Skip to content

Compliance and Audit Trail

Hire2Retire Compliance and Audit Trail allows you to save and archive event history to AWS S3, Azure Blob Storage and/or MySQL database for each workflow. This is the same event information that is available on the Observe Pane on Hire2Retire for the workflow you have setup. Currently in Compliance and Audit Trail we are showing execution time in GMT.

To start using compliance and audit trail feature for each workflow, you need to define a default compliance and audit trail configuration. The default Compliance and Audit Trail configuration can be done on the User Profile page and the value will be applied to all new workflows. You can also define the flow specific archival configuration by override the default AWS, Azure Blob or S3 archival settings. You will be asked to set the flow specific archival configuration on deploying a workflow and you can update the flow configuration anytime using the setting icon on the top right of the design page.

AWS S3 Compliance and Audit Trail setting on flow deployment

There are three archival methods:

  1. AWS S3
  2. Azure Blob
  3. MySQL

The default archival frequency is every 4 hours.

AWS S3 Archival Settings

You will need to create a connection with AWS S3 on the User Profile page. You can do so by clicking the Link AWS S3 Account button where you will need to provide the AWS access key and the secret key.

AWS S3 Archival Connection Setup

Figure 1. AWS S3 Archival Connection Setup on User Profile Page

Upon setting up the AWS S3 connection, you can configure the following parameters for the compliance and audit trail.

  • S3 Bucket Name
  • Folder name within the bucket

AWS S3 Archival setting page

Figure 2. Setup AWS S3 Archival Parameters on User Profile Page

The default AWS S3 compliance and audit trail from the User Profile page will be applied to all new workflows. You can also define the flow specific archival configuration by overriding the default AWS S3 archival settings as shown in the image below. Here you can also turn on or off the AWS S3 archival for that specific workflow.

AWS S3 Compliance and Audit Trail setting on flow deployment

Figure 3. AWS S3 Archival Parameters on the Individual Workflow During Flow Deployment

Data from events will be saved in the specified folder within the chosen S3 bucket. The information will be stored as a JSON object named "Hire2Retire_flowName_timeStamp_.json".

Azure Blob Archival Settings

Please refer to the document to setup Azure application.
Setup Azure Application
Upon setting up the Azure connection, you can configure the following parameters for the compliance and audit trail.

  • Subscription Name
  • Storage Account

You can establish a connection with Azure by accessing the User Profile page and selecting the Link Azure Blob Account button. A dialog box will pop up, prompting you to enter the client ID, tenant ID, then download and upload the provided certificate to your Azure application. Finally, click the Link Account button to complete the process.

Azure Blob Archival Connection Setup

Figure 4. Azure Blob Archival Connection Setup on User Profile Page

Azure Blob Archival setting page

Figure 5. Setup Azure Blob Archival Parameters on User Profile Page

The default Azure Blob compliance and audit trail from the User Profile page will be applied to all new workflows. You can also define the flow specific archival configuration by overriding the default Azure Blob archival settings as shown in the image below. Here you can also turn on or off the Azure Blob archival for that specific workflow.

Azure Blob Compliance and Audit Trail setting on flow deployment

Figure 6. Azure Blob Archival Parameters on the Individual Workflow During Flow Deployment

Data from events will be saved in the specified container depending on lifecycle within the chosen storage account. The information will be stored as a JSON object named "Hire2Retire_flowName_timeStamp_.json."

MySQL Archival setting

You can also use MySQL as the storage for the event history archival. To enable events archival using MySQL, you will need to set up a connection with MySQL on the User Profile page. You can do so by clicking Link MySQL Account where you will need to provide the Hostname, Port, Database Name, Username, and Password to set up the connection.

MySQL Archival setting page

Figure 7. MySQL Compliance and Audit Trail Settings on Hire2Retire User Profile Page

Upon setting up the MySQL connection, you can also copy the DDL (Data Definition Language) SQL query to create an compliance and audit trail table in your MySQL database as shown in the image below. If you choose integration, you have the option to copy the Data Definition Language (DDL) SQL query for Integration events as well.

MySQL Archival setting page

Figure 8. Setup MySQL Compliance and Audit Trail parameters on User Profile Page

The default MySQL compliance and audit trail from the User Profile page will be applied to all new workflows. You can also define the flow specific archival configuration by overriding the default MySQL archival settings as shown in the image below. Here you can also turn on or off the MySQL archival for that specific workflow.

MySQL Compliance and Audit Trail setting on flow deployment

Figure 9. MySQL Compliance and Audit Trail Settings on the Individual Workflow During Flow Deployment

Toggle Compliance and Audit Trail for Individual Flows on Manage Page

On Hire2Retire Manage page each workflow contains a toggle button to turn on or off compliance and audit trail for that specific flow.

Refer to the image below where these toggle buttons are marked in red.

Compliance and Audit Trail toggle on Manage Page

Figure 10. Compliance and Audit Trail Toggle Options on the Manage Page for Individual Flows