The AAF Feferation Rules section 8.10 states the following regarding retaining logs.


8.10 The Identity Provider must ensure that sufficient logging information is retained for the period specified by the Federation Operator to be able to associate a particular End User with a given session that the Identity Provider has Authenticated


For RapdiIdP customers AAF are retaining specific logs as follows:
  • idp process and warning logs - 3 months.
  • IdP audit and fticks logs - indefinitely.
For organisation running on-prem IdPs we only require the IdP audit logs be retained for at least 24 months.
The IdP audit logs are used to associate a particular End User with a given authentication session.

There is no AAF requirement for other logs from upstream IdPs such as EntraID or OKTA to be retained.