User Event Monitor Messages for Cloud Access Service (02 - 345)
User Event Monitor Messages for Cloud Access Service (02 - 345)
User events trigger the following messages to appear in the User Event Monitor. New user events have been added and descriptions for some of the events have been modified recently. If these descriptions are used for SIEM integrations, they must be modified accordingly.
| Event Code | Level | Category | Description |
|---|---|---|---|
| 2 | notice | Authentication | Method now locked. |
| 3 | notice | Authentication | Method unlocked - User successfully authenticated. |
| 4 | notice | Authentication | SecurID OTP automatically unlocked – Lockout duration expired. |
| 20 | error | Authentication | Method enrollment failed - Required parameter missing. |
| 21 | error | Authentication | Method enrollment failed - User does not exist. |
| 22 | error | Authentication | Method enrollment failed - User account disabled. |
| 23 | error | Authentication | Method enrollment failed - Logon authenticator not registered to user. |
| 24 | error | Authentication | Method enrollment failed - Provider type not found. |
| 30 | error | Authentication | Authentication failed - Required parameter missing. |
| 31 | error | Authentication | Authentication failed - User does not exist. |
| 32 | error | Authentication | Authentication failed - User account disabled. |
| 33 | error | Authentication | Authentication failed - Application not found. |
| 34 | error | Authentication | Authentication failed - Rule not found. |
| 35 | error | Authentication | Authentication failed - Method locked. |
| 36 | error | Authentication | Authentication failed - Authenticator not registered or authentication method not enrolled. |
| 38 | error | Authentication | Illegal access. |
| 51 | error | Authentication | Authentication failed - Authenticator not registered. |
| 52 | error | Authentication | Authentication failed - Cannot push notification to authenticator. |
| 53 | error | Authentication | Authentication failed - Internal verification interrupted. |
| 101 | notice | Authentication | Authenticate OTP authentication method enrollment succeeded. |
| 102 | error | Authentication | Authenticate OTP authentication method enrollment failed. |
| 103 | notice | Authentication | Authenticate OTP authentication succeeded. |
| 104 | error | Authentication | Authenticate OTP authentication failed - Invalid OTP. |
| 105 | error | Authentication | Authenticate OTP authentication failed - Previously used OTP detected. |
| 106 | notice | Authentication | Identity router API SecurID OTP request sent to the Cloud Authentication Service. |
| 107 | notice | Authentication | Identity router API SecurID OTP response received - Authentication succeeded. |
| 108 | error | Authentication | Identity router API SecurID OTP response received - Authentication failed. |
| 109 | error | Authentication | Identity router API SecurID OTP authentication failed - User not found in identity source. |
| 110 | error | Authentication | Identity router API SecurID OTP authentication failed - Username is associated with multiple user accounts. |
| 111 | error | Authentication | Identity router API SecurID OTP authentication failed - User account disabled in identity source. |
| 112 | error | Authentication | Identity router API SecurID OTP authentication failed - User email address not found in identity source. |
| 113 | error | Authentication | Identity router API SecurID OTP authentication failed - Identity source unreachable. |
| 114 | error | Authentication | Identity router API SecurID OTP authentication failed - Cloud Authentication Service unreachable. |
| 115 | error | User Status | Identity router API user status check - User not found in identity source. |
| 116 | error | User Status | Identity router API user status check - Username is associated with multiple user accounts. |
| 117 | error | User Status | Identity router API user status check - Identity source unreachable. |
| 150 | error | Authentication | Authenticate OTP authentication failed - Error occurred. |
| 151 | notice | Authentication | Authenticate OTP authentication unenrollment succeeded. |
| 152 | notice | Authentication | Authenticate OTP authentication unenrollment failed. |
| 153 | error | My Authenticators | Authenticator registration failed. Maximum number of authenticators exceeded for this user. |
| 155 | error | Authentication | Authenticate OTP authentication failed - Disabled device platform. |
| 201 | notice | Authentication | LDAP password authentication succeeded. |
| 202 | error | Authentication | LDAP password authentication failed - Unknown cause. |
| 203 | error | Authentication | LDAP password authentication failed - Request timed out or identity router is not connected. |
| 204 | error | Authentication | LDAP password authentication provider enrollment failed - Missing email or password. |
| 205 | error | Authentication | LDAP password authentication provider enrollment failed - Unknown cause. |
| 206 | error | Authentication | LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user. |
| 207 | error | Authentication | LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user. |
| 208 | error | Authentication | LDAP password authentication failed - Missing email or password. |
| 211 | error | Authentication | LDAP password authentication failed - LDAP server host unreachable. Invalid port or server is not running. |
| 212 | error | Authentication | LDAP password authentication failed - LDAP server host unresolvable. |
| 213 | error | Authentication | LDAP password authentication failed - Cannot establish a trusted SSL/TLS connection with the LDAP directory server. Check for invalid certificate. |
| 215 | error | Authentication | LDAP password authentication failed - Sign-in failure: unknown username or invalid password. |
| 216 | error | Authentication | LDAP password authentication failed - LDAP account restriction, for example sign-in time or policy restriction is enforced. |
| 217 | error | Authentication | LDAP password authentication failed - Time restriction prevents sign-in for this LDAP account. |
| 218 | error | Authentication | LDAP password authentication failed - LDAP account not permitted to authenticate through this identity router. |
| 219 | error | Authentication | LDAP password authentication failed - LDAP password expired. |
| 220 | error | Authentication | LDAP password authentication failed - LDAP account disabled. |
| 221 | error | Authentication | LDAP password authentication failed - LDAP account configuration prevents sign-in. |
| 222 | error | Authentication | LDAP password authentication failed - LDAP account expired. |
| 223 | error | Authentication | LDAP password authentication failed - LDAP password must be changed using your company's internal procedures. |
| 224 | error | Authentication | LDAP password authentication failed - LDAP account locked out. |
225 | error | Authentication | LDAP password authentication failed - LDAP password locked for specified lockout duration. |
| 230 | notice | Authentication | Unified Directory user password authentication succeeded. |
| 231 | error | Authentication | Unified Directory user password authentication failed - Unknown cause. |
| 232 | error | Authentication | Unified Directory user password authentication failed - Unknown username or invalid password. |
| 233 | error | Authentication | Unified Directory user password authentication failed - Password locked for specified lockout duration. |
| 234 | notice | Authentication | Unified Directory user password authentication succeeded - password must be changed. |
| 235 | error | Authentication | Unified Directory user password reset failed - new password does not meet the password requirements. |
| 236 | error | Authentication | Unified Directory user password authentication failed - password must be changed. |
| 237 | notice | Authentication | Unified Directory user password reset succeeded. |
| 300 | notice | Authentication | FIDO enrollment succeeded. |
| 301 | error | Authentication | FIDO enrollment failed - User reached maximum authenticator limit. |
| 302 | error | Authentication | FIDO enrollment failed - FIDO protocol error. |
| 303 | error | Authentication | FIDO enrollment failed - RSA SecurID Access service error. |
| 304 | error | Authentication | FIDO enrollment failed - Unknown error. |
| 310 | notice | Authentication | FIDO authenticator deleted. |
| 315 | notice | Authentication | FIDO authenticator updated. |
| 316 | error | Authentication | FIDO authenticator name update failed – Authenticator name cannot be blank. |
| 317 | error | Authentication | FIDO authenticator name update failed – Authenticator name exceeds 255 characters. |
| 318 | error | Authentication | FIDO authenticator name update failed – Authenticator name is already in use. |
| 340 | notice | Authentication | FIDO authentication succeeded. |
| 341 | error | Authentication | FIDO authentication failed - FIDO protocol error. |
| 342 | error | Authentication | FIDO authentication failed - RSA SecurID Access service error. |
| 343 | error | Authentication | FIDO authentication failed - Unknown error. |
| 344 | error | Authentication | FIDO authentication failed - FIDO token disabled. |
| 345 | error | Authentication | FIDO authentication failed - Disabled device platform. |
See:
User Event Monitor Messages for Cloud Access Service (400 - 1409)
User Event Monitor Messages for Cloud Access Service (1501 - 20406)
User Event Monitor Messages for Cloud Access Service (20601 - 38000)
Related Articles
User Event Monitor Messages for Cloud Access Service (20601 - 38000) Number of Views Event Message Components for Cloud Access Service Number of Views User Event Monitor Messages for Cloud Access Service (400 - 1409) Number of Views User Event Monitor Messages for Cloud Access Service (1501 - 20406) Number of Views System Event Monitor Messages for Cloud Access Service Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes for RSA Authentication Manager 8.8 Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
Don't see what you're looking for?
