The following events display on the Events page in the Admin console or, if you're configuring an SIEM integration, you can choose which of these events you want forwarded to your provider's logs.
Event Type | Outcome | Description |
---|---|---|
ADD_DEVICE |
Success |
Indicates whether a device was successfully enrolled. |
API_TOKEN_CHANGE | Create Revoke |
Generated when the access token used to access the Beyond Identity Secure Workforce public APIs is created or revoked. |
ATTRIBUTE_LIST_ CREATE |
Create | Generated when an attribute list is created on the policy. |
ATTRIBUTE_LIST_ DELETE |
Delete | Generated when an attribute list is deleted from the policy. |
ATTRIBUTE_LIST_ UPDATE |
Update | Generated when an attribute list is created on the policy. |
AUTHENTICATION_ ERROR_MESSAGE_ CHANGE |
Update Delete |
Generated when an authentication error message is updated. |
AZURE_AD_HYBRID_ PROVIDER_CHANGE |
N/A | Generated when an Azure AD Hybrid provider is created, updated, or deleted. |
CLIENT_COMMIT_ SIGN |
N/A |
Generated when a commit is signed with a GPG Key for Secure DevOps on the client. Note: Secure DevOps is an add-on feature that signs and verifies the author of every commit using the authenticator to prevent unauthorized threats. |
CLIENT_CORE_ AUTHENTICATION |
Start End |
Indicates the status of the authentication event from the client. |
CLIENT_CORE_ SELECTED_ CREDENTIAL |
Start End |
Indicates that a credential has been selected by the client. |
CLIENT_CREATE_ GPG_KEY |
Success |
Indicates whether a GPG key for Secure DevOps was created on the authenticator. Note: Secure DevOps is an add-on feature that signs and verifies the author of every commit using the authenticator to prevent unauthorized threats. |
CLIENT_CREATE_SSH_KEY | N/A | Generated when an SSH key is created on the client. |
CLIENT_CREDENTIALS _CHANGE |
N/A | Generated when client credentials are created, updated, or deleted. This includes updates to the client ID, name, token scope, and the expiration time after which the token will expire. |
CLIENT_DELETE_ GPG_KEY |
N/A |
Indicates whether a GPG key for Secure DevOps was removed from the authenticator. Note: Secure DevOps is an add-on feature that signs and verifies the author of every commit using the authenticator to prevent unauthorized threats. |
CLIENT_KEY_ COMPROMISED |
N/A | Generated when a compromised key is detected. |
CLIENT_SSH_CERT_ USED |
N/A | Generated when an SSH certificate is used to authenticate an SSH connection. |
CLIENT_WDL_ ENROLLMENT |
N/A | Generated when a user enrolls in Windows Desktop Login for Active Directory. |
CLIENT_WDL_ UNEROLLMENT |
N/A | Generated when a user unenrolls from Windows Desktop Login for Active Directory. |
CONSOLE_SSO_IDP_ CHANGE |
N/A | Generated when the Console SSO IDP is changed for a tenant's Admin or User console. For example, this could occur if you switch the SSO provider from Okta to Beyond Identity’s Secure Access SSO. |
CONSOLE_SSO_OIDC_ AUTH_CONFIG_ CHANGE |
N/A | Generated when a Console OIDC authentication configuration is created, updated, or deleted. |
CONSOLE_SSO_SAML_ AUTH_CONNECTION_ CHANGE |
N/A | Generated when a Console SAML authentication connection is created, updated, or deleted. |
CONTINUOUS_ AUTHENTICATION |
Allow |
Repeats an authentication on an interval, evaluating the policy each time as if it was the original authentication. Note: The key used to sign collected information cannot be used while the computer is locked – macOS devices will only report information when awake and unlocked. |
CREATE_ ENROLLMENT_ SHORT_CODE |
N/A | Generated when a short code binding jobs is created. |
CREDENTIAL_TAG_ CHANGE |
N/A | Generate when tags are added to or removed from a device credential. |
DESKTOP_LOGIN_ ENROLLMENT |
Succeeded Failed |
Indicates whether enrollment in Windows Desktop Login succeeded. |
DESKTOP_LOGIN_ RECOVERY_KEYS_ CHANGE |
Set Failed |
Generated when a device's recovery keys are set. |
DESKTOP_LOGIN_ UNENROLLMENT |
Succeeded Failed |
Indicates whether unenrollment in Windows Desktop Login succeeded. |
DEVICE_CREDENTIAL_ CHANGE |
N/A | Generated when a device credential is created or revoked. |
EMAIL_STATUS_ CHANGE |
Delivered | Generate when an email delivery status is changed. |
ENROLLMENT_ CHANGE |
N/A | Generated when a device’s enrollment changes such as a user enrolling or unenrolling a device. This could be related to a user setting up a new device or decommissioning of an older device. |
GPG_KEY_CHANGE | N/A | Indicates if a GPG key for Secure DevOps was changed. |
GROUP_CHANGE | N/A | Generated when a group is created, updated, or deleted. |
GROUP_MEMBERSHIP _CHANGE |
N/A | Generated when a user or child group is added to or removed from a group. |
INTEGRATION_API_ CALL |
N/A | Provides Information about API calls made to 3rd party integrations. |
INTEGRATION_ CONFIGURATION_ CHANGE |
N/A | Generated when an integration configuration such as CrowdStrike is created, updated, deleted, or transitioned to an error state. |
OIDC_CLIENT_ CHANGE |
N/A | Generated when an OIDC client configuration is created, updated, or deleted. |
OIDC_COMPLETE |
Success |
Generated when the OIDC transaction completes. |
OIDC_INBOUND |
Success |
Provides information about the inbound OIDC request from the authenticator. |
OKTA_DESKTOP_ LOGIN_ CONFIGURATION_ CHANGE |
N/A | Generated when an Okta desktop login is created, updated, or deleted. |
OKTA_EVENT_HOOK_ CONFIGURATION_ CHANGE |
N/A | Generated when an Okta event hook configuration is created, updated, or deleted. Okta event hooks are |
OKTA_REGISTRATION_ ATTRIBUTE_ CONFIGURATION_ CHANGE |
N/A | Generated when an Okta registration attribute configuration is created, updated, or deleted. An example of an Okta registration attribute is byndidRegistered. |
OUTBOUND_ ATTRIBUTE_UPDATE |
Success |
Generated when a user is updated/synchronized with an outbound SCIM server. |
POLICY |
Allow |
Indicates whether access was allowed or denied based on the criteria defined in a policy rule. |
POLICY_CHANGE | Update | Indicates that a change has been made to the policy. This can include adding/removing rules, changing the order of rules, changing the policy name, etc. |
ROAMING_AUTH_ CONFIG_CHANGE |
Update | Generated when a tenant's roaming authentication configuration is updated. |
SAML_COMPLETE |
Success |
Generated when the SAML transaction completes. |
SAML_CONNECTION_ CHANGE |
N/A | Generated when a SAML connection is created, updated, or deleted. |
SAML_INBOUND |
Success |
Provides information about the inbound SAML request from the authenticator. |
SCIM11_PROVIDER_ CHANGE |
N/A | Generated when a SCIM 1.1 provider is created, updated, or deleted. |
SCIM20_PROVIDER_ CHANGE |
N/A | Generated when a SCIM 2.0 provider is created, updated, or deleted. |
TAG_CHANGE | N/A | Generated when tags are created for a tenant. |
TENANT_CHANGE | N/A | Generated when a tenant is updated. This includes updates to the logo, name, roaming authentication, enrollment URI, and login URI. |
USER_ AUTHENTICATION |
Success |
Provides the status of a user’s authentication. |
USER_CHANGE | Active Suspended Deleted |
Generated when a user is created, updated, deleted, activated, or suspended. |
WS_FED_CLIENT_ CONFIG_CHANGE |
N/A | Generated when a WS-Fed client configuration is created, updated, or deleted. |
WSFED_COMPLETE |
Success |
Generated when the WS-Federation transaction completes. |
WSFED_INBOUND |
Success |
Provides information about the inbound WS-Federation request. |
Comments
0 comments
Please sign in to leave a comment.