进一步分析 CloudTrail 日志中收集的事件数据并对其采取行动。有关更多信息，请参阅《Amazon CloudTrail 用户指南》**中的以下主题：
+ [创建跟踪记录概述](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支持的服务和集成](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [配置 Amazon SNS 通知 CloudTrail](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [接收来自多个区域的 CloudTrail 日志文件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)和[接收来自多个账户的 CloudTrail日志文件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)

在您的中启用 CloudTrail 日志记录后 Amazon Web Services 账户，将在日志文件中跟踪对 IAM Identity Center 操作进行的 API 调用。IAM 身份中心记录与其他 Amazon 服务记录一起写入日志文件。 CloudTrail 根据时间段和文件大小决定何时创建和写入新文件。

**CloudTrail 支持的 IAM 身份中心的事件 APIs**  
以下各节提供了与 IAM Identity Center 支持的以下内容 APIs 相关 CloudTrail 的事件的信息：
+ [IAM Identity Center API](#cloudtrail-events-iam-identity-center-operations)
+ [Identity Store API](#cloudtrail-events-identity-store-operations)
+ [OIDC API](#cloudtrail-events-oidc-operations)
+ [Amazon Web Services 访问门户 API](#cloudtrail-events-access-portal-operations)
+ [SCIM API](#cloudtrail-events-scim-api-operations)

## CloudTrail IAM 身份中心 API 操作的事件
<a name="cloudtrail-events-iam-identity-center-operations"></a>

以下列表包含公共 IAM Identity Center 操作通过`sso.amazonaws.com`事件源发出的事件。 CloudTrail 有关公共 IAM Identity Center API 操作的更多信息，请参阅《[IAM Identity Center API 参考](https://docs.amazonaws.cn/singlesignon/latest/APIReference/welcome.html)》。

 您可能会在 CloudTrail 控制台所依赖的 IAM Identity Center 控制台 API 操作中找到其他事件。有关这些控制台的更多信息 APIs，请参阅《[服务授权参考](https://docs.amazonaws.cn/service-authorization/latest/reference/list_awsiamidentitycenter.html)》。


+ [https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html)
+ [
AttachManagedPolicyToPermissionSet](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_AttachManagedPolicyToPermissionSet.html)

+ [
CreateAccountAssignment](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreateAccountAssignment.html)

+ [CreateApplication
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreateApplication.html)

+ [
CreateApplicationAssignment](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html)

+ [
CreateInstance
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreateInstance.html)

+ [
CreateInstanceAccessControlAttributeConfiguration
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreateInstanceAccessControlAttributeConfiguration.html)

+ [https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreatePermissionSet.html](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreatePermissionSet.html)

+ [https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html)

+ [https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html)

+  [https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplication.html](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplication.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html)
+  [https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html)
+ [
DeleteApplicationGrant
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteApplicationGrant.html)

+ [
DeleteInlinePolicyFromPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteInlinePolicyFromPermissionSet.html)

+ [
DeleteInstance
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteInstance.html)
+ [
DeleteInstanceAccessControlAttributeConfiguration
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteInstanceAccessControlAttributeConfiguration.html)
+ [
DeletePermissionsBoundaryFromPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeletePermissionsBoundaryFromPermissionSet.html)
+ [
DeletePermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeletePermissionSet.html)
+ [
DeleteTrustedTokenIssuer
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DeleteTrustedTokenIssuer.html)
+ [
DescribeAccountAssignmentCreationStatus
s](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribeAccountAssignmentCreationStatus.html)
+  [
DescribeAccountAssignmentDeletionStatus
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribeAccountAssignmentDeletionStatus.html)
 
+ [
DescribeApplication
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribeApplication.html)

+ [
DescribeApplicationAssignment
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribeApplicationAssignment.html)
+ [
DescribeApplicationProvider
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribeApplicationProvider.html)
+ [
DescribeInstance
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribeInstance.html)
+ [
DescribeInstanceAccessControlAttributeConfiguration
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribeInstanceAccessControlAttributeConfiguration.html)
+ [
DescribePermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribePermissionSet.html) 
+ [
DescribePermissionSetProvisioningStatus
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribePermissionSetProvisioningStatus.html)
+ [
DescribeTrustedTokenIssuer
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DescribeTrustedTokenIssuer.html)
+ [
DetachCustomerManagedPolicyReferenceFromPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DetachCustomerManagedPolicyReferenceFromPermissionSet.html)
+ [
DetachManagedPolicyFromPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_DetachManagedPolicyFromPermissionSet.html)
+ [
GetApplicationAccessScope
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_GetApplicationAccessScope.html) 
+ [
GetApplicationAssignmentConfiguration
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_GetApplicationAssignmentConfiguration.html) 
+ [
GetApplicationAuthenticationMethod
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_GetApplicationAuthenticationMethod.html) 
+ [
GetApplicationGrant
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_GetApplicationGrant.html) 
+ [
GetInlinePolicyForPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_GetInlinePolicyForPermissionSet.html) 
+ [
GetPermissionsBoundaryForPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_GetPermissionsBoundaryForPermissionSet.html) 
+ [
ListAccountAssignmentCreationStatus
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListAccountAssignmentCreationStatus.html)
 
+  [
ListAccountAssignmentDeletionStatus
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListAccountAssignmentDeletionStatus.html) 
+  [
ListAccountAssignments
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListAccountAssignments.html)
 
+  [
ListAccountAssignmentsForPrincipal
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListAccountAssignmentsForPrincipal.html) 
+ [
ListAccountsForProvisionedPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListAccountsForProvisionedPermissionSet.html) 
+ [
ListApplicationAccessScopes
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListApplicationAccessScopes.html) 
+  [
ListApplicationAssignments
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListApplicationAssignments.html) 
+  [
ListApplicationAssignmentsForPrincipal
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListApplicationAssignmentsForPrincipal.html) 
+  [
ListApplicationAuthenticationMethods
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListApplicationAuthenticationMethods.html) 
+  [
ListApplicationGrants
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListApplicationGrants.html) 
+ [
ListApplicationProviders
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListApplicationProviders.html) 
+ [
ListApplications
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListApplications.html) 
+ [
ListCustomerManagedPolicyReferencesInPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListCustomerManagedPolicyReferencesInPermissionSet.html) 
+ [
ListInstances
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListInstances.html)
 
+ [
ListManagedPoliciesInPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html) 
+  [
ListPermissionSetProvisioningStatus
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListPermissionSetProvisioningStatus.html) 
+  [
ListPermissionSets
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListPermissionSets.html) 
+  [
ListPermissionSetsProvisionedToAccount
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListPermissionSetsProvisionedToAccount.html) 
+ [
ListTagsForResource
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListTagsForResource.html)
 
+ [
ListTrustedTokenIssuers
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ListTrustedTokenIssuers.html) 
+ [
ProvisionPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html) 
+ [
PutApplicationAccessScope
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_PutApplicationAccessScope.html) 
+ [
PutApplicationAssignmentConfiguration
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_PutApplicationAssignmentConfiguration.html)
 
+ [
PutApplicationAuthenticationMethod
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_PutApplicationAuthenticationMethod.html) 
+ [
PutApplicationGrant
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_PutApplicationGrant.html) 
+ [
PutInlinePolicyToPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_PutInlinePolicyToPermissionSet.html) 
+ [
PutPermissionsBoundaryToPermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_PutPermissionsBoundaryToPermissionSet.html) 
+ [
TagResource
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_TagResource.html)
 
+ [
UntagResource
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_UntagResource.html) 
+ [
UpdateApplication
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_UpdateApplication.html) 
+ [
UpdateInstance
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_UpdateInstance.html) 
+ [
UpdateInstanceAccessControlAttributeConfiguration
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_UpdateInstanceAccessControlAttributeConfiguration.html) 
+ [
UpdatePermissionSet
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_UpdatePermissionSet.html) 
+ [
UpdateTrustedTokenIssuer
](https://docs.amazonaws.cn/singlesignon/latest/APIReference/API_UpdateTrustedTokenIssuer.html) 

## CloudTrail 身份存储 API 操作的事件
<a name="cloudtrail-events-identity-store-operations"></a>

以下列表包含公共 Id CloudTrail entity Store 操作随`identitystore.amazonaws.com`事件源一起发出的事件。有关公共 Identity Store API 操作的更多信息，请参阅《[Identity Store API 参考](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/welcome.html)》。

 您可能会在 CloudTrail 带有事件源的 Identity Store 控制台 API 操作中找到其他`sso-directory.amazonaws.com`事件。它们 APIs支持控制台和 Amazon Web Services 访问门户。如果您需要检测特定操作（例如将成员添加到组）的发生，我们建议您同时考虑公共和控制台 API 操作。有关这些控制台的更多信息 APIs，请参阅《[服务授权参考](https://docs.amazonaws.cn/service-authorization/latest/reference/list_awsidentitystore.html)》。
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroup.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroup.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroupMembership.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroupMembership.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroup.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroup.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroupMembership.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroupMembership.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DeleteUser.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DeleteUser.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DescribeUser.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_DescribeUser.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupId.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupId.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupMembershipId.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupMembershipId.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_GetUserId.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_GetUserId.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMembershipsForMember.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMembershipsForMember.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_UpdateGroup.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_UpdateGroup.html)
+ [https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_UpdateUser.html](https://docs.amazonaws.cn/singlesignon/latest/IdentityStoreAPIReference/API_UpdateUser.html)

## CloudTrail OIDC API 操作的事件
<a name="cloudtrail-events-oidc-operations"></a>

以下列表包含公共 OIDC 操作发出 CloudTrail 的事件。有关公共 OIDC API 操作的更多信息，请参阅《[OIDC API 参考](https://docs.amazonaws.cn/singlesignon/latest/OIDCAPIReference/Welcome.html)》。
+ [https://docs.amazonaws.cn/singlesignon/latest/OIDCAPIReference/API_CreateToken.html](https://docs.amazonaws.cn/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)（事件源 `sso.amazonaws.com`）
+ [https://docs.amazonaws.cn/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html](https://docs.amazonaws.cn/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html)（事件源 `sso-oauth.amazonaws.com`）

## CloudTrail Amazon Web Services 访问门户 API 操作的事件
<a name="cloudtrail-events-access-portal-operations"></a>

以下列表包含 Amazon Web Services 访问门户 API 操作随`sso.amazonaws.com`事件源一起发出的事件。 CloudTrail 公共 API 中标明不可用的 API 操作支持 Amazon Web Services 访问门户的操作。使用 Amazon CLI 可能会导致发布公共 Amazon Web Services 访问门户 API 操作和公共 API 中不可用的操作 CloudTrail 的事件。有关公共 Amazon Web Services 访问门户 API 操作的更多信息，请参阅[Amazon Web Services 访问门户 API 参考](https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/Welcome.html)。
+ Authenticate（在公共 API 中不可用。 提供 Amazon Web Services 访问门户的登录信息。）
+ Federate（公开 API 中不可用。提供应用程序的联合身份验证功能。）
+  [https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/API_ListAccountRoles.html](https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/API_ListAccountRoles.html) 
+  [https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/API_ListAccounts.html](https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/API_ListAccounts.html) 
+  ListApplications（在公共 API 中不可用。 为用户提供分配的资源以显示在 Amazon Web Services 访问门户中。） 
+  ListProfilesForApplication（在公共 API 中不可用。 提供应用程序元数据以显示在 Amazon Web Services 访问门户中。） 
+  [https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html](https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) 
+  [https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/API_Logout.html](https://docs.amazonaws.cn/singlesignon/latest/PortalAPIReference/API_Logout.html) 

## CloudTrail SCIM API 操作的事件
<a name="cloudtrail-events-scim-api-operations"></a>

有关公开 SCIM API 操作的信息，请参阅《[Amazon Web Services 访问门户 API 参考](scim-logging-using-cloudtrail.md)》。

## IAM 身份中心 CloudTrail 活动中的身份信息
<a name="identity-info-in-cloudtrail-events"></a>

每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容：
+ 请求是使用根用户还是 Amazon Identity and Access Management (IAM) 用户证书发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 Amazon 服务发出。
+ 请求是否由 IAM Identity Center 用户发起。如果是，则 CloudTrail 事件中的`userId`和`identityStoreArn`字段可用来识别发起请求的 IAM Identity Center 用户。有关更多信息，请参阅 [在 IAM 身份中心用户发起 CloudTrail 的事件中识别用户](sso-cloudtrail-use-cases.md#user-session-iam-identity-center)。

有关更多信息，请参阅 [CloudTrail userIdentity 元素](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。

**注意**  
目前，IAM Identity Center 不会为用户使用 [O](https://docs.amazonaws.cn/singlesignon/latest/OIDCAPIReference/Welcome.html) IDC API 登录 Amazon 托管网络应用程序（例如 Amazon A SageMaker I Studio）发出 CloudTrail 事件。这些 Web 应用程序是更广泛的 [Amazon 托管应用程序](awsapps.md) 集合的子集，该集合还包括非 Web 应用程序，例如 Amazon Athena SQL 和 Amazon S3 访问权限管控。