Audit Lanes
Veritrellis keeps two distinct audit timelines.
Product authorization audit
Source: Veritrellis runtime and data model.
Examples:
- Permit issuance
- Policy changes
- Approvals
- API key lifecycle
- Workspace/admin actions
IdP and directory audit
Source: identity provider and directory platform.
Examples:
- Sign-ins
- MFA enrollment
- SSO assertions
- Group membership changes
Rules
- Do not merge IdP events into product audit implicitly.
- Correlate with stable identifiers when needed.
- If ingesting IdP logs, use a hard source discriminator.
- Keep provisioning concerns separate from auditing concerns.