PingOne

Event types

PingOne logs the following event types.

PingOne Authorize

Event type Description

Authorize Condition Created

A condition was created in PingOne Authorize.

Authorize Condition Deleted

A condition was deleted from PingOne Authorize.

Authorize Condition Updated

A condition was updated in PingOne Authorize.

Authorize Processor Created

A processor was created in PingOne Authorize.

Authorize Processor Deleted

A processor was deleted from PingOne Authorize.

Authorize Processor Updated

A processor was updated in PingOne Authorize.

Authorize Service Created

A service was created in PingOne Authorize.

Authorize Service Deleted

A service was deleted in PingOne Authorize.

Authorize Service Updated

A service was updated in PingOne Authorize.

HTTP Request Policy Evaluated

An HTTP request was evaluated by PingOne Authorize.

HTTP Response Policy Evaluated

An HTTP response was evaluated by PingOne Authorize.

API Service Created

An API Service was created in PingOne Authorize.

API Service Updated

An API Service was updated in PingOne Authorize.

API Service Deployed

An API Service was deployed in PingOne Authorize.

API Service Deleted

An API Service was deleted in PingOne Authorize.

Authorize Tag Deleted

A tag was deleted from PingOne Authorize.

Authorize Tag Updated

A tag was updated in PingOne Authorize. The tag is the name given to a published version in Version history.

Authorize shared Advice Created

Shared advice was created in PingOne Authorize.

Authorize shared Advice Deleted

Shared advice was deleted from PingOne Authorize.

Authorize shared Advice Updated

Shared advice was updated in PingOne Authorize.

Authorize shared Rule Created

A shared rule was created in PingOne Authorize.

Authorize shared Rule Deleted

A shared rule was deleted from PingOne Authorize.

Authorize shared Rule Updated

A shared rule was updated in PingOne Authorize.

Decision Endpoint Created

A decision endpoint was created in PingOne Authorize.

Decision Endpoint Deleted

A decision endpoint was deleted from PingOne Authorize.

Decision Endpoint Updated

A decision endpoint was updated in PingOne Authorize.

Decision Request Evaluated

A decision request was evaluated in PingOne Authorize. For more information, see PingOne Authorize event monitoring.

PingOne Protect

Event type Description

Risk Evaluation Created

A risk threshold was created in PingOne. PingOne Protect evaluates risk for a sign-on event by using configurable policies. The result is a risk evaluation value of LOW, MEDIUM, or HIGH.

Risk Evaluation Updated

A risk evaluation was updated in PingOne. This event indicates that the risk model has been informed by the client whether or not the authentication attempt passed. The risk model uses this to train itself.

Risk Feedback Created

Feedback was provided on the accuracy of risk evaluations. Learn more in Providing feedback for risk evaluations in the API documentation.

Risk Predictor Created

A risk predictor was added to a risk policy in PingOne.

Risk Predictor Deleted

A risk predictor was deleted from a risk policy in PingOne.

Risk Predictor Updated

A risk predictor was updated in a risk policy in PingOne.

Risk Staging Evaluation Created

A risk staging policy was added for risk evaluation in PingOne. Testing risk policy changes before putting them into production is an option in PingOne by creating a staging policy that is associated with the risk policy currently in use.

PingOne Verify

Event type Description

Verify App Event Created

A Verify App Event resource was created in PingOne, which indicates that client side SDK events are available.

Verify Metadata Created

A Verify Metadata resource was created in PingOne, which indicates that the subprocessor results are available. For more information, see Verification metadata in the PingOne API Reference.

PingOne Advanced Services

Event type Description

Advanced Services Deployment Complete

Deprecated. This event type is no longer available.

Advanced Services Deployment Failed

Deprecated. This event type is no longer available.

Advanced Services Deployment Start Failed

Deprecated. This event type is no longer available.

Advanced Services Deployment Started

Deprecated. This event type is no longer available.

Advanced Services Deprovision Complete

Deprecated. This event type is no longer available.

Advanced Services Deprovision Failed

Deprecated. This event type is no longer available.

Advanced Services Deprovision Start Failed

Deprecated. This event type is no longer available.

Advanced Services Deprovision Started

Deprecated. This event type is no longer available.

PingOne MFA

Event type Description

FIDO Custom Authenticator Created

For PingOne MFA, a FIDO custom authenticator was created. A FIDO custom authenticator is an authentication device that is part of the Global Authenticators Table. See FIDO.

FIDO Custom Authenticator Deleted

For PingOne MFA, a FIDO custom authenticator was deleted. A FIDO custom authenticator is an authentication device that is part of the Global Authenticators Table. See FIDO.

Device Activated

A user’s MFA device was activated in PingOne.

Device Activation Failed

A user’s MFA device was not activated in PingOne because of an error or an invalid OTP.

Device Blocked

A user’s MFA device was blocked from PingOne.

Device Created

A user’s MFA device was added to PingOne.

Device Deleted

A user’s MFA device was deleted from PingOne.

Device Locked

A user’s MFA device was locked from PingOne.

Device Unblocked

A user’s MFA device was unblocked from PingOne.

Device Unlocked

A user’s MFA device was unlocked from PingOne.

Device Updated

A user’s MFA device was updated in PingOne.

OTP Check Failed

For PingOne MFA, an OTP check failed because of an incorrect passcode.

OTP Check Invalid

For PingOne MFA, an OTP check failed because of an invalid passcode.

OTP Check Success

For PingOne MFA, an OTP check passed. The MFA flow uses an OTP to continue the authentication flow.

Pairing Mobile Device Failed

For PingOne MFA, a user failed to pair an MFA device because of an error.

Pairing OTP Failed

For PingOne MFA, a user failed to pair an MFA device because of an incorrect OTP.

Pairing OTP Invalid

For PingOne MFA, a user failed to pair an MFA device because of an invalid OTP.

Assertion Check Failed

The MFA flow for a FIDO device rejected the authenticator assertion response, which contains the signed challenge needed to complete the MFA flow.

Assertion Check Success

The MFA flow for a FIDO device validated the authenticator assertion response, which contains the signed challenge needed to complete the MFA flow.

Authentication Code Created

For PingOne MFA, an authentication code was created. An authentication code enables an authentication code-based authentication flow.

Authentication Code Deleted

For PingOne MFA, an authentication code was deleted. An authentication code enables an authentication code-based authentication flow.

Authentication Code Updated

For PingOne MFA, an authentication code was updated. An authentication code enables an authentication code-based authentication flow.

MFA Settings Updated

MFA settings were updated in PingOne MFA.

Environment

Event type Description

Environment Created

An environment was added to PingOne.

Environment Deleted

An environment was deleted from PingOne.

Environment Updated

An environment was updated in PingOne.

Branding/Themes

Event type Description

Branding Updated

The branding options for the environment, such as logo and colors, were updated.

Image Activated

Deprecated. For branding and themes, a logo or photo was activated in PingOne.

Image Created

For branding and themes, a logo or photo was uploaded to PingOne.

Image Deleted

For branding and themes, a logo or photo was removed from PingOne.

Certificate

Event type Description

Certificate Created

A certificate was added to PingOne. The Certificates and Key Pairs page shows details about the cryptographic certificates and key pairs that are set up for your environment.

Certificate Read

A certificate was read with a user role with read-only permissions in PingOne.

Certificate Updated

A certificate is updated in PingOne.

Key Pairs

Event type Description

Key Created

A key pair was added in PingOne.

Key Read

A key pair was viewed in PingOne.

Key Updated

A key pair was updated in PingOne.

Users

Event type Description

User Access Allowed

A user was allowed access in PingOne.

User Access Denied

A user was denied access to PingOne.

User Created

A user was created in PingOne.

User Deleted

A user was deleted from PingOne.

User Locked

A user was locked from PingOne.

User Moved

A user was moved in PingOne.

User Unlocked

A user was unlocked in PingOne.

User Updated

Attributes for a user were updated, added, or removed in PingOne.

This event does not include information related to a user’s group membership.

Groups

Event type Description

Group Created

A group was added to PingOne.

Group Deleted

A group was deleted from PingOne.

Group Updated

A group was updated in PingOne.

Member of Group Created

A user was added to a group in PingOne.

Member of Group Deleted

A user was removed from a group in PingOne.

Population

Event type Description

Population Created

A population was created in PingOne.

Population Deleted

A population was deleted from PingOne.

Population Updated

A population was updated in PingOne.

Role

Event type Description

Role Assignment Created

A role assignment was added in PingOne. A role is a collection of permissions that can be assigned to a user, application, or connection. PingOne can include some or all of the following roles, depending on your configuration and licensing.

Role Assignment Deleted

A role assignment was deleted from PingOne.

Agreements

Event type Description

Agreement Accepted

An end user consented to an agreement. See Agreements.

Agreement Revoked

An end user removed consent from a previously accepted agreement.

Applications

Event type Description

Application Created

An application was added to PingOne. Add applications so that PingOne can manage access to those applications.

Application Deleted

An application was removed from PingOne.

Application Updated

An application configuration was modified.

Policies

Event type Description

Authentication Created

An authentication policy was added to PingOne. See Authentication.

Authentication Updated

An authentication policy was updated in PingOne.

Password Policy Created

A password policy was added to PingOne. Password policies contain configurable properties for password expiration, failed sign-on attempts, account lockout, and other aspects of password and account maintenance.

Password Policy Deleted

A password policy was deleted from PingOne.

HTTP Request Policy Evaluated

An HTTP request policy evaluated filter was applied to view API Access Management events in a PingOne environment audit log using PingOne Authorize.

HTTP Response Policy Evaluated

An HTTP response policy evaluated filter was applied to view API Access Management events in a PingOne environment audit log using PingOne Authorize.

Auth Method Policy Created

For PingOne MFA, an authentication method policy was created. An authentication method policy defines the authentication methods that an end user can enable, such as SMS, email, biometrics, or an authenticator app.

Auth Method Policy Deleted

For PingOne MFA, an authentication method policy was deleted. An authentication method policy defines the authentication methods that an end user can enable, such as SMS, email, biometrics, or an authenticator app.

Auth Method Policy Updated

For PingOne MFA, an authentication method policy was updated. An authentication method policy defines the authentication methods that an end user can enable, such as SMS, email, biometrics, or an authenticator app.

FIDO Policy Created

For PingOne MFA, a FIDO policy was created. A FIDO policy defines which FIDO devices and authenticators can be used for registration and authentication purposes and to enable usernameless and passwordless authentication. See FIDO.

FIDO Policy Deleted

For PingOne MFA, a FIDO policy was deleted. A FIDO policy defines which FIDO devices and authenticators can be used for registration and authentication purposes and to enable usernameless and passwordless authentication. See FIDO.

FIDO Policy Updated

For PingOne MFA, a FIDO policy was updated. A FIDO policy defines which FIDO devices and authenticators can be used for registration and authentication purposes and to enable usernameless and passwordless authentication. See FIDO.

Risk Policy Created

A risk policy is added to PingOne.

Risk Policy Deleted

A risk policy is deleted from PingOne.

Risk Policy Updated

A risk policy is updated in PingOne.

Authorize Policy Created

A policy was created in PingOne Authorize.

Authorize Policy Deleted

A policy was deleted from PingOne Authorize.

Authorize Policy Updated

A policy was updated in PingOne Authorize.

Notification Policy Created

A notification policy was added in PingOne. Notification policies define the methods used to inform users when events occur.

Notification Policy Deleted

A notification policy was deleted in PingOne.

Notification Policy Updated

A notification policy was updated in PingOne.

Provisioning

Event type Description

Provisioning Connection Created

A provisioning connection is added to PingOne. PingOne provisioning propagates user identity information from the PingOne directory to a target identity store or from a source identity store to the PingOne directory.

Provisioning Connection Deleted

A provisioning connection is deleted from PingOne.

Provisioning Connection Updated

A provisioning connection is updated in PingOne.

Provisioning Identity Sync Failure

A user identity failed to be provisioned to PingOne.

Provisioning Mapping Created

A provisioning mapping was added to PingOne. Mapping a user’s attributes or static attributes to attributes to and from external identity stores can be done in PingOne.

Provisioning Mapping Deleted

A provisioning mapping was deleted from PingOne.

Provisioning Mapping Updated

A provisioning mapping was updated in PingOne.

Provisioning Poll Failure

A provisioning poll failure occurred in PingOne. In inbound and outbound provisioning, users are retrieved from the source identity store using a polling mechanism. After five consecutive polling failures, the polling mechanism will time out with a warning.

Provisioning Rule Created

A provisioning rule was added in PingOne. A visual representation of the provisioning rule, including the source identity store, custom filter, attribute mapping, and target identity store are shown in PingOne.

Provisioning Rule Deleted

A provisioning rule was deleted from PingOne.

Provisioning Rule Updated

A provisioning rule was updated in PingOne.

Provisioning Sync Failure

Some user identities failed to be provisioned to PingOne. The sync failure shows the number of users that were not synced for a provisioning connection in PingOne.

Provisioning Sync Started

A provisioning sync started in PingOne.

Gateways

Event type Description

Gateway Created

A gateway was added to PingOne. Learn more in Gateways.

Gateway Deleted

A gateway was removed from PingOne.

Gateway Updated

A gateway configuration was modified.

Attribute Updates via Gateway Failed

The update operation failed. As a result, PingOne user attributes were not updated. Refer to the log message for the cause of the failure.

Attribute Updates via Gateway Succeeded

The update operation succeeded. As a result, some PingOne user attributes might have been updated. Refer to the log messages for the impacted attribute names. Only system-provided user attributes are recorded; custom attributes are not.

Authorize attributes

Event type Description

Authorize Attribute Created

An attribute was created in PingOne Authorize.

Authorize Attribute Deleted

An attribute was deleted from PingOne Authorize.

Authorize Attribute Updated

An attribute was updated in PingOne Authorize.

IdP Attribute Created

A user attribute was added for an external IdP in PingOne.

IdP Attribute Deleted

A user attribute was deleted for an external IdP in PingOne.

IdP Attribute Updated

A user attribute was updated for an external IdP in PingOne.

Resource Attribute Created

A resource attribute was added to a resource in PingOne.

Resource Attribute Deleted

A resource attribute was deleted from a resource in PingOne.

Resource Attribute Updated

A resource attribute was updated in a resource in PingOne.

SAML Attribute Created

A SAML attribute was added to PingOne. Attribute mappings associate PingOne user attributes to SAML attributes in the application.

SAML Attribute Deleted

A SAML attribute was deleted from PingOne.

SAML Attribute Updated

A SAML attribute was updated in PingOne.

Schema Attribute Created

A schema attribute was added to PingOne.

Schema Attribute Deleted

A schema attribute was deleted from PingOne.

Schema Attribute Updated

A schema attribute was updated in PingOne.

External identity providers

Event type Description

Identity Provider Created

An external IdP connection was added to PingOne. An external IdP allows linked users to authenticate using the credentials provided by the external IdP.

Identity Provider Deleted

An external IdP was deleted from PingOne.

Identity Provider Updated

An external IdP was updated in PingOne.

Email domains

Event type Description

Email Domain Created

An email domain is added to PingOne. PingOne can be configured to send emails on your organization’s behalf from a trusted domain.

Email Domain Deleted

An email domain was deleted from PingOne.

Flows

Event type Description

Flow Completed

A flow, whether it be a verification, authorize, or authentication flow, was completed in PingOne.

Flow Definition Created

A flow definition was added to PingOne.

Flow Definition Deleted

A flow definition was deleted from PingOne.

Flow Definition Updated

A flow definition was updated in PingOne.

Flow Execution Created

A flow execution was added to PingOne.

Flow Execution Updated

A flow execution was updated in PingOne.

Flow Started

A flow was started in PingOne.

Flow Updated

A flow was updated in PingOne.

Grants

Event type Description

Grant Created

An authorization grant was added to PingOne.

Grant Deleted

An authorization grant was deleted from PingOne.

Grant Updated

An authorization grant was updated in PingOne.

Notifications

Event type Description

Notification Created

A notification message was added in PingOne.

Notification Updated

A notification message was updated in PingOne.

Content

Event type Description

Content Created

One piece of content (with a specific ID) was created. A piece of content represents one message text option for a notification in PingOne.

Content Deleted

One piece of content (with a specific ID) was deleted. A piece of content represents one message text option for a notification from PingOne.

Content Updated

One piece of content (with a specific ID) was updated. A piece of content represents one message text option for a notification in PingOne.

Contents Deleted

All content within a variant type was deleted from PingOne.

Contents Updated

All content within a variant type was updated in PingOne.

Password

Event type Description

Password Check Failed

A password check failed in PingOne. A user’s password was not validated with a password check. The event description includes additional details for users signing on through a PingOne gateway.

Password Check Succeeded

A password check was successful in PingOne. A user’s password is validated with a password check. The event description includes additional details for users signing on through a PingOne gateway.

Kerberos Check Failed

PingOne failed to authenticate a user with the Kerberos protocol. Failure can occur because of a lack of valid Kerberos ticket from the browser or a misconfiguration in the LDAP gateway. The error is included in the event details.

Kerberos Check Succeeded

PingOne successfully authenticated a user with the Kerberos protocol.

Password External Set

A password was set in PingOne from an external user store.

Password Force Change

A password force change was selected in PingOne. This force change forces users to change their passwords if they are reset by an administrator, which is considered an administrative password reset.

Password Recovery

A password was recovered by an end user in PingOne using the Forgot password process.

Password Reset

A password was manually reset by an administrator in PingOne.

Password Set

A password was set in PingOne.

Password Unlocked

A password was unlocked in PingOne.

Password or Sign On Policy Updated

A password or sign-on policy was updated in PingOne.

Scopes

Event type Description

Scope Created

A scope was added in PingOne.

Scope Deleted

A scope was deleted in PingOne.

Scope Updated

A scope was updated in PingOne.

Webhooks

Event type Description

Subscription Created

A webhook subscription was created in PingOne. See Webhooks.

Subscription Deleted

A webhook subscription was deleted from PingOne.

Subscription Updated

A webhook subscription was updated in PingOne.

Trusted email

Event type Description

Trusted Email Activated

A trusted email was activated in PingOne.

Trusted Email Created

A trusted email is added to a domain in PingOne. PingOne can be configured to send emails on an organization’s behalf from a trusted domain.

Trusted Email Deleted

A trusted email was deleted from PingOne.

Trusted Email Send Code

A verification code was sent in a trusted email.

Accounts

Event type Description

Account Linked

A user account in PingOne created an association with an identity in an external identity provider, such as Google or GitHub.

Account Unlinked

A user account in PingOne removed the association with an identity in an external identity provider, such as Google or GitHub.

Client secrets

Event type Description

Previous Secret Revoked

The previous client secret was revoked. Client secrets are used to authenticate an OIDC application or custom resource with PingOne.

Previous Secret Used

The previous client secret was retained when a new secret was generated.

Secret Read

A client secret was read in PingOne. Clicking the Eye icon on a secret client makes the secret readable.

Secret Updated

A client secret was updated in PingOne.

Rescue identity

Event type Description

Rescue Identity Created

Ping Identity Operations created a rescue identity for the purpose of reclaiming access to a customer tenant.

Resources

Event type Description

Resource Created

A resource was added to PingOne. Resources are the protected endpoints that applications can access using OAuth 2 authorization services.

Resource Deleted

A resource was deleted from PingOne.

Resource Updated

A resource was updated in PingOne.

Consents

Event type Description

OAuth Consent Accepted

An end user accepted an agreement in PingOne. Agreements can include terms and conditions, as well as permissions for an application.

OAuth Consent Declined

An end user declined an agreement in PingOne.

OAuth Consent Revoked

An end user revoked consent to an agreement that they had previously accepted.

Logs

Event type Description

Mobile Logs Received

For a PingID mobile application, a log of user activity was received by PingOne.