This document lists the events and parameters for
various types of
SAML Audit activity events. You can retrieve these events by
calling Activities.list()
with applicationName=saml.
Saml login
Login event type.
Events of this type are returned with type=login.
Failed login
Failed saml login.
Event details
Event name
login_failure
Parameters
application_name
string
Saml SP application name.
device_id
string
Saml Device ID.
failure_type
string
Login failure type.
Possible values:
failure_app_not_configured_for_user Whether the login failed because of app not configured for user.
failure_app_not_enabled_for_user Whether the login failed because of app not enabled for user.
failure_invalid_sp_id Whether the login failed because of invalid SP id.
failure_invalid_user_id_mapping Whether the login failed because of invalid userid mapping requested.
failure_malformed_request Whether the login failed because of malformed request.
failure_no_passive Whether the login failed because of failing to authenticate user passively.
failure_request_denied Whether the login failed because of request denied.
failure_unknown Whether the login failed because of unknown reason.
failure_user_id_mapping_unavailable Whether the login failed because of userid mapping unavailable.
initiated_by
string
Requester of saml authentication.
Possible values:
idp Saml authentication initiated by IdP.
sp Saml authentication initiated by SP.
orgunit_path
string
User orgunit.
saml_second_level_status_code
string
Response second level status.
saml_status_code
string
Response status.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_failure&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} failed to login because of the following error: {failure_type}
Successful login
Successful saml login.
Event details
Event name
login_success
Parameters
application_name
string
Saml SP application name.
device_id
string
Saml Device ID.
initiated_by
string
Requester of saml authentication.
Possible values:
idp Saml authentication initiated by IdP.
sp Saml authentication initiated by SP.
orgunit_path
string
User orgunit.
saml_status_code
string
Response status.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_success&maxResults=10&access_token=YOUR_ACCESS_TOKEN