just to widen the discussion… not to give a definitive answer: Access auditing has three facets: User management: Provision / decommission accounts Group assignments: Add users to groupsAccess control: Add ACLs to groupsUser and group management is done typically in external, centralized  IDPs in la...