SAML Audit Activity Events

This document lists the events and parameters for various types of SAML Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=saml.

Saml login

Login event type. Events of this type are returned with type=login.

Failed login

Failed saml login.

Event details
Event name login_failure
Parameters
application_name

string

Saml SP application name.

device_id

string

Saml Device ID.

failure_type

string

Login failure type. Possible values:

  • failure_app_not_configured_for_user
    Whether the login failed because of app not configured for user.
  • failure_app_not_enabled_for_user
    Whether the login failed because of app not enabled for user.
  • failure_invalid_sp_id
    Whether the login failed because of invalid SP id.
  • failure_invalid_user_id_mapping
    Whether the login failed because of invalid userid mapping requested.
  • failure_malformed_request
    Whether the login failed because of malformed request.
  • failure_no_passive
    Whether the login failed because of failing to authenticate user passively.
  • failure_request_denied
    Whether the login failed because of request denied.
  • failure_unknown
    Whether the login failed because of unknown reason.
  • failure_user_id_mapping_unavailable
    Whether the login failed because of userid mapping unavailable.
initiated_by

string

Requester of saml authentication. Possible values:

  • idp
    Saml authentication initiated by IdP.
  • sp
    Saml authentication initiated by SP.
orgunit_path

string

User orgunit.

saml_second_level_status_code

string

Response second level status.

saml_status_code

string

Response status.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_failure&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} failed to login because of the following error: {failure_type}

Successful login

Successful saml login.

Event details
Event name login_success
Parameters
application_name

string

Saml SP application name.

device_id

string

Saml Device ID.

initiated_by

string

Requester of saml authentication. Possible values:

  • idp
    Saml authentication initiated by IdP.
  • sp
    Saml authentication initiated by SP.
orgunit_path

string

User orgunit.

saml_status_code

string

Response status.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_success&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} logged in