This information is recorded in the <pf_install>/pingfederate/log/admin.log file. The events themselves are not configurable, but you can adjust Log4j 2 configuration settings to deliver the desired level of detail surrounding each event in the <pf_install>/pingfederate/server/default/conf/log4j2.xml file.

Events logged by PingFederate include but are not limited to:

  • Login attempt
  • Explicit user logout (no time-outs)
  • Account activation or deactivation
  • Password change or reset
  • Role change
  • System settings management
  • Certificate management
  • OAuth settings management
  • Metadata export
  • XML file signatures applied
  • Configuration archive export and import
  • Identity provider (IdP)/service provider (SP) adapter, IdP token processor, or SP token generator created, modified, or deleted
  • IdP/SP default URLs modified
  • IdP/SP connection created, modified, or deleted
  • Adapter-to-Adapter mapping or token exchange mapping created, modified, or deleted
  • Authentication policy contract created, modified, or deleted
  • IdP Discovery management
  • SP Affiliation created, modified, or deleted
  • PingOne for Enterprise account connected, modified, or disconnected

Each entry in the admin.log file is on a separate line and represents a single administrator action. The general format of each entry is the same, though specific events are recorded with information relevant to each type. Events are recorded when you click the corresponding Save button in the administrative console. Each log entry contains information relating to the event, including:

  • The time the event occurred on the PingFederate server
  • The username of the administrator performing the action
  • The roles assigned to the administrator at the time the event occurred
  • The type of event that occurred
  • Basic information about the event

Each of these fields is separated by a vertical pipe (|) for easier parsing.

Detailed event logging

You can also configure PingFederate to log additional event information to a separate log file. When you enable detailed event logging, besides writing basic information to <pf_install>/pingfederate/log/adming.log, PingFederate logs detailed information about each event to admin-event-detail.log in the same log directory.


Events recorded in the log are limited to changes stored in XML files. For example, the log does not record changes to OAuth clients stored in external datastores, such as LDAP directories or Java Database Connectivity (JDBC) databases. Additionally, not all events have detailed information. For instance, sign on attempts are only logged to the admin.log file.

PingFederate links events between admin.log and admin-event-detail.log by a unique event ID. Each entry in the admin-event-detail.log file contains:

  • The ID of the event
  • The name of the file involved
  • The type of event that occurred
  • The line number where the change occurred
  • The changes made

To enable detail event logging, set the pf.log.eventdetail property to true in the <pf_install>/pingfederate/bin/ file.