--- title: Authentication event topic properties description: Reference for authentication event topic properties logged by the PingIDM audit service, including fields like userId, result, and context component: pingidm version: 8.1 page_id: pingidm:audit-guide:auth-event-prop canonical_url: https://docs.pingidentity.com/pingidm/8.1/audit-guide/auth-event-prop.html keywords: ["Audit", "Logs", "Authentication", "Event", "Properties"] --- # Authentication event topic properties | Event Property | Description | | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `_id` | UUID for the message object, such as `"0419d364-1b3d-4e4f-b769-555c3ca098b0"`. | | `timestamp` | Time that IDM logged the message, in UTC format; for example, `"2020-05-18T08:48:00.160Z"`. | | `eventName` | Name of the audit event: `authentication` for this log. The eventName field identifies an audit event as a certain type of authentication event, such as a LOGIN, SUCCESS, SESSION, or a FAILED event. | | `transactionId` | UUID of the transaction; the same transaction might display for the same event in different audit event topics. | | `userId` | User ID. | | `trackingId` | A unique value for the object being tracked. | | `result` | Result of the transaction, either "SUCCESSFUL", or "FAILED". | | `principal` | An array of the accounts used to authenticate, such as \[ "openidm-admin" ]. | | `context` | The complete security context of the authentication operation, including the authenticating ID, targeted endpoint, authentication module, any roles applied, and the IP address from which the authentication request was made. | | `entries` | JSON representation of the authentication session. | | `method` | The authentication module used to authenticate, such as `JwtSession` or `MANAGED_USER`. |