Hi HN, let me run a thought by you.
Have you ever thought that sending your users access and audit events to a data graveyard (aka log storage) is a bad idea? I certainly have! What if you could aggregate the audit and access events to your users data? This would make it far easier to understand and aggregate what your users are doing, leading to better insights and actions.
We at Zitadel recently raised $9M (1) to further this vision—an identity system that not only stores users and provides authentication but also helps you understand your users and their risk better. Imagine extending auth SDKs to not only check authentications/sessions/tokens but also to send events of what users do. With this well-structured data, it becomes easy to create forensic reports, usage reporting, and even threat intelligence.
While we're just getting started on building the security analytics capabilities, Zitadel already solves a lot of the plumbing work around authentication, authorization, and single sign-on, even in multi-tenant scenarios with full support for self-hosting—all in a nice open source package (2).
How does that sound to you? Let me know your thoughts; happy to discuss here, Florian
1) https://zitadel.com/blog/zitadel-the-future-of-identity-infrastructure
2) https://github.com/zitadel/zitadel