Event types
PingOne logs the following event types.
PingOne Authorize
| Event type | Description |
|---|---|
Authorize Condition Created |
A condition was created in PingOne Authorize. |
Authorize Condition Deleted |
A condition was deleted from PingOne Authorize. |
Authorize Condition Updated |
A condition was updated in PingOne Authorize. |
Authorize Processor Created |
A processor was created in PingOne Authorize. |
Authorize Processor Deleted |
A processor was deleted from PingOne Authorize. |
Authorize Processor Updated |
A processor was updated in PingOne Authorize. |
Authorize Service Created |
A service was created in PingOne Authorize. |
Authorize Service Deleted |
A service was deleted in PingOne Authorize. |
Authorize Service Updated |
A service was updated in PingOne Authorize. |
HTTP Request Policy Evaluated |
An HTTP request was evaluated by PingOne Authorize. |
HTTP Response Policy Evaluated |
An HTTP response was evaluated by PingOne Authorize. |
API Service Created |
An API Service was created in PingOne Authorize. |
API Service Updated |
An API Service was updated in PingOne Authorize. |
API Service Deployed |
An API Service was deployed in PingOne Authorize. |
API Service Deleted |
An API Service was deleted in PingOne Authorize. |
Authorize Tag Deleted |
A tag was deleted from PingOne Authorize. |
Authorize Tag Updated |
A tag was updated in PingOne Authorize. The tag is the name given to a published version in Version history. |
Authorize shared Advice Created |
Shared advice was created in PingOne Authorize. |
Authorize shared Advice Deleted |
Shared advice was deleted from PingOne Authorize. |
Authorize shared Advice Updated |
Shared advice was updated in PingOne Authorize. |
Authorize shared Rule Created |
A shared rule was created in PingOne Authorize. |
Authorize shared Rule Deleted |
A shared rule was deleted from PingOne Authorize. |
Authorize shared Rule Updated |
A shared rule was updated in PingOne Authorize. |
Decision Endpoint Created |
A decision endpoint was created in PingOne Authorize. |
Decision Endpoint Deleted |
A decision endpoint was deleted from PingOne Authorize. |
Decision Endpoint Updated |
A decision endpoint was updated in PingOne Authorize. |
Decision Request Evaluated |
A decision request was evaluated in PingOne Authorize. For more information, see PingOne Authorize event monitoring. |
PingOne Protect
| Event type | Description |
|---|---|
Risk Evaluation Created |
A risk threshold was created in PingOne. PingOne Protect evaluates risk for a sign-on event by using configurable policies. The result is a risk evaluation value of |
Risk Evaluation Updated |
A risk evaluation was updated in PingOne. This event indicates that the risk model has been informed by the client whether or not the authentication attempt passed. The risk model uses this to train itself. |
Risk Feedback Created |
Feedback was provided on the accuracy of risk evaluations. Learn more in Providing feedback for risk evaluations in the API documentation. |
Risk Predictor Created |
A risk predictor was added to a risk policy in PingOne. |
Risk Predictor Deleted |
A risk predictor was deleted from a risk policy in PingOne. |
Risk Predictor Updated |
A risk predictor was updated in a risk policy in PingOne. |
Risk Staging Evaluation Created |
A risk staging policy was added for risk evaluation in PingOne. Testing risk policy changes before putting them into production is an option in PingOne by creating a staging policy that is associated with the risk policy currently in use. |
PingOne Verify
| Event type | Description |
|---|---|
Verify App Event Created |
A Verify App Event resource was created in PingOne, which indicates that client side SDK events are available. |
Verify Metadata Created |
A Verify Metadata resource was created in PingOne, which indicates that the subprocessor results are available. For more information, see Verification metadata in the PingOne API Reference. |
PingOne Advanced Services
| Event type | Description |
|---|---|
Advanced Services Deployment Complete |
Deprecated. This event type is no longer available. |
Advanced Services Deployment Failed |
Deprecated. This event type is no longer available. |
Advanced Services Deployment Start Failed |
Deprecated. This event type is no longer available. |
Advanced Services Deployment Started |
Deprecated. This event type is no longer available. |
Advanced Services Deprovision Complete |
Deprecated. This event type is no longer available. |
Advanced Services Deprovision Failed |
Deprecated. This event type is no longer available. |
Advanced Services Deprovision Start Failed |
Deprecated. This event type is no longer available. |
Advanced Services Deprovision Started |
Deprecated. This event type is no longer available. |
PingOne MFA
| Event type | Description |
|---|---|
FIDO Custom Authenticator Created |
For PingOne MFA, a FIDO custom authenticator was created. A FIDO custom authenticator is an authentication device that is part of the Global Authenticators Table. See FIDO. |
FIDO Custom Authenticator Deleted |
For PingOne MFA, a FIDO custom authenticator was deleted. A FIDO custom authenticator is an authentication device that is part of the Global Authenticators Table. See FIDO. |
Device Activated |
A user’s MFA device was activated in PingOne. |
Device Activation Failed |
A user’s MFA device was not activated in PingOne because of an error or an invalid OTP. |
Device Blocked |
A user’s MFA device was blocked from PingOne. |
Device Created |
A user’s MFA device was added to PingOne. |
Device Deleted |
A user’s MFA device was deleted from PingOne. |
Device Locked |
A user’s MFA device was locked from PingOne. |
Device Unblocked |
A user’s MFA device was unblocked from PingOne. |
Device Unlocked |
A user’s MFA device was unlocked from PingOne. |
Device Updated |
A user’s MFA device was updated in PingOne. |
OTP Check Failed |
For PingOne MFA, an OTP check failed because of an incorrect passcode. |
OTP Check Invalid |
For PingOne MFA, an OTP check failed because of an invalid passcode. |
OTP Check Success |
For PingOne MFA, an OTP check passed. The MFA flow uses an OTP to continue the authentication flow. |
Pairing Mobile Device Failed |
For PingOne MFA, a user failed to pair an MFA device because of an error. |
Pairing OTP Failed |
For PingOne MFA, a user failed to pair an MFA device because of an incorrect OTP. |
Pairing OTP Invalid |
For PingOne MFA, a user failed to pair an MFA device because of an invalid OTP. |
Assertion Check Failed |
The MFA flow for a FIDO device rejected the authenticator assertion response, which contains the signed challenge needed to complete the MFA flow. |
Assertion Check Success |
The MFA flow for a FIDO device validated the authenticator assertion response, which contains the signed challenge needed to complete the MFA flow. |
Authentication Code Created |
For PingOne MFA, an authentication code was created. An authentication code enables an authentication code-based authentication flow. |
Authentication Code Deleted |
For PingOne MFA, an authentication code was deleted. An authentication code enables an authentication code-based authentication flow. |
Authentication Code Updated |
For PingOne MFA, an authentication code was updated. An authentication code enables an authentication code-based authentication flow. |
MFA Settings Updated |
MFA settings were updated in PingOne MFA. |
Environment
| Event type | Description |
|---|---|
Environment Created |
An environment was added to PingOne. |
Environment Deleted |
An environment was deleted from PingOne. |
Environment Updated |
An environment was updated in PingOne. |
Branding/Themes
| Event type | Description |
|---|---|
Branding Updated |
The branding options for the environment, such as logo and colors, were updated. |
Image Activated |
Deprecated. For branding and themes, a logo or photo was activated in PingOne. |
Image Created |
For branding and themes, a logo or photo was uploaded to PingOne. |
Image Deleted |
For branding and themes, a logo or photo was removed from PingOne. |
Certificate
| Event type | Description |
|---|---|
Certificate Created |
A certificate was added to PingOne. The Certificates and Key Pairs page shows details about the cryptographic certificates and key pairs that are set up for your environment. |
Certificate Read |
A certificate was read with a user role with read-only permissions in PingOne. |
Certificate Updated |
A certificate is updated in PingOne. |
Key Pairs
| Event type | Description |
|---|---|
Key Created |
A key pair was added in PingOne. |
Key Read |
A key pair was viewed in PingOne. |
Key Updated |
A key pair was updated in PingOne. |
Users
| Event type | Description | ||
|---|---|---|---|
User Access Allowed |
A user was allowed access in PingOne. |
||
User Access Denied |
A user was denied access to PingOne. |
||
User Created |
A user was created in PingOne. |
||
User Deleted |
A user was deleted from PingOne. |
||
User Locked |
A user was locked from PingOne. |
||
User Moved |
A user was moved in PingOne. |
||
User Unlocked |
A user was unlocked in PingOne. |
||
User Updated |
Attributes for a user were updated, added, or removed in PingOne.
|
Groups
| Event type | Description |
|---|---|
Group Created |
A group was added to PingOne. |
Group Deleted |
A group was deleted from PingOne. |
Group Updated |
A group was updated in PingOne. |
Member of Group Created |
A user was added to a group in PingOne. |
Member of Group Deleted |
A user was removed from a group in PingOne. |
Population
| Event type | Description |
|---|---|
Population Created |
A population was created in PingOne. |
Population Deleted |
A population was deleted from PingOne. |
Population Updated |
A population was updated in PingOne. |
Role
| Event type | Description |
|---|---|
Role Assignment Created |
A role assignment was added in PingOne. A role is a collection of permissions that can be assigned to a user, application, or connection. PingOne can include some or all of the following roles, depending on your configuration and licensing. |
Role Assignment Deleted |
A role assignment was deleted from PingOne. |
Agreements
| Event type | Description |
|---|---|
Agreement Accepted |
An end user consented to an agreement. See Agreements. |
Agreement Revoked |
An end user removed consent from a previously accepted agreement. |
Applications
| Event type | Description |
|---|---|
Application Created |
An application was added to PingOne. Add applications so that PingOne can manage access to those applications. |
Application Deleted |
An application was removed from PingOne. |
Application Updated |
An application configuration was modified. |
Policies
| Event type | Description |
|---|---|
Authentication Created |
An authentication policy was added to PingOne. See Authentication. |
Authentication Updated |
An authentication policy was updated in PingOne. |
Password Policy Created |
A password policy was added to PingOne. Password policies contain configurable properties for password expiration, failed sign-on attempts, account lockout, and other aspects of password and account maintenance. |
Password Policy Deleted |
A password policy was deleted from PingOne. |
HTTP Request Policy Evaluated |
An HTTP request policy evaluated filter was applied to view API Access Management events in a PingOne environment audit log using PingOne Authorize. |
HTTP Response Policy Evaluated |
An HTTP response policy evaluated filter was applied to view API Access Management events in a PingOne environment audit log using PingOne Authorize. |
Auth Method Policy Created |
For PingOne MFA, an authentication method policy was created. An authentication method policy defines the authentication methods that an end user can enable, such as SMS, email, biometrics, or an authenticator app. |
Auth Method Policy Deleted |
For PingOne MFA, an authentication method policy was deleted. An authentication method policy defines the authentication methods that an end user can enable, such as SMS, email, biometrics, or an authenticator app. |
Auth Method Policy Updated |
For PingOne MFA, an authentication method policy was updated. An authentication method policy defines the authentication methods that an end user can enable, such as SMS, email, biometrics, or an authenticator app. |
FIDO Policy Created |
For PingOne MFA, a FIDO policy was created. A FIDO policy defines which FIDO devices and authenticators can be used for registration and authentication purposes and to enable usernameless and passwordless authentication. See FIDO. |
FIDO Policy Deleted |
For PingOne MFA, a FIDO policy was deleted. A FIDO policy defines which FIDO devices and authenticators can be used for registration and authentication purposes and to enable usernameless and passwordless authentication. See FIDO. |
FIDO Policy Updated |
For PingOne MFA, a FIDO policy was updated. A FIDO policy defines which FIDO devices and authenticators can be used for registration and authentication purposes and to enable usernameless and passwordless authentication. See FIDO. |
Risk Policy Created |
A risk policy is added to PingOne. |
Risk Policy Deleted |
A risk policy is deleted from PingOne. |
Risk Policy Updated |
A risk policy is updated in PingOne. |
Authorize Policy Created |
A policy was created in PingOne Authorize. |
Authorize Policy Deleted |
A policy was deleted from PingOne Authorize. |
Authorize Policy Updated |
A policy was updated in PingOne Authorize. |
Notification Policy Created |
A notification policy was added in PingOne. Notification policies define the methods used to inform users when events occur. |
Notification Policy Deleted |
A notification policy was deleted in PingOne. |
Notification Policy Updated |
A notification policy was updated in PingOne. |
Provisioning
| Event type | Description |
|---|---|
Provisioning Connection Created |
A provisioning connection is added to PingOne. PingOne provisioning propagates user identity information from the PingOne directory to a target identity store or from a source identity store to the PingOne directory. |
Provisioning Connection Deleted |
A provisioning connection is deleted from PingOne. |
Provisioning Connection Updated |
A provisioning connection is updated in PingOne. |
Provisioning Identity Sync Failure |
A user identity failed to be provisioned to PingOne. |
Provisioning Mapping Created |
A provisioning mapping was added to PingOne. Mapping a user’s attributes or static attributes to attributes to and from external identity stores can be done in PingOne. |
Provisioning Mapping Deleted |
A provisioning mapping was deleted from PingOne. |
Provisioning Mapping Updated |
A provisioning mapping was updated in PingOne. |
Provisioning Poll Failure |
A provisioning poll failure occurred in PingOne. In inbound and outbound provisioning, users are retrieved from the source identity store using a polling mechanism. After five consecutive polling failures, the polling mechanism will time out with a warning. |
Provisioning Rule Created |
A provisioning rule was added in PingOne. A visual representation of the provisioning rule, including the source identity store, custom filter, attribute mapping, and target identity store are shown in PingOne. |
Provisioning Rule Deleted |
A provisioning rule was deleted from PingOne. |
Provisioning Rule Updated |
A provisioning rule was updated in PingOne. |
Provisioning Sync Failure |
Some user identities failed to be provisioned to PingOne. The sync failure shows the number of users that were not synced for a provisioning connection in PingOne. |
Provisioning Sync Started |
A provisioning sync started in PingOne. |
Gateways
| Event type | Description |
|---|---|
Gateway Created |
A gateway was added to PingOne. Learn more in Gateways. |
Gateway Deleted |
A gateway was removed from PingOne. |
Gateway Updated |
A gateway configuration was modified. |
Attribute Updates via Gateway Failed |
The update operation failed. As a result, PingOne user attributes were not updated. Refer to the log message for the cause of the failure. |
Attribute Updates via Gateway Succeeded |
The update operation succeeded. As a result, some PingOne user attributes might have been updated. Refer to the log messages for the impacted attribute names. Only system-provided user attributes are recorded; custom attributes are not. |
Authorize attributes
| Event type | Description |
|---|---|
Authorize Attribute Created |
An attribute was created in PingOne Authorize. |
Authorize Attribute Deleted |
An attribute was deleted from PingOne Authorize. |
Authorize Attribute Updated |
An attribute was updated in PingOne Authorize. |
IdP Attribute Created |
A user attribute was added for an external IdP in PingOne. |
IdP Attribute Deleted |
A user attribute was deleted for an external IdP in PingOne. |
IdP Attribute Updated |
A user attribute was updated for an external IdP in PingOne. |
Resource Attribute Created |
A resource attribute was added to a resource in PingOne. |
Resource Attribute Deleted |
A resource attribute was deleted from a resource in PingOne. |
Resource Attribute Updated |
A resource attribute was updated in a resource in PingOne. |
SAML Attribute Created |
A SAML attribute was added to PingOne. Attribute mappings associate PingOne user attributes to SAML attributes in the application. |
SAML Attribute Deleted |
A SAML attribute was deleted from PingOne. |
SAML Attribute Updated |
A SAML attribute was updated in PingOne. |
Schema Attribute Created |
A schema attribute was added to PingOne. |
Schema Attribute Deleted |
A schema attribute was deleted from PingOne. |
Schema Attribute Updated |
A schema attribute was updated in PingOne. |
External identity providers
| Event type | Description |
|---|---|
Identity Provider Created |
An external IdP connection was added to PingOne. An external IdP allows linked users to authenticate using the credentials provided by the external IdP. |
Identity Provider Deleted |
An external IdP was deleted from PingOne. |
Identity Provider Updated |
An external IdP was updated in PingOne. |
Email domains
| Event type | Description |
|---|---|
Email Domain Created |
An email domain is added to PingOne. PingOne can be configured to send emails on your organization’s behalf from a trusted domain. |
Email Domain Deleted |
An email domain was deleted from PingOne. |
Flows
| Event type | Description |
|---|---|
Flow Completed |
A flow, whether it be a verification, authorize, or authentication flow, was completed in PingOne. |
Flow Definition Created |
A flow definition was added to PingOne. |
Flow Definition Deleted |
A flow definition was deleted from PingOne. |
Flow Definition Updated |
A flow definition was updated in PingOne. |
Flow Execution Created |
A flow execution was added to PingOne. |
Flow Execution Updated |
A flow execution was updated in PingOne. |
Flow Started |
A flow was started in PingOne. |
Flow Updated |
A flow was updated in PingOne. |
Grants
| Event type | Description |
|---|---|
Grant Created |
An authorization grant was added to PingOne. |
Grant Deleted |
An authorization grant was deleted from PingOne. |
Grant Updated |
An authorization grant was updated in PingOne. |
Notifications
| Event type | Description |
|---|---|
Notification Created |
A notification message was added in PingOne. |
Notification Updated |
A notification message was updated in PingOne. |
Content
| Event type | Description |
|---|---|
Content Created |
One piece of content (with a specific ID) was created. A piece of content represents one message text option for a notification in PingOne. |
Content Deleted |
One piece of content (with a specific ID) was deleted. A piece of content represents one message text option for a notification from PingOne. |
Content Updated |
One piece of content (with a specific ID) was updated. A piece of content represents one message text option for a notification in PingOne. |
Contents Deleted |
All content within a variant type was deleted from PingOne. |
Contents Updated |
All content within a variant type was updated in PingOne. |
Password
| Event type | Description |
|---|---|
Password Check Failed |
A password check failed in PingOne. A user’s password was not validated with a password check. The event description includes additional details for users signing on through a PingOne gateway. |
Password Check Succeeded |
A password check was successful in PingOne. A user’s password is validated with a password check. The event description includes additional details for users signing on through a PingOne gateway. |
Kerberos Check Failed |
PingOne failed to authenticate a user with the Kerberos protocol. Failure can occur because of a lack of valid Kerberos ticket from the browser or a misconfiguration in the LDAP gateway. The error is included in the event details. |
Kerberos Check Succeeded |
PingOne successfully authenticated a user with the Kerberos protocol. |
Password External Set |
A password was set in PingOne from an external user store. |
Password Force Change |
A password force change was selected in PingOne. This force change forces users to change their passwords if they are reset by an administrator, which is considered an administrative password reset. |
Password Recovery |
A password was recovered by an end user in PingOne using the |
Password Reset |
A password was manually reset by an administrator in PingOne. |
Password Set |
A password was set in PingOne. |
Password Unlocked |
A password was unlocked in PingOne. |
Password or Sign On Policy Updated |
A password or sign-on policy was updated in PingOne. |
Scopes
| Event type | Description |
|---|---|
Scope Created |
A scope was added in PingOne. |
Scope Deleted |
A scope was deleted in PingOne. |
Scope Updated |
A scope was updated in PingOne. |
Webhooks
| Event type | Description |
|---|---|
Subscription Created |
A webhook subscription was created in PingOne. See Webhooks. |
Subscription Deleted |
A webhook subscription was deleted from PingOne. |
Subscription Updated |
A webhook subscription was updated in PingOne. |
Trusted email
| Event type | Description |
|---|---|
Trusted Email Activated |
A trusted email was activated in PingOne. |
Trusted Email Created |
A trusted email is added to a domain in PingOne. PingOne can be configured to send emails on an organization’s behalf from a trusted domain. |
Trusted Email Deleted |
A trusted email was deleted from PingOne. |
Trusted Email Send Code |
A verification code was sent in a trusted email. |
Accounts
| Event type | Description |
|---|---|
Account Linked |
A user account in PingOne created an association with an identity in an external identity provider, such as Google or GitHub. |
Account Unlinked |
A user account in PingOne removed the association with an identity in an external identity provider, such as Google or GitHub. |
Client secrets
| Event type | Description |
|---|---|
Previous Secret Revoked |
The previous client secret was revoked. Client secrets are used to authenticate an OIDC application or custom resource with PingOne. |
Previous Secret Used |
The previous client secret was retained when a new secret was generated. |
Secret Read |
A client secret was read in PingOne. Clicking the Eye icon on a secret client makes the secret readable. |
Secret Updated |
A client secret was updated in PingOne. |
Rescue identity
| Event type | Description |
|---|---|
Rescue Identity Created |
Ping Identity Operations created a rescue identity for the purpose of reclaiming access to a customer tenant. |
Resources
| Event type | Description |
|---|---|
Resource Created |
A resource was added to PingOne. Resources are the protected endpoints that applications can access using OAuth 2 authorization services. |
Resource Deleted |
A resource was deleted from PingOne. |
Resource Updated |
A resource was updated in PingOne. |
Consents
| Event type | Description |
|---|---|
OAuth Consent Accepted |
An end user accepted an agreement in PingOne. Agreements can include terms and conditions, as well as permissions for an application. |
OAuth Consent Declined |
An end user declined an agreement in PingOne. |
OAuth Consent Revoked |
An end user revoked consent to an agreement that they had previously accepted. |