## Logged events

The following sections outline the various events logged in the **Monitoring** section of your portal. Each event includes details on the event type, action taken, and a description.

### Successful events

| Event Type | Action | Description |
|  --- | --- | --- |
| `login.completed` | Login completed | User has successfully logged in. |
| `login.email_sent` | Magic link/code email sent | User has been sent a magic link/code as part of the login process. |
| `login.sms_sent` | Magic link/code SMS sent | User has been sent a magic link/code via SMS for login. |
| `email_verification.sent` | Verification email sent | User has been sent a verification email. |
| `email_verification.completed` | Verification completed | User has completed the verification process. |
| `password_reset.email_sent` | Reset password email sent to user | User has been sent a password reset email. |
| `password_reset.completed` | Password reset completed | User has successfully reset their password. |
| `password_breach.email_sent` | Password breach email sent | User received an email about a breached password. |
| `signup.completed` | Signup completed | User has successfully signed up. |
| `tenant_sso.completed` | Tenant SSO completed | Single Sign-On (SAML / OIDC) handshake was successful. |
| `prehook.completed` | Prehook invocation completed | Prehook has been successfully invoked. |
| `mfa.promoted_to_code` | Promoted for MFA code | User was prompted for MFA. |
| `mfa.verification.completed` | MFA verification completed | User has successfully logged in via MFA. |
| `mfa.enrollment.promoted` | Promoted for MFA enrollment | User was prompted to enroll in MFA. |
| `mfa.enrollment.completed` | MFA enrollment completed | Enrollment for MFA has been successfully completed. |
| `refresh_token.exchange.completed` | Refresh token exchange completed | User’s access token was successfully refreshed. |
| `oidc.started` | OIDC flow started | OIDC login flow has started for user. |
| `oidc_token.exchange.completed` | OIDC token exchange successfully | OIDC token has been successfully exchanged. |
| `webhook.triggered` | Webhook triggered | Webhook has been triggered successfully. |
| `user.source.updated` | User pool updated | User pool configuration was updated. |
| `applications.assigned.to.user.source` | Applications assigned to user pool | Application(s) was assigned to a user pool. |
| `user.source.created` | User pool created | User pool configuration was created. |
| `user.source.deleted` | User pool deleted | User pool configuration was deleted. |
| `applications.unassigned.from.user.source` | Applications unassigned from user pool | Application(s) was unassigned from a user pool. |
| `scim.user-creation.requested` | SCIM2 User creation requested | User creation was requested via SCIM2. |
| `scim.group-creation.requested` | SCIM2 Group creation requested | Group creation was requested via SCIM2. |
| `scim.user-updation.requested` | SCIM2 User updation requested | User update was requested via SCIM2. |
| `scim.group-updation.requested` | SCIM2 Group updation requested | Group update was requested via SCIM2. |
| `scim.user-deletion.requested` | SCIM2 User deletion requested | User deletion was requested via SCIM2. |
| `scim.gtoup-deletion.requested` | SCIM2 Group deletion requested | Group deletion was requested via SCIM2. |


### Error events

| Event Type | Action | Description |
|  --- | --- | --- |
| `login.invalid_password` | Invalid password used for login | The password entered does not match the stored password. |
| `email_verification.failed` | Verification flow failed | User failed the verification process. |
| `login.invalid_email` | Invalid email used for login | The provided email is not in the user list. |
| `password_reset.failed` | Password reset failed | User failed to reset their password. |
| `magic_code.failed` | Magic code failed | One-time code was not found or has expired. |
| `magic_link.failed` | Magic link failed | Link was either not found, already used, or expired. |
| `ip_policy.validation_failed` | IP policy validation failed | User failed the IP policy verification and cannot log in. |
| `tenant_sso.failed` | Tenant SSO failed | Single Sign-On (SAML / OIDC) handshake failed. |
| `signup.failed` | Signup failed | User failed to sign up. |
| `prehook.failed` | Prehook invocation failed | Prehook invocation has failed. |
| `mfa.verification.failed` | MFA verification failed | MFA verification during login flow failed. |
| `mfa.enrollment.failed` | MFA enrollment failed | MFA enrollment flow of tenant failed. |
| `social_login.verification_failed` | Social login verification failed | User verification through social login failed. |
| `oidc_token.exchange.failed` | OIDC token exchange failed | Token exchange during OIDC login flow failed. |
| `login.invalid_session` | Invalid session for login | The session could not be found for the user. |
| `webhook.failed` | Webhook failed | Webhook triggering failed. |
| `scim.user-updation.invalid-format` | Invalid SCIM Field Format | User update via SCIM2 failed due to an invalid user object or attribute. |
| `email.send.failed` | Sending email failed | Sending an email to user has failed. |


### Security events

| Event Type | Action | Description |
|  --- | --- | --- |
| `user.locked` | User locked | User is locked out and cannot log in due to reaching lockout limits. |
| `recaptcha_policy.validation_failed` | reCaptcha validation failed | User failed the reCaptcha verification. |
| `lockout_policy.limit_reached` | Lockout policy limit reached | User has reached lockout policy limits. |
| `password_breach.email_sent` | Password breach email sent | Sent an email on breached password. |
| `security.new_device.detected` | New device detected | User logged in with a new device. |
| `security.impossible_travel.detected` | Impossible travel detected | An impossible travel event was detected, indicating a user login from distant locations within an unrealistic time frame. |
| `security.breached_password.detected` | Breached password detected | A login was attempted with a password known to be compromised in prior data breaches. |
| `security.suspicious_ip.detected` | Suspicious IP detected | A login attempt was made from an IP address flagged for suspicious activity. |
| `security.bad_email_reputation.detected` | Bad email reputation detected | A sign-up attempt was detected using an email with a low reputation score. |