To monitor changes to identities within an Ory Project, you can leverage Ory's event system, which emits events for identity lifecycle changes. The most relevant events for tracking modifications are: - IdentityCreated: Emitted when a new identity is created. - IdentityUpdated: Emitted when an existing identity's details are modified or updated. This event includes the

IdentityActive

attribute, which can indicate if a user has been deactivated (e.g., via SCIM). - IdentityDeleted: Emitted when an identity is deleted from the system. These events are available through Ory Actions' live event streams, which you can subscribe to for real-time monitoring of identity changes. The event payloads will contain information about the identity and the nature of the change. However, the documentation does not explicitly state that the event payload includes a diff or a list of which specific properties were modified—only that the identity's details have changed. For property-level change tracking, you may need to compare the previous and current state of the identity using the data provided in the event or by fetching the identity details before and after the event if needed. For SCIM operations, similar events are emitted (e.g.,

IdentityUpdated

for PATCH/PUT requests), and these can be used for auditing and automation purposes as well. The event attributes may help you determine the context of the change, such as which SCIM client initiated it and whether the identity is active or not[Live event streams - Event names](https://www.ory.sh/docs/actions/live-events#event-names), [SCIM Events](https://www.ory.sh/docs/kratos/manage-identities/scim#events). Summary: - Subscribe to Ory Actions live event streams for

IdentityCreated

,

IdentityUpdated

, and

IdentityDeleted

events. - Event payloads indicate that a change occurred, but may not specify which property was changed. - For property-level auditing, you may need to compare identity states before and after the event. If you need more granular change tracking (e.g., exactly which property was modified), the knowledge sources do not explicitly confirm that this is available out-of-the-box in the event payloads. You may need to implement additional logic to compare identity snapshots as part of your monitoring solution.