when I use Hytrust for vCenter Hytrust logs what is being done based on the user logged in to vCenter.  But when I use "Share a unique session" in orchestrator, then my service account is what vCenter logs as taking the action, and the user that configured the workflow is only known to orchestrtator, not vCenter or Hytrust.  It has to be that way in orchestrator so that scheduled workflows to manage the infrastructure are not dependent on a single employee's AD account.  However that impacts my logging and the controls around vCenter because now that logging for those scheduled workflows are in vRO and not in vCenter, and the info on what user is attempting to run what workflow is known only to orchestrator. vCenter sees only that the service account is attempting to do something.

Moving to a cloud infrastructure more and more automation and vCenter actions are being done through vRO and not vCenter.  How does the previous scheme of handling logging and authorization in vCenter with Hytrust map to a new design where I am moving execution of tasks into orchestrator and using "share a unique session"?