Logged events
The following sections outline the various events logged in the Monitoring section of your portal. Each event includes details on the event type, action taken, and a description.
Successful events
| Event Type | Action | Description |
|---|---|---|
login.completed | Login completed | User has successfully logged in. |
login.email_sent | Magic link/code email sent | User has been sent a magic link/code as part of the login process. |
login.sms_sent | Magic link/code SMS sent | User has been sent a magic link/code via SMS for login. |
email_verification.sent | Verification email sent | User has been sent a verification email. |
email_verification.completed | Verification completed | User has completed the verification process. |
password_reset.email_sent | Reset password email sent to user | User has been sent a password reset email. |
password_reset.completed | Password reset completed | User has successfully reset their password. |
password_breach.email_sent | Password breach email sent | User received an email about a breached password. |
signup.completed | Signup completed | User has successfully signed up. |
tenant_sso.completed | Tenant SSO completed | Single Sign-On (SAML / OIDC) handshake was successful. |
prehook.completed | Prehook invocation completed | Prehook has been successfully invoked. |
mfa.promoted_to_code | Promoted for MFA code | User was prompted for MFA. |
mfa.verification.completed | MFA verification completed | User has successfully logged in via MFA. |
mfa.enrollment.promoted | Promoted for MFA enrollment | User was prompted to enroll in MFA. |
mfa.enrollment.completed | MFA enrollment completed | Enrollment for MFA has been successfully completed. |
refresh_token.exchange.completed | Refresh token exchange completed | User’s access token was successfully refreshed. |
oidc.started | OIDC flow started | OIDC login flow has started for user. |
oidc_token.exchange.completed | OIDC token exchange successfully | OIDC token has been successfully exchanged. |
webhook.triggered | Webhook triggered | Webhook has been triggered successfully. |
user.source.updated | User pool updated | User pool configuration was updated. |
applications.assigned.to.user.source | Applications assigned to user pool | Application(s) was assigned to a user pool. |
user.source.created | User pool created | User pool configuration was created. |
user.source.deleted | User pool deleted | User pool configuration was deleted. |
applications.unassigned.from.user.source | Applications unassigned from user pool | Application(s) was unassigned from a user pool. |
scim.user-creation.requested | SCIM2 User creation requested | User creation was requested via SCIM2. |
scim.group-creation.requested | SCIM2 Group creation requested | Group creation was requested via SCIM2. |
scim.user-updation.requested | SCIM2 User updation requested | User update was requested via SCIM2. |
scim.group-updation.requested | SCIM2 Group updation requested | Group update was requested via SCIM2. |
scim.user-deletion.requested | SCIM2 User deletion requested | User deletion was requested via SCIM2. |
scim.gtoup-deletion.requested | SCIM2 Group deletion requested | Group deletion was requested via SCIM2. |
Error events
| Event Type | Action | Description |
|---|---|---|
login.invalid_password | Invalid password used for login | The password entered does not match the stored password. |
email_verification.failed | Verification flow failed | User failed the verification process. |
login.invalid_email | Invalid email used for login | The provided email is not in the user list. |
password_reset.failed | Password reset failed | User failed to reset their password. |
magic_code.failed | Magic code failed | One-time code was not found or has expired. |
magic_link.failed | Magic link failed | Link was either not found, already used, or expired. |
ip_policy.validation_failed | IP policy validation failed | User failed the IP policy verification and cannot log in. |
tenant_sso.failed | Tenant SSO failed | Single Sign-On (SAML / OIDC) handshake failed. |
signup.failed | Signup failed | User failed to sign up. |
prehook.failed | Prehook invocation failed | Prehook invocation has failed. |
mfa.verification.failed | MFA verification failed | MFA verification during login flow failed. |
mfa.enrollment.failed | MFA enrollment failed | MFA enrollment flow of tenant failed. |
social_login.verification_failed | Social login verification failed | User verification through social login failed. |
refresh_token.exchange.failed | Refresh token exchange failed | Exchange of refersh token failed. |
oidc_token.exchange.failed | OIDC token exchange failed | Token exchange during OIDC login flow failed. |
login.invalid_session | Invalid session for login | The session could not be found for the user. |
webhook.failed | Webhook failed | Webhook triggering failed. |
scim.user-updation.invalid-format | Invalid SCIM Field Format | User update via SCIM2 failed due to an invalid user object or attribute. |
email.send.failed | Sending email failed | Sending an email to user has failed. |
Security events
| Event Type | Action | Description |
|---|---|---|
user.locked | User locked | User is locked out and cannot log in due to reaching lockout limits. |
recaptcha_policy.validation_failed | reCaptcha validation failed | User failed the reCaptcha verification. |
lockout_policy.limit_reached | Lockout policy limit reached | User has reached lockout policy limits. |
password_breach.email_sent | Password breach email sent | Sent an email on breached password. |
security.new_device.detected | New device detected | User logged in with a new device. |
security.impossible_travel.detected | Impossible travel detected | An impossible travel event was detected, indicating a user login from distant locations within an unrealistic time frame. |
security.breached_password.detected | Breached password detected | A login was attempted with a password known to be compromised in prior data breaches. |
security.suspicious_ip.detected | Suspicious IP detected | A login attempt was made from an IP address flagged for suspicious activity. |
security.bad_email_reputation.detected | Bad email reputation detected | A sign-up attempt was detected using an email with a low reputation score. |