User events trigger the following messages to appear in the User Event Monitor.
| Event Code | Level | Type | Category | Description |
|---|---|---|---|---|
| 2 | notice | user | Authentication | Method now locked. |
| 3 | notice | user | Authentication | Method unlocked - User successfully authenticated. |
| 20 | error | user | Authentication | Method enrollment failed - Required parameter missing. |
| 21 | error | user | Authentication | Method enrollment failed - User does not exist. |
| 22 | error | user | Authentication | Method enrollment failed - User account disabled. |
| 23 | error | user | Authentication | Method enrollment failed - Sign-in device not registered to user. |
| 24 | error | user | Authentication | Method enrollment failed - Provider type not found. |
| 30 | error | user | Authentication | Authentication failed - Required parameter missing. |
| 31 | error | user | Authentication | Authentication failed - User does not exist. |
| 32 | error | user | Authentication | Authentication failed - User account disabled. |
| 33 | error | user | Authentication | Authentication failed - Application not found. |
| 34 | error | user | Authentication | Authentication failed - Rule not found. |
| 35 | error | user | Authentication | Authentication failed - Method locked. |
| 36 | error | user | Authentication | Authentication failed - Device not registered or authentication method not enrolled. |
| 51 | error | user | Authentication | Authentication failed - Device not registered. |
| 52 | error | user | Authentication | Authentication failed - Cannot push notification to device. |
| 53 | error | user | Authentication | Authentication failed - Internal verification interrupted. |
| 101 | notice | user | Authentication | Authenticate Tokencode enrollment succeeded. |
| 102 | error | user | Authentication | Authenticate Tokencode enrollment failed - Authentication device not registered to user. |
| 103 | notice | user | Authentication | Authenticate Tokencode authentication succeeded. |
| 104 | error | user | Authentication | Authenticate Tokencode authentication failed - Invalid tokencode. |
| 105 | error | user | Authentication | Authenticate Tokencode authentication failed - Previously used tokencode detected. |
| 106 | notice | user | Authentication | Identity router API tokencode request sent to the Cloud Authentication Service. |
| 107 | notice | user | Authentication | Identity router API tokencode response received - Authentication succeeded. |
| 108 | error | user | Authentication | Identity router API tokencode response received - Authentication failed. |
| 109 | error | user | Authentication | Identity router API tokencode authentication failed - User not found in identity source. |
| 110 | error | user | Authentication | Identity router API tokencode authentication failed - Username is associated with multiple user accounts. |
| 111 | error | user | Authentication | Identity router API tokencode authentication failed - User account disabled in identity source. |
| 112 | error | user | Authentication | Identity router API tokencode authentication failed - User email address not found in identity source. |
| 113 | error | user | Authentication | Identity router API tokencode authentication failed - Identity source unreachable. |
| 114 | error | user | Authentication | Identity router API tokencode authentication failed - Cloud Authentication Service unreachable. |
| 115 | error | user | User Status | Identity router API user status check - User not found in identity source. |
| 116 | error | user | User Status | Identity router API user status check - Username is associated with multiple user accounts. |
| 117 | error | user | User Status | Identity router API user status check - Identity source unreachable. |
| 201 | notice | user | Authentication | LDAP password authentication succeeded. |
| 202 | error | user | Authentication | LDAP password authentication failed - Unknown cause. |
| 203 | error | user | Authentication | LDAP password authentication failed - Request timed out or identity router is not connected. |
| 204 | error | user | Authentication | LDAP password authentication provider enrollment failed - Missing email or password. |
| 205 | error | user | Authentication | LDAP password authentication provider enrollment failed - Unknown cause. |
| 206 | error | user | Authentication | LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user. |
| 207 | error | user | Authentication | LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user. |
| 208 | error | user | Authentication | LDAP password authentication failed - Missing email or password. |
| 211 | error | user | Authentication | LDAP password authentication failed - LDAP server host unreachable. Invalid port or server is not running. |
| 212 | error | user | Authentication | LDAP password authentication failed - LDAP server host unresolvable. |
| 213 | error | user | Authentication | LDAP password authentication failed - Cannot establish a trusted SSL connection with the LDAP directory server. Check for invalid certificate. |
| 215 | error | user | Authentication | LDAP password authentication failed - Sign-in failure: unknown username or invalid password. |
| 216 | error | user | Authentication | LDAP password authentication failed - LDAP account restriction, for example sign-in time or policy restriction is enforced. |
| 217 | error | user | Authentication | LDAP password authentication failed - Time restriction prevents sign-in for this LDAP account. |
| 218 | error | user | Authentication | LDAP password authentication failed - LDAP account not permitted to authenticate through this identity router. |
| 219 | error | user | Authentication | LDAP password authentication failed - LDAP password expired. |
| 220 | error | user | Authentication | LDAP password authentication failed - LDAP account disabled. |
| 221 | error | user | Authentication | LDAP password authentication failed - LDAP account configuration prevents sign-in. |
| 222 | error | user | Authentication | LDAP password authentication failed - LDAP account expired. |
| 223 | error | user | Authentication | LDAP password authentication failed - LDAP password must be changed using your company's internal procedures. |
| 224 | error | user | Authentication | LDAP password authentication failed - LDAP account locked out. |
225 | error | user | Authentication | LDAP password authentication failed - LDAP password locked for specified lockout duration. |
| 300 | notice | user | Authentication | FIDO Token enrollment succeeded. |
| 301 | error | user | Authentication | FIDO Token enrollment failed - User reached maximum token limit. |
| 302 | error | user | Authentication | FIDO Token enrollment failed - FIDO protocol error. |
| 303 | error | user | Authentication | FIDO Token enrollment failed - RSA SecurID Access service error. |
| 304 | error | user | Authentication | FIDO Token enrollment failed - Unknown error. |
| 316 | error | user | Authentication | FIDO Token name update failed – Token name cannot be blank. |
| 317 | error | user | Authentication | FIDO Token name update failed – Token name exceeds 255 characters. |
| 318 | error | user | Authentication | FIDO Token name update failed – Token name is already in use. |
| 340 | notice | user | Authentication | FIDO Token authentication succeeded. |
| 341 | error | user | Authentication | FIDO Token authentication failed - FIDO protocol error. |
| 342 | error | user | Authentication | FIDO Token authentication failed - RSA SecurID Access service error. |
| 343 | error | user | Authentication | FIDO Token authentication failed - Unknown error. |
| 400 | notice | user | Authentication | User re-enabled in Cloud Authentication Service. |
| 401 | notice | user | Authentication | User disabled in directory server now disabled in Cloud Authentication Service. |
| 402 | notice | user | Authentication | User not found in directory server now disabled in Cloud Authentication Service. |
| 403 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Invalid email. |
| 404 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Duplicate email. |
| 405 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Disabled in directory server. |
| 406 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing unique identifiers in directory server. |
| 407 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unknown reason. |
| 408 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing email. |
| 601 | notice | user | Authentication | RSA SecurID user authentication succeeded. |
| 602 | notice | user | Authentication | RSA SecurID user authentication succeeded - New PIN accepted. |
| 603 | notice | user | Authentication | RSA SecurID user authentication - Requires new PIN. |
| 604 | notice | user | Authentication | RSA SecurID user authentication - Requires next tokencode. |
| 605 | error | user | Authentication | RSA SecurID user authentication failed - Invalid passcode. |
| 606 | error | user | Authentication | RSA SecurID user authentication failed - Invalid next tokencode. |
| 607 | error | user | Authentication | RSA SecurID user authentication failed - Invalid PIN. |
| 608 | error | user | Authentication | RSA SecurID user authentication failed - RSA SecurID service is not available. |
| 609 | error | user | Authentication | RSA SecurID user authentication failed - Unknown cause. |
| 611 | error | user | Authentication | RSA SecurID user authentication failed - Request timed out. |
| 701 | notice | user | Authentication | Approve authentication succeeded. |
| 702 | error | user | Authentication | Approve authentication failed - User response timed out. |
| 703 | error | user | Authentication | Approve authentication failed - User denied approval. |
| 704 | error | user | Authentication | Approve enrollment failed. |
| 707 | notice | user | Authentication | Approve enrollment succeeded. |
709 | error | user | Authentication | Approve authentication failed - All in-progress authentication requests canceled. |
| 801 | notice | user | Authentication | Device Biometrics authentication succeeded. |
| 802 | error | user | Authentication | Device Biometrics authentication failed - User response timed out. |
| 803 | error | user | Authentication | Device Biometrics authentication failed. |
| 804 | error | user | Authentication | RSA SecurID Access enrollment for Device Biometrics failed. |
| 805 | error | user | Authentication | Fingerprint Verification authentication failed - Unexpected error. |
| 806 | notice | user | Authentication | RSA SecurID Access enrollment for Device Biometrics succeeded. |
| 807 | notice | user | Authentication | RSA SecurID Access unenrollment for Device Biometrics succeeded - Device unenrolled. |
| 901 | notice | user | Authentication | Portal sign-in succeeded. |
| 902 | error | user | Authentication | Portal sign-in failed - Authentication failed. |
| 903 | error | user | Authentication | Portal sign-in failed - Credentials are associated with multiple user accounts. |
| 904 | error | user | Authentication | Portal sign-in failed - Internal server error. |
| 905 | error | user | Authentication | Portal sign-in failed - Concurrent session limit reached. |
| 906 | error | user | Authentication | Portal sign-in failed - Password reset required. |
| 907 | notice | user | Authentication | Portal sign-out succeeded. |
| 908 | notice | user | Authentication | Protected application authentication attempt made. |
| 909 | notice | user | Authentication | Protected application authentication succeeded. |
| 910 | error | user | Authentication | Protected application authentication failed. |
| 911 | notice | user | Authentication | Additional authentication initiated. |
| 912 | notice | user | Authentication | Additional authentication succeeded. |
| 913 | error | user | Authentication | Additional authentication failed. |
| 931 | notice | user | Authentication | Additional authentication is not needed because the user already authenticated at the same assurance level or higher. |
| 932 | error | user | Authentication | Additional authentication failed - User account disabled. |
| 933 | error | user | Authentication | Password authentication succeeded - Client does not support required additional authentication methods - Access denied. |
| 934 | notice | user | Authentication | Password authentication succeeded. |
| 935 | error | user | Authentication | Unsuccessful password authentication – Access denied. |
| 936 | error | user | Authentication | Unsuccessful password authentication - Credentials are associated with multiple user accounts. |
| 937 | error | user | Authentication | Unsuccessful password authentication - Internal server error. |
| 938 | error | user | Authentication | Unsuccessful password authentication - Concurrent session limit reached. |
| 939 | notice | user | Authorization | Password authentication succeeded - Policy does not require additional authentication - Access granted. |
| 940 | error | user | Authorization | Password authentication succeeded - User prohibited by policy settings - Access denied. |
| 941 | error | user | Authorization | Password authentication succeeded - Access prohibited by conditional policy settings - Access denied. |
| 942 | notice | user | Authentication | Portal sign-out - User automatically signed out because of session timeout. |
| 943 | notice | user | Authentication | Portal sign-out -- User session removed. This might occur if the user has too many sessions. |
| 944 | notice | user | Authentication | Portal sign-out - No user session. For example, the session timed out and was removed. |
| 3000 | notice | user | Device Management | Device registration succeeded. |
| 3001 | error | user | Device Management | Device registration failed. |
| 3002 | error | user | Device Management | Device registration unsuccessful. Maximum limit (1) for devices reached. |
| 3003 | notice | user | Authentication | Device authentication successful. |
| 3004 | error | user | Authentication | Device authentication unsuccessful. |
| 3005 | notice | user | Device Management | User deleted device in RSA SecurID Authenticate app. |
| 3006 | error | user | Device Management | Device deletion failed. |
| 3007 | notice | user | Device Management | Device update succeeded. |
| 3008 | error | user | Device Management | Device update failed. |
| 3009 | error | user | Device Management | Device registration unsuccessful. Blocked by RSA SecurID Authenticate Device Registration policy. |
| 3010 | notice | user | Device Management | RSA SecurID Authenticate device registration started with notifications disabled. |
| 3012 | notice | user | Device Management | Registration code validation succeeded. |
| 3013 | error | user | Device Management | RSA MFA Agent for Microsoft Windows configuration not approved. |
| 3014 | notice | user | Device Management | RSA MFA Agent for Microsoft Windows successful configuration. |
| 3015 | error | user | Device Management | RSA MFA Agent for Microsoft Windows unsuccessful configuration. |
| 3019 | notice | user | Device Management | Email sent to user for RSA SecurID Authenticate device registration. |
| 3020 | notice | user | Device Management | Email sent to user for RSA SecurID Authenticate device deletion. |
| 5104 | error | user | Authentication | Cloud Administration Console logon failed - User account inactive. |
| 5107 | notice | user | Authentication | RSA SecurID Access admin password changed. |
| 20301 | notice | user | Authentication | Multifactor authentication initiated. |
| 20302 | notice | user | Authentication | Multifactor authentication succeeded. |
| 20303 | error | user | Authentication | Multifactor authentication was unsuccessful. |
| 20400 | notice | user | Authentication | SAML IdP - Authentication request received. |
| 20401 | notice | user | Authentication | SAML IdP - Assertion sent for successful user authentication. |
| 20402 | error | user | Authentication | SAML IdP - Response sent for unsuccessful user authentication. |
| 20403 | error | user | Authentication | SAML IdP - Error response sent. If Authentication Details includes "Message was rejected due to issue instant expiration" or "Message was rejected because was issued in the future," then there might be a time-synchronization issue between the service provider and the Cloud Authentication Service. If you see this message during an additional authentication flow for an SSO Agent application, check the time on the identity router. |
| 20601 | error | user | Authentication | RADIUS - LDAP authentication succeeded - Policy contains no RADIUS-compatible methods for additional authentication - Access denied. |
| 20602 | error | user | Authentication | RADIUS - LDAP authentication succeeded - No user device registered for required additional authentication methods - Access denied. |
| 20603 | error | user | Authentication | RADIUS - Invalid format for additional authentication request - Access denied. |
| 20604 | error | user | Authentication | RADIUS - Invalid checklist attributes - Access denied. |
| 20605 | error | user | Authentication | RADIUS - Cloud Authentication Service unreachable - Access denied. |
| 20606 | error | user | Authentication | RADIUS – Approve authentication failed – Method timeout. |
| 20608 | error | user | Authentication | RADIUS - Device Biometrics authentication failed - Method timeout. |
| 20609 | error | user | Authentication | RADIUS - Authentication failed - Internal error. |
| 20610 | error | user | Authentication | RADIUS – Approve authentication failed – Not completed before automatic push notification timeout. |
| 20611 | error | user | Authentication | RADIUS – Device Biometrics failed - Not completed before automatic push notification timeout. |
| 20612 | notice | user | Authentication | User initiated additional authentication, primary authentication managed by RADIUS client. |
| 20613 | notice | user | Authentication | RADIUS – User selected last used method or default assurance level method for additional authentication. |
| 20614 | notice | user | Authentication | RADIUS – User selected SecurID Token or Authenticate Tokencode for additional authentication. |
| 20615 | notice | user | Authentication | RADIUS – Authentication failed. |
| 20701 | error | user | Authentication | Access denied – User not a member of any identity source in access policy. |
| 20702 | error | user | Authentication | Access denied – User does not match any rule sets or matches a deny rule set in access policy. |
| 20703 | error | user | Authentication | Access denied – Policy authentication conditions deny access. |
| 20704 | notice | user | Authentication | Access allowed – Policy authentication conditions allow access without any additional authentication. |
| 20801 | error | user | Authentication | SMS Tokencode message transmission attempted. |
| 20802 | error | user | Authentication | SMS Tokencode message transmission attempt failed - Invalid phone number. |
| 20803 | error | user | Authentication | SMS Tokencode message transmission attempt failed. |
| 20804 | error | user | Authentication | Authentication failed - SMS Tokencode regenerated. |
| 20805 | error | user | Authentication | SMS Tokencode delivery failed. |
| 20851 | notice | user | Authentication | Voice Tokencode call succeeded. |
| 20852 | error | user | Authentication | Voice Tokencode call attempt failed - Invalid phone number. |
| 20853 | error | user | Authentication | Voice Tokencode call attempt failed. |
| 20854 | error | user | Authentication | Authentication failed - Voice Tokencode regenerated. |
| 20855 | error | user | Authentication | Voice Tokencode delivery failed. |
20900 | notice | user | Authentication | OIDC - Authentication request received. |
20901 | notice | user | Authentication | OIDC - ID Token sent for successful user authentication. |
20902 | error | user | Authentication | OIDC - Response sent for unsuccessful user authentication. |
20903 | error | user | Authentication | OIDC - Error response sent. |
| 21901 | notice | user | Authentication | SMS Tokencode verification succeeded. |
| 21902 | error | user | Authentication | SMS Tokencode verification failed. |
| 21903 | error | user | Authentication | SMS Tokencode authentication method locked – User exceeded maximum tokencodes allowed. |
| 21953 | error | user | Authentication | Voice Tokencode authentication method locked - User exceeded maximum tokencodes allowed. |
| 23000 | error | user | Authentication | Approve with device unlock enabled - No push notification sent for Approve. RSA SecurID Authenticate app version not supported. |
| 24001 | notice | user | Authentication | My Page sign-in succeeded. |
| 24002 | notice | user | Authentication | My Page sign-out succeeded. |
| 24003 | notice | user | Authentication | My Page session expired. |
| 24004 | notice | user | Authentication | User deleted device in My Page. |
| 25001 | notice | user | Authentication | Evaluated identity confidence. See Condition Attributes for Access Policies - Reporting a User's Identity Confidence Score for details. |
| 25002 | notice | user | Authentication | Failed to evaluate identity confidence. |
Previous Topic:Monitor System Events in the Cloud Authentication Console
You are here
Table of Contents > Logging > User Event Monitor Messages for the Cloud Authentication Service