SAML Audit Activity Events

Stay organized with collections Save and categorize content based on your preferences.

This document lists the events and parameters for various types of SAML Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=saml.

Saml login

Login event type. Events of this type are returned with type=login.

Failed login

Failed saml login.

Event details
Event name login_failure
Parameters
application_name

string

Saml SP application name.

device_id

string

Saml Device ID.

failure_type

string

Login failure type. Possible values:

  • failure_app_not_configured_for_user
    Whether the login failed because of app not configured for user.
  • failure_app_not_enabled_for_user
    Whether the login failed because of app not enabled for user.
  • failure_invalid_sp_id
    Whether the login failed because of invalid SP id.
  • failure_invalid_user_id_mapping
    Whether the login failed because of invalid userid mapping requested.
  • failure_malformed_request
    Whether the login failed because of malformed request.
  • failure_no_passive
    Whether the login failed because of failing to authenticate user passively.
  • failure_request_denied
    Whether the login failed because of request denied.
  • failure_unknown
    Whether the login failed because of unknown reason.
  • failure_user_id_mapping_unavailable
    Whether the login failed because of userid mapping unavailable.
initiated_by

string

Requester of saml authentication. Possible values:

  • idp
    Saml authentication initiated by IdP.
  • sp
    Saml authentication initiated by SP.
orgunit_path

string

User orgunit.

saml_second_level_status_code

string

Response second level status.

saml_status_code

string

Response status.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_failure&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} failed to login because of the following error: {failure_type}

Successful login

Successful saml login.

Event details
Event name login_success
Parameters
application_name

string

Saml SP application name.

device_id

string

Saml Device ID.

initiated_by

string

Requester of saml authentication. Possible values:

  • idp
    Saml authentication initiated by IdP.
  • sp
    Saml authentication initiated by SP.
orgunit_path

string

User orgunit.

saml_status_code

string

Response status.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_success&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} logged in