User Event Monitor Messages for Cloud Access Service (1501 - 20406)
User Event Monitor Messages for Cloud Access Service (1501 - 20406)
User events trigger the following messages to appear in the User Event Monitor. New user events have been added and descriptions for some of the events have been modified recently. If these descriptions are used for SIEM integrations, they must be modified accordingly.
| Event Code | Level | Category | Description |
|---|---|---|---|
| 1501 | notice | Authentication | QR Code authentication succeeded. |
| 1503 | error | Authentication | QR Code authentication failed - User denied approval. |
| 1504 | error | Authentication | QR Code enrollment failed. |
| 1505 | error | Authentication | QR Code authentication failed - Invalid QR code. |
| 1506 | error | Authentication | QR Code authentication failed - Operation is not allowed. |
| 1507 | notice | Authentication | QR Code enrollment succeeded. |
| 1508 | error | Authentication | QR Code authentication failed - Empty QR code found. |
| 1510 | error | Authentication | QR Code authentication cancelled. |
| 1511 | notice | Authentication | QR Code unenrollment succeeded. |
| 1512 | notice | Authentication | QR Code unenrollment failed. |
| 1513 | error | Authentication | QR Code authentication failed - QR code has expired. |
| 1515 | error | Authentication | QR Code authentication failed - Disabled device platform. |
| 1521 | notice | Authentication | QR Code (RSA Agent) authentication succeeded. |
| 1523 | error | Authentication | QR Code (RSA Agent) authentication failed - User denied approval. |
| 1524 | notice | Authentication | QR Code (RSA Agent) enrollment failed. |
| 1525 | error | Authentication | QR Code (RSA Agent) authentication failed - Invalid QR code. |
| 1526 | error | Authentication | QR Code (RSA Agent) authentication failed - Operation is not allowed. |
| 1527 | notice | Authentication | QR Code (RSA Agent) enrollment succeeded. |
| 1528 | error | Authentication | QR Code (RSA Agent) authentication failed - Empty QR code found. |
| 1530 | notice | Authentication | QR Code (RSA Agent) authentication cancelled. |
| 1531 | notice | Authentication | QR Code (RSA Agent) unenrollment succeeded. |
| 1532 | notice | Authentication | QR Code (RSA Agent) unenrollment failed. |
| 1533 | error | Authentication | QR Code (RSA Agent) authentication failed - QR code has expired. |
| 1534 | notice | Authentication | QR Code (RSA Agent) username is required but it is empty. |
| 1536 | error | Authentication | QR Code (RSA Agent) authentication failed - Disabled Device platform. |
| 2605 | notice | Authentication | OATH HOTP hardware authenticator enrolled successfully. |
| 2607 | error | Authentication | OATH HOTP Device Unknown Event. |
| 2608 | error | Authentication | OATH HOTP hardware authenticator enrollment failed. |
| 2609 | error | Authentication | Cloud Authentication Service unable to synchronize OATH HOTP Hardware Authenticator due to an invalid OTP. |
| 2610 | notice | Authentication | OATH HOTP hardware authenticator resynced successfully. |
| 2612 | error | Authentication | OATH HOTP hardware authenticator resync failed as the authenticator is disabled. |
| 2613 | error | Authentication | OATH HOTP Hardware Device Resync failed - Authenticator not found. |
| 2650 | error | Authentication | Unified OTP authentication factor does not match policy. |
| 2651 | notice | Authentication | Successful OATH HOTP authentication. |
| 2652 | error | Authentication | OATH HOTP authentication failed due to invalid OTP. |
| 2653 | error | Authentication | OATH HOTP authentication failed due to the factor being locked. |
| 2654 | error | Authentication | OATH HOTP authentication to the Cloud Authentication Service failed as the authenticator credentials cannot be verified. |
| 2655 | error | Authentication | OATH HOTP authentication to Cloud Authentication Service failed as the authenticator is disabled. |
| 2656 | error | Authentication | OATH HOTP authentication failed as the authenticator has no PIN set. |
| 2657 | error | Authentication | OATH HOTP authentication failed due to invalid PIN and/or OTP. |
| 2658 | notice | Authentication | OATH HOTP device enter next code mode. |
| 3000 | notice | My Authenticators | Authenticator registration succeeded. |
| 3001 | error | My Authenticators | Authenticator registration failed. |
| 3002 | error | My Authenticators | Authenticator registration failed. Maximum number of authenticators exceeded for this user. |
| 3003 | notice | Authentication | Authenticator authentication successful. |
| 3004 | error | Authentication | Authenticator authentication unsuccessful. |
| 3005 | notice | My Authenticators | User deleted Authenticator in RSA SecurID Authenticator. |
| 3006 | error | My Authenticators | Authenticator deletion failed. |
| 3007 | notice | My Authenticators | Authenticator update succeeded. |
| 3008 | error | My Authenticators | Authenticator update failed. |
| 3009 | error | My Authenticators | Authenticator registration failed. Registration was denied by the policy. |
| 3010 | notice | My Authenticators | RSA SecurID Authenticate registration started with notifications disabled. |
| 3012 | notice | My Authenticators | Registration code validation succeeded. |
| 3013 | error | My Authenticators | Offline service authentication verification failed. |
| 3014 | notice | My Authenticators | Offline day data download successful. |
| 3015 | error | My Authenticators | Offline day data download unsuccessful. |
| 3016 | notice | Authentication | Offline Emergency Access Code download successful. |
| 3017 | error | Authentication | Offline Emergency Access Code download unsuccessful. |
| 3019 | notice | My Authenticators | Email sent to user for registration with the RSA SecurID Authenticator. |
| 3020 | notice | My Authenticators | Email sent to user for RSA SecurID Authenticate authenticator deletion. |
| 3021 | notice | My Authenticators | Offline certificate enrollment successful. |
| 3022 | error | My Authenticators | Offline certificate enrollment unsuccessful. |
| 4000 | notice | Verification | Successful verification authentication. |
| 4001 | error | Verification | Verification authentication failed. |
| 4003 | notice | Verification | Verification authentication initiated. |
| 5000 | notice | Verification | Successful identity verification. |
| 5001 | error | Verification | Identity Verification failed. |
| 5002 | notice | Verification | Identity Verification initiated. |
| 5104 | error | Authentication | Cloud Administration Console logon failed - User account inactive. |
| 5107 | notice | Authentication | RSA SecurID Access admin password changed. |
| 20300 | error | Authentication | Multifactor authentication failed to initiate. |
| 20301 | notice | Authentication | Multifactor authentication initiated. |
| 20302 | notice | Authentication | Multifactor authentication succeeded. |
| 20303 | error | Authentication | Multifactor authentication was unsuccessful. |
| 20304 | notice | Authentication | Multifactor authentication complete - policy allowed access without additional authentication. |
| 20306 | notice | Authentication | Successful user authentication through Epic Hyperdrive Relying Party. |
| 20308 | notice | Authentication | Multifactor authentication from Authentication Manager is initiated. |
| 20309 | notice | Authentication | Multifactor authentication from Authentication Manager succeeded. |
| 20310 | error | Authentication | Multifactor authentication from Authentication Manager was unsuccessful. |
| 20311 | error | Authentication | Multifactor authentication failed as it timed out due to inactivity. |
| 20400 | notice | Authentication | SAML IdP - Authentication request received. |
| 20401 | notice | Authentication | SAML IdP - Assertion sent for successful user authentication. |
| 20402 | error | Authentication | SAML IdP - Response sent for unsuccessful user authentication. |
| 20403 | error | Authentication | SAML IdP - Error response sent. If Authentication Details includes "Message was rejected due to issue instant expiration" or "Message was rejected because was issued in the future," then there might be a time-synchronization issue between the service provider and the Cloud Authentication Service. If you see this message during an additional authentication flow for an IDR SSO Agent application, check the time on the identity router. |
| 20404 | notice | Authentication | SAML IdP App - Assertion sent for successful user authentication. |
| 20405 | notice | Authentication | SAML SP App - Assertion sent for successful user authentication. |
| 20406 | notice | Authentication | SAML RP - Assertion sent for successful user authentication. |
See:
User Event Monitor Messages for Cloud Access Service (02 - 345)
User Event Monitor Messages for Cloud Access Service (400 - 1409)
User Event Monitor Messages for Cloud Access Service (20601 - 38000)
Related Articles
User Event Monitor Messages for Cloud Access Service (20601 - 38000) Number of Views User Event Monitor Messages for Cloud Access Service (02 - 345) Number of Views User Event Monitor Messages for Cloud Access Service (400 - 1409) Number of Views Event Message Components for Cloud Access Service Number of Views System Event Monitor Messages for Cloud Access Service Number of Views
Trending Articles
Oracle 12c TEMP_UNDO_ENABLED parameter for managing GTT UNDO activity in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Unable to attach a replica instance due to a configuration error when enabling replication for the RADIUS server for RSA A… RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
