Event queue login events

The SAML 2.0 integration creates events for login activities.

You can use these events to monitor for login failures and determine if there are any security concerns to address.
Table 1. Login activities events
Event name Description
saml2.logout.validation.failed The logout response from the IdP failed validation against your logout request. The event validates the <inResponseTo> element against the session ID (ID attribute of the <saml2p:LogoutRequest> element). For example, see the workflow for logout request issued. Session ID The string, "SAML2 LogoutResponse validation failed.'
external.authentication.succeeded External authentication succeeded and the user accessed the instance URL. Session ID User ID of user who successfully logged in The URL the user accessed (which may be a deep link)
external.authentication.failed The single sign-on requirements are not present or are missing. Session ID The missing authentication requirements
external.authentication.failed The user does not exist in the User [sys_user] table. User ID The string, "User does not exist"
external.authentication.failed The user is locked out. User ID The string, "User locked out."