Feature Requests

We'd like to implement custom webhooks to get data from our workflows/ jobs into their logs. We would like to them to include the runner's name on the response

CircleCI audit logs track actions like creating contexts and triggering workflows, but don't capture user login events. This creates a gap for security teams who need to monitor all platform access. Problem: * Can't track users who log in but don't trigger builds * No way to see who accessed CircleCI during a given period * Current "Active Users" only shows users who trigger work * Missing visibility into authentication patterns and potential security incidents Requested Events: user.logged_in - Successful authentication Use Case: Enable security teams to monitor all platform access, track login patterns, and automate access reviews via audit logs and API.

This is a request to include IP Addresses in Audit Logs, or to have the option to include them.

Vault supports features like dynamic secrets generation, where you could create AWS keys that were only good for a limited time. Instead of long-lived creds stored as environment variables, you can update them every day, or every CI/CD run. CCI-I-1069

Enable a setting to restrict the "Rebuild with SSH" action to only administrators (role on Github Team) CCI-I-823

When creating a new user account for an SSO enabled org, the user needs to create an account then join the organization via SSO. It would reduce user onboarding confusion if the new user was automatically routed to authenticate with their organization.

Currently group grants can only be assigned to a project. It would be helpful if an a group grant could be given on an org level, to allow for an admin group to be created.

Adding session tags or allowing for them to be added would allow for consolidation of roles. Currently a role needs to be created per project in some situations. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_adding-assume-role-idp

Allow identity providers (IDPs) to proactively provision and deprovision users based on predefined role mappings. This will ensure new users have access and and retired users are promply removed.

It would be nice to have a feature that allows cloud customers to prevent jobs from accessing certain domains or URLs that match a given pattern. Alternatively, we could prevent jobs from accessing any domain or URL that doesn't match an allowed pattern -- this may be a smaller list as the piplines may only need to access GitHub repos and known image repos.