Event Resource and Types
The section Event Resource provides details about common event elements that you’ll encounter while working with the Event API.
The section Event Type IDs provides event type IDs and their descriptions.
You can also get a list of all event types, their names, IDs, and descriptions by calling the Get Event Types API.
Event-related dates and times use the Coordinated Universal Time (UTC) format: YYYY-MM-DDThh:mm:ss.mscZ. For example:
Account that triggered the event.
Acting system that triggered the event when the actor is not a user.
ID of the user whose action triggered the event.
First and last name of the user whose action triggered the event.
ID of the app involved in the event, if applicable.
Name of the app involved in the event, if applicable.
Name of the user who assumed the role of the acting user to trigger the event, if applicable.
|client_id||Client ID used to generate the access token that made the API call that generated the event.|
Time and date at which the event was created. This value is autogenerated by OneLogin.
More details about the event.
Directory sync run ID.
|error_description||Provisioning error details, if applicable.|
Type of event triggered.
For details, see “Event Type IDs” below.
ID of a group involved in the event.
Name of a group involved in the event.
Event’s unique ID in OneLogin. Autogenerated by OneLogin.
IP address of the machine used to trigger the event.
More details about the event.
ID of a device involved in the event.
Name of a device involved in the event.
ID of the policy involved in the event.
Name of the policy involved in the event.
|resource_type_id||ID of the resource (user, role, group, and so forth) associated with the event.|
ID of a role involved in the event.
Name of a role involved in the event.
ID of the user that was acted upon to trigger the event.
Name of the user that was acted upon to trigger the event.
Event Type IDs
This is a partial list of the available Event Types. You can get a complete list of all event types, their names, IDs, and descriptions by calling the Get Event Types API.
|1||App added to role|
|2||App removed from role|
|3||Acting user assumed user|
|4||Role assigned to user|
|5||User logged in to OneLogin|
|6||User login to OneLogin failed|
|7||User logged out of OneLogin|
|8||User logged in to app|
|10||User requested new password|
|11||User changed password|
|18||Admin approved password request|
|20||User limit reached|
|22||User registered OTP device|
|23||User triggered bulk operation|
|24||User deregistered OTP device|
|25||Provisioning exception. Logged to display the result of a user search in an application during a provisioning task. The response will be either “<user> searched in <app_name>” or “<user> could not be searched in <app_name>.”|
|26||Provisioning event. Logged whenever entitlements are refreshed for an app.|
|27||User downloaded browser certificate|
|28||User recently removed|
|29||User logged out of app|
|30||Updated payment info|
|31||Failed update to payment info|
|33||User imported from directory|
|34||User requested access to app|
|35||User locked out of app|
|36||User lost OTP device|
|37||User requested join|
|38||App reached user limit|
|40||User unlocked OTP device|
|41||Active Directory Connector started|
|42||Active Directory Connector stopped|
|43||Active Directory Connector configuration reloaded. Logged when you make a change to the directory in OneLogin and the ADC receives a message to reload the server configuration.|
|44||Active Directory Connector notification. Logged for generic status messages.|
|45||Active Directory Connector exception. Logged when an error in the ADC takes place.|
|46||Active Directory Connector failed over. Logged when OneLogin switches the active (sync) ADC because the primary syncing ADC becomes unresponsive.|
|47||Active Directory Connector exception. Logged when an error in the ADC takes place.|
|49||Update to user failed|
|51||User created in app|
|52||User updated in app|
|53||User suspended in app|
|54||User reactivated in app|
|55||User deleted in app|
|59||User linked in app|
|60||Provisioning/Deprovisioning mode: Do nothing warning|
|61||User suspension failed in app|
|62||User reactivation failed in app|
|63||User deletion failed in app|
|64||User creation failed in app|
|65||User update failed in app|
|66||No users to import|
|67||Directory import exception|
|68||User authenticated by RADIUS|
|69||User rejected by RADIUS|
|70||Privilege granted to account|
|71||Privilege revoked from account|
|72||Privilege granted to user|
|73||Privilege revoked from user|
|74||User added a trusted IdP|
|75||User removed a trusted IdP|
|76||User modified a Trusted IdP|
|77||User failed to login to app via assertion proxy|
|78||User logged into app via assertion proxy|
|79||User failed to provision in directory|
|80||User created in directory|
|81||User updated in directory|
|82||User suspended in directory|
|83||User reactivated in directory|
|84||User deleted in directory|
|85||Could not authenticate to app|
|86||User failed remote authentication|
|87||User viewed secure note|
|88||User edited secure note|
|89||User deleted secure note|
|100||Self-registration requested for user|
|101||Self-registration approved for user|
|102||Self-registration denied for user|
|110||Acting user updated user login information|
|111||Acting user attempted to update user login information|
|112||User changed default trusted IdP|
|113||Directory import started|
|114||Directory import finished|
|116||User creation failed|
|117||Directory sync run ID|
|118||SAML assertion consumer service failed|
|119||Trusted IdP removed as default|
|120||User unlocked in directory|
|122||User authenticated via API|
|123||User authentication via API failed|
|124||Safe entitlements cache activity occurred. For example, safe entitlements was enabled or disabled.|
|125||Creation of new entitlements in a service succeeded or failed. For example, creation of user folders in Box succeeded or failed.|
|126||Directory connector enabled|
|127||Directory connector disabled|
|128||No Active Active Directory connectors|
|129||VLDAP bind failed|
|130||VLDAP bind successful|
|131||Directory export started|
|132||Directory export finished|
|133||Directory export exception|
|134||Directory refresh schema exception|
|135||Certificate expiration notice|
|136||Directory fields import started|
|137||User app request approved|
|138||User app request denied|
|139||Directory fields import finished|
|140||Social sign-in successful|
|141||Social sign-in failed|
|145||Smart password updated|
|146||Smart password update failed|
|147||User manually added to role|
|148||User manually removed from role|
|149||User automatically added to role|
|150||User automatically removed from role|
|151||Role management granted|
|152||Role management revoked|
|153||Mac login successful|
|154||Mac login failed|
|155||Import of directory fields experienced an exception|
|159||Proxy agent created|
|160||Proxy agent deleted|
|161||RADIUS configuration created|
|162||RADIUS configuration updated|
|163||RADIUS configuration deleted|
|165||VPN settings updated|
|168||Embedding settings updated|
|170||Authentication factor created|
|171||Authentication factor updated|
|172||Authentication factor deleted|
|173||Security questions updated|
|174||Desktop SSO settings updated|
|175||Desktop SSO enabled|
|176||Desktop SSO disabled|
|179||API credential created|
|180||API credential deleted|
|181||API credential enabled|
|182||API credential disabled|
|185||VLDAP settings updated|
|194||User field added|
|195||User field deleted|
|196||Company information updated|
|197||Account settings updated|
|200||Directory connector instance added|
|201||Directory connector instance deleted|
|203||Self-registration profile created|
|204||Self-registration profile updated|
|205||Self-registration profile deleted|
|206||Login manually added|
|207||Login manually removed|
|210||LDAP connector exception|
|400||API bad request|
|401||API request unauthorized|
|501||Retrieved all resources (for User or Group)|
|502||Retrieved resource by ID (for User or Group)|
|503||Retrieved custom attributes, retrieved apps for a user, or retrieved roles for a user|
|510||Set password with salt|
|511||Set password using cleartext|
|512||Set custom attribute for a user|
|513||Added role to a user|
|514||Removed role from a user|
|515||Issued session login token|
|516||Logged user out via API|
|517||Failed to set password with salt|
|518||Failed to set password using cleartext|
|519||Failed to set custom attribute for a user|
|520||Failed to add role to a user|
|521||Failed to remove role from a user|
|522||Failed to issue session login token|
|523||Failed to log user out via API|
|524||Failed to delete user|
|525||Failed to invite user|
|526||Failed to lock user account|
|527||Verification of factor via API failed|
|528||Verified factor via API|
|529||Updated user via API|
|530||Destroyed user via API|
|531||Locked user via API|
|532||Update to user via API failed|
|533||Created user via API|
|534||Creation of user via API failed|
|535||Get invite link via API|
|535||Send invite link via API|