An Important Note Concerning Duplicate Events

If you look closely at the list of supported events, you’ll see that there are some duplicate event types:

  • The profile_create event returns the same information as the entityCreated event.
  • The profile_delete event returns the same information as the entityDeleted event.
  • The profile_update event returns the same information as the entityUpdated event.

Why the duplication of events? As it turns out, profile_createprofile_delete, and profile_update are “legacy” event types that have long been used in the Identity Cloud. entityCreatedentityDeleted, and entityUpdated represent new event types that, over time, will replace the legacy event types. However, for backwards compatibility reasons decision was made not to add the new event types and immediately delete the legacy event types; that could cause issues for organizations that rely on the profile_createprofile_delete, and profile_update events. Consequently, and for an unspecified amount of time, there will be a handful of duplicate event types.

Does that matter to you? Yes, it does. After all, by default SIEM subscribers receive all the events for all the event types on the General Event Delivery whitelist. That means:

  • If you haven’t blacklisted the profile_createprofile_delete, and profile_update event types you’ll start to receive duplicate event notifications. For example, suppose User A updates her user profile. In that case, two event notifications will be sent to you for that one event: one notification for the profile_update event and one notification for the entityUpdated event. To stop receiving duplicate notifications you’ll need to blacklist one set of event types.
  • If you have blacklisted the profile_createprofile_delete, and profile_update event types, that’s likely because you don’t want to receive notifications of user profile-related events. Now, however, you will receive those notifications. When User A updates her user profile, you won’t receive a notification for the blacklisted profile_update event type, but you will receive a notification for the entityUpdated event type. To stop all user profile-related notifications you’ll need to blacklist the three new event types (entityCreatedentityDeleted, and entityUpdated).

As we hinted at a moment ago, the legacy event types will eventually be removed from the SIEM event delivery system (although no timetable for removal has been announced). Because of that, and if you want to receive user profile-related events, Akamai recommends that you blacklist the legacy events (profile_createprofile_delete, and profile_update) and use the new event types (entityCreatedentityDeleted, and entityUpdated) instead. This keeps you from receiving duplicate event notifications, and helps to ensure that there won’t be any problems when the legacy events are removed: after all, if those events are blacklisted, you aren’t receiving notification for them anyway.