See api-docs Menu

Event Resource and Types

The section Event Resource provides details about common event elements that you’ll encounter while working with the Event API.

The section Event Type IDs provides event type IDs and their descriptions.

You can also get a list of all event types, their names, IDs, and descriptions by calling the Get Event Types API.

Event Resource

Event-related dates and times use the Coordinated Universal Time (UTC) format: YYYY-MM-DDThh:mm:ss.mscZ. For example: 2016-01-21T09:20:15.990Z.

Element Description


Account that triggered the event.


Acting system that triggered the event when the actor is not a user.


ID of the user whose action triggered the event.


First and last name of the user whose action triggered the event.


ID of the app involved in the event, if applicable.


Name of the app involved in the event, if applicable.


Name of the user who assumed the role of the acting user to trigger the event, if applicable.

client_id Client ID used to generate the access token that made the API call that generated the event.


Time and date at which the event was created. This value is autogenerated by OneLogin.


More details about the event.


Directory sync run ID.

error_description Provisioning error details, if applicable.


Type of event triggered.

For details, see “Event Type IDs” below.


ID of a group involved in the event.


Name of a group involved in the event.


Event’s unique ID in OneLogin. Autogenerated by OneLogin.


IP address of the machine used to trigger the event.


More details about the event.


ID of a device involved in the event.


Name of a device involved in the event.


ID of the policy involved in the event.


Name of the policy involved in the event.

resource_type_id ID of the resource (user, role, group, and so forth) associated with the event.


ID of a role involved in the event.


Name of a role involved in the event.


ID of the user that was acted upon to trigger the event.


Name of the user that was acted upon to trigger the event.

Event Type IDs

This is a partial list of the available Event Types. You can get a complete list of all event types, their names, IDs, and descriptions by calling the Get Event Types API.

1 App added to role
2 App removed from role
3 Acting user assumed user
4 Role assigned to user
5 User logged in to OneLogin
6 User login to OneLogin failed
7 User logged out of OneLogin
8 User logged in to app
10 User requested new password
11 User changed password
12 User unlocked
13 User created
14 User updated
15 User deactivated
16 User activated
17 User deleted
18 Admin approved password request
19 User locked
20 User limit reached
21 User suspended
22 User registered OTP device
23 User triggered bulk operation
24 User deregistered OTP device
25 Provisioning exception. Logged to display the result of a user search in an application during a provisioning task. The response will be either “<user> searched in <app_name>” or “<user> could not be searched in <app_name>.”
26 Provisioning event. Logged whenever entitlements are refreshed for an app.
27 User downloaded browser certificate
28 User recently removed
29 User logged out of app
30 Updated payment info
31 Failed update to payment info
32 User reactivated
33 User imported from directory
34 User requested access to app
35 User locked out of app
36 User lost OTP device
37 User requested join
38 App reached user limit
39 Connector broken
40 User unlocked OTP device
41 Active Directory Connector started
42 Active Directory Connector stopped
43 Active Directory Connector configuration reloaded. Logged when you make a change to the directory in OneLogin and the ADC receives a message to reload the server configuration.
44 Active Directory Connector notification. Logged for generic status messages.
45 Active Directory Connector exception. Logged when an error in the ADC takes place.
46 Active Directory Connector failed over. Logged when OneLogin switches the active (sync) ADC because the primary syncing ADC becomes unresponsive.
47 Active Directory Connector exception. Logged when an error in the ADC takes place.
48 User imported
49 Update to user failed
50 User rejected
51 User created in app
52 User updated in app
53 User suspended in app
54 User reactivated in app
55 User deleted in app
56 Unmatched users
59 User linked in app
60 Provisioning/Deprovisioning mode: Do nothing warning
61 User suspension failed in app
62 User reactivation failed in app
63 User deletion failed in app
64 User creation failed in app
65 User update failed in app
66 No users to import
67 Directory import exception
68 User authenticated by RADIUS
69 User rejected by RADIUS
70 Privilege granted to account
71 Privilege revoked from account
72 Privilege granted to user
73 Privilege revoked from user
74 User added a trusted IdP
75 User removed a trusted IdP
76 User modified a Trusted IdP
77 User failed to login to app via assertion proxy
78 User logged into app via assertion proxy
79 User failed to provision in directory
80 User created in directory
81 User updated in directory
82 User suspended in directory
83 User reactivated in directory
84 User deleted in directory
85 Could not authenticate to app
86 User failed remote authentication
87 User viewed secure note
88 User edited secure note
89 User deleted secure note
100 Self-registration requested for user
101 Self-registration approved for user
102 Self-registration denied for user
105 SMS failure
110 Acting user updated user login information
111 Acting user attempted to update user login information
112 User changed default trusted IdP
113 Directory import started
114 Directory import finished
115 User invited
116 User creation failed
117 Directory sync run ID
118 SAML assertion consumer service failed
119 Trusted IdP removed as default
120 User unlocked in directory
121 Scriptlet error
122 User authenticated via API
123 User authentication via API failed
124 Safe entitlements cache activity occurred. For example, safe entitlements was enabled or disabled.
125 Creation of new entitlements in a service succeeded or failed. For example, creation of user folders in Box succeeded or failed.
126 Directory connector enabled
127 Directory connector disabled
128 No Active Active Directory connectors
129 VLDAP bind failed
130 VLDAP bind successful
131 Directory export started
132 Directory export finished
133 Directory export exception
134 Directory refresh schema exception
135 Certificate expiration notice
136 Directory fields import started
137 User app request approved
138 User app request denied
139 Directory fields import finished
140 Social sign-in successful
141 Social sign-in failed
145 Smart password updated
146 Smart password update failed
147 User manually added to role
148 User manually removed from role
149 User automatically added to role
150 User automatically removed from role
151 Role management granted
152 Role management revoked
153 Mac login successful
154 Mac login failed
155 Import of directory fields experienced an exception
156 Policy created
157 Policy updated
158 Policy deleted
159 Proxy agent created
160 Proxy agent deleted
161 RADIUS configuration created
162 RADIUS configuration updated
163 RADIUS configuration deleted
164 VPN enabled
165 VPN settings updated
166 VPN disabled
167 Embedding enabled
168 Embedding settings updated
169 Embedding disabled
170 Authentication factor created
171 Authentication factor updated
172 Authentication factor deleted
173 Security questions updated
174 Desktop SSO settings updated
175 Desktop SSO enabled
176 Desktop SSO disabled
177 Certificate created
178 Certificate deleted
179 API credential created
180 API credential deleted
181 API credential enabled
182 API credential disabled
183 VLDAP enabled
184 VLDAP disabled
185 VLDAP settings updated
186 Branding enabled
187 Branding disabled
188 Branding updated
189 Mapping added
190 Mapping deleted
191 Mapping disabled
192 Mapping enabled
193 Mapping updated
194 User field added
195 User field deleted
196 Company information updated
197 Account settings updated
198 Directory created
199 Directory destroyed
200 Directory connector instance added
201 Directory connector instance deleted
202 Mappings reapplied
203 Self-registration profile created
204 Self-registration profile updated
205 Self-registration profile deleted
206 Login manually added
207 Login manually removed
208 Provisioning retrieved
210 LDAP connector exception
400 API bad request
401 API request unauthorized
501 Retrieved all resources (for User or Group)
502 Retrieved resource by ID (for User or Group)
503 Retrieved custom attributes, retrieved apps for a user, or retrieved roles for a user
510 Set password with salt
511 Set password using cleartext
512 Set custom attribute for a user
513 Added role to a user
514 Removed role from a user
515 Issued session login token
516 Logged user out via API
517 Failed to set password with salt
518 Failed to set password using cleartext
519 Failed to set custom attribute for a user
520 Failed to add role to a user
521 Failed to remove role from a user
522 Failed to issue session login token
523 Failed to log user out via API
524 Failed to delete user
525 Failed to invite user
526 Failed to lock user account
527 Verification of factor via API failed
528 Verified factor via API
529 Updated user via API
530 Destroyed user via API
531 Locked user via API
532 Update to user via API failed
533 Created user via API
534 Creation of user via API failed
535 Get invite link via API
535 Send invite link via API

Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.