SAML Audit Activity Events

This document lists the events and parameters for various types of SAML Audit activity events. These events can be retrieved by calling Activities.list() with applicationName=saml.

Saml login

Login event type. Events of this type are returned with type=login.

Failed login

Failed saml login.

Event details
Event name login_failure
Parameters
application_name

string

Saml SP application name.

failure_type

string

Login failure type. Possible values:

  • failure_app_not_configured_for_user
    Whether the login failed because of app not configured for user.
  • failure_app_not_enabled_for_user
    Whether the login failed because of app not enabled for user.
  • failure_invalid_sp_id
    Whether the login failed because of invalid SP id.
  • failure_invalid_user_id_mapping
    Whether the login failed because of invalid userid mapping requested.
  • failure_malformed_request
    Whether the login failed because of malformed request.
  • failure_no_passive
    Whether the login failed because of failing to authenticate user passively.
  • failure_request_denied
    Whether the login failed because of request denied.
  • failure_unknown
    Whether the login failed because of unknown reason.
  • failure_user_id_mapping_unavailable
    Whether the login failed because of userid mapping unavailable.
initiated_by

string

Requester of saml authentication. Possible values:

  • idp
    Saml authentication initiated by IdP.
  • sp
    Saml authentication initiated by SP.
orgunit_path

string

User orgunit.

saml_second_level_status_code

string

Saml second level status code.

saml_status_code

string

Saml status code.

Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_failure&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} failed to login because of the following error: {failure_type}

Successful login

Successful saml login.

Event details
Event name login_success
Parameters
application_name

string

Saml SP application name.

initiated_by

string

Requester of saml authentication. Possible values:

  • idp
    Saml authentication initiated by IdP.
  • sp
    Saml authentication initiated by SP.
orgunit_path

string

User orgunit.

saml_status_code

string

Saml status code.

Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_success&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} logged in

Send feedback about...

Reports API
Reports API
Need help? Visit our support page.