The current state is that we have to create users first on Adobe Admin Console in order to control that the user will be created as Federated ID. Unfortunately, one of the many disappointing things about Adobe Admin Console is that it can randomly create the user as Federated ID or Adobe ID if the user creation originates from Workfront. As we were also forced into Adobe Admin Console and there is already an Adobe Admin Console Systems administrator, we can only get Product Administrator access levels on Adobe Admin Console which does not provide access to the logs.
The problem occurs in that when other product administrator or the Adobe Admin Console Systems Administrator creates/deletes a user on Adobe Admin Console, these appear as if actioned by the main Workfront systems administrator in the workfront logs which becomes an audit issue. We can't refer to the Adobe Admin Console logs quickly as that would require requesting from the Adobe Admin Console systems administrator every time we need to figure out a user creation/deletion log.
While Adobe is aware that this is an issue and they are looking to rename the log to say system administrator in the long run, there is no ETA on this fix. I am writing this Idea to get this bug(!)/feature fixed as I don't understand how this is acceptable as an audit issue.
