SAML Audit Activity Events

This document lists the events and parameters for various types of SAML Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=saml.

Failed login

Failed saml login.

Event details

Event name login_failure

Parameters

`application_name`	`string` Saml SP application name.
`device_id`	`string` Saml Device ID.
`failure_type`	`string` Login failure type. Possible values: `failure_app_not_configured_for_user` Whether the login failed because of app not configured for user. `failure_app_not_enabled_for_user` Whether the login failed because of app not enabled for user. `failure_invalid_sp_id` Whether the login failed because of invalid SP id. `failure_invalid_user_id_mapping` Whether the login failed because of invalid userid mapping requested. `failure_malformed_request` Whether the login failed because of malformed request. `failure_no_passive` Whether the login failed because of failing to authenticate user passively. `failure_request_denied` Whether the login failed because of request denied. `failure_unknown` Whether the login failed because of unknown reason. `failure_user_id_mapping_unavailable` Whether the login failed because of userid mapping unavailable.
`initiated_by`	`string` Requester of saml authentication. Possible values: `idp` Saml authentication initiated by IdP. `sp` Saml authentication initiated by SP.
`orgunit_path`	`string` User orgunit.
`saml_second_level_status_code`	`string` Response second level status.
`saml_status_code`	`string` Response status.

Sample request

GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/saml?eventName=login_failure&maxResults=10&access_token=YOUR_ACCESS_TOKEN

Admin Console message format

{actor} failed to login because of the following error: {failure_type}

Successful login

Successful saml login.