User Event Monitor Messages for the Cloud Authentication Service

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by Joyce Cohen on May 20, 2019
Version 40Show Document
  • View in full screen mode

User events trigger the following messages to appear in the User Event Monitor.

 

Event CodeLevelTypeCategoryDescription
2noticeuserAuthenticationMethod now locked.
3noticeuserAuthenticationMethod unlocked - User successfully authenticated.
20erroruserAuthenticationMethod enrollment failed - Required parameter missing.
21erroruserAuthenticationMethod enrollment failed - User does not exist.
22erroruserAuthenticationMethod enrollment failed - User account disabled.
23erroruserAuthenticationMethod enrollment failed - Sign-in device not registered to user.
24erroruserAuthenticationMethod enrollment failed - Provider type not found.
30erroruserAuthenticationAuthentication failed - Required parameter missing.
31erroruserAuthenticationAuthentication failed - User does not exist.
32erroruserAuthenticationAuthentication failed - User account disabled.
33erroruserAuthenticationAuthentication failed - Application not found.
34erroruserAuthenticationAuthentication failed - Rule not found.
35erroruserAuthenticationAuthentication failed - Method locked.
36erroruserAuthenticationAuthentication failed - Device not registered or authentication method not enrolled.
51erroruserAuthenticationAuthentication failed - Device not registered.
52erroruserAuthenticationAuthentication failed - Cannot push notification to device.
53erroruserAuthenticationAuthentication failed - Internal verification interrupted.
101noticeuserAuthenticationAuthenticate Tokencode enrollment succeeded.
102erroruserAuthenticationAuthenticate Tokencode enrollment failed - Authentication device not registered to user.
103noticeuserAuthenticationAuthenticate Tokencode authentication succeeded.
104erroruserAuthenticationAuthenticate Tokencode authentication failed - Invalid tokencode.
105erroruserAuthenticationAuthenticate Tokencode authentication failed - Previously used tokencode detected.
106noticeuserAuthenticationIdentity router API tokencode request sent to the Cloud Authentication Service.
107noticeuserAuthenticationIdentity router API tokencode response received - Authentication succeeded.
108erroruserAuthenticationIdentity router API tokencode response received - Authentication failed.
109erroruserAuthenticationIdentity router API tokencode authentication failed - User not found in identity source.
110erroruserAuthenticationIdentity router API tokencode authentication failed - Username is associated with multiple user accounts.
111erroruserAuthenticationIdentity router API tokencode authentication failed - User account disabled in identity source.
112erroruserAuthenticationIdentity router API tokencode authentication failed - User email address not found in identity source.
113erroruserAuthenticationIdentity router API tokencode authentication failed - Identity source unreachable.
114erroruserAuthenticationIdentity router API tokencode authentication failed - Cloud Authentication Service unreachable.
115erroruserUser StatusIdentity router API user status check - User not found in identity source.
116erroruserUser StatusIdentity router API user status check - Username is associated with multiple user accounts.
117erroruserUser StatusIdentity router API user status check - Identity source unreachable.
201noticeuserAuthenticationLDAP password authentication succeeded.
202erroruserAuthenticationLDAP password authentication failed - Unknown cause.
203erroruserAuthenticationLDAP password authentication failed - Request timed out or identity router is not connected.
204erroruserAuthenticationLDAP password authentication provider enrollment failed - Missing email or password.
205erroruserAuthenticationLDAP password authentication provider enrollment failed - Unknown cause.
206erroruserAuthenticationLDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user.
207erroruserAuthenticationLDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user.
208erroruserAuthenticationLDAP password authentication failed - Missing email or password.
211erroruserAuthenticationLDAP password authentication failed - LDAP server host unreachable. Invalid port or server is not running.
212erroruserAuthenticationLDAP password authentication failed - LDAP server host unresolvable.
213erroruserAuthenticationLDAP password authentication failed - Cannot establish a trusted SSL connection with the LDAP directory server. Check for invalid certificate.
215erroruserAuthenticationLDAP password authentication failed - Sign-in failure: unknown username or invalid password.
216erroruserAuthenticationLDAP password authentication failed - LDAP account restriction, for example sign-in time or policy restriction is enforced.
217erroruserAuthenticationLDAP password authentication failed - Time restriction prevents sign-in for this LDAP account.
218erroruserAuthenticationLDAP password authentication failed - LDAP account not permitted to authenticate through this identity router.
219erroruserAuthenticationLDAP password authentication failed - LDAP password expired.
220erroruserAuthenticationLDAP password authentication failed - LDAP account disabled.
221erroruserAuthenticationLDAP password authentication failed - LDAP account configuration prevents sign-in.
222erroruserAuthenticationLDAP password authentication failed - LDAP account expired.
223erroruserAuthenticationLDAP password authentication failed - LDAP password must be changed using your company's internal procedures.
224erroruserAuthenticationLDAP password authentication failed - LDAP account locked out.

225

error

user

Authentication

LDAP password authentication failed - LDAP password locked for specified lockout duration.

300noticeuserAuthenticationFIDO Token enrollment succeeded.
301erroruserAuthenticationFIDO Token enrollment failed - User reached maximum token limit.
302erroruserAuthenticationFIDO Token enrollment failed - FIDO protocol error.
303erroruserAuthenticationFIDO Token enrollment failed - RSA SecurID Access service error.
304erroruserAuthenticationFIDO Token enrollment failed - Unknown error.
316erroruserAuthenticationFIDO Token name update failed – Token name cannot be blank.
317erroruserAuthenticationFIDO Token name update failed – Token name exceeds 255 characters.
318erroruserAuthenticationFIDO Token name update failed – Token name is already in use.
340noticeuserAuthenticationFIDO Token authentication succeeded.
341erroruserAuthenticationFIDO Token authentication failed - FIDO protocol error.
342erroruserAuthenticationFIDO Token authentication failed - RSA SecurID Access service error.
343erroruserAuthenticationFIDO Token authentication failed - Unknown error.
400noticeuserAuthenticationUser re-enabled in Cloud Authentication Service.
401noticeuserAuthenticationUser disabled in directory server now disabled in Cloud Authentication Service.
402noticeuserAuthenticationUser not found in directory server now disabled in Cloud Authentication Service.
403erroruserAuthenticationJust-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Invalid email.
404erroruserAuthenticationJust-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Duplicate email.
405erroruserAuthenticationJust-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Disabled in directory server.
406erroruserAuthenticationJust-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing unique identifiers in directory server.
407erroruserAuthenticationJust-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unknown reason.
408erroruserAuthenticationJust-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing email.
601noticeuserAuthenticationRSA SecurID user authentication succeeded.
602noticeuserAuthenticationRSA SecurID user authentication succeeded - New PIN accepted.
603noticeuserAuthenticationRSA SecurID user authentication - Requires new PIN.
604noticeuserAuthenticationRSA SecurID user authentication - Requires next tokencode.
605erroruserAuthenticationRSA SecurID user authentication failed - Invalid passcode.
606erroruserAuthenticationRSA SecurID user authentication failed - Invalid next tokencode.
607erroruserAuthenticationRSA SecurID user authentication failed - Invalid PIN.
608erroruserAuthenticationRSA SecurID user authentication failed - RSA SecurID service is not available.
609erroruserAuthentication

RSA SecurID user authentication failed - Unknown cause.

611erroruserAuthenticationRSA SecurID user authentication failed - Request timed out.
701noticeuserAuthenticationApprove authentication succeeded.
702erroruserAuthenticationApprove authentication failed - User response timed out.
703erroruserAuthenticationApprove authentication failed - User denied approval.
704erroruserAuthenticationApprove enrollment failed.
707noticeuserAuthenticationApprove enrollment succeeded.

709

error

user

Authentication

Approve authentication failed - All in-progress authentication requests canceled.

801noticeuserAuthentication

Device Biometrics authentication succeeded.

802erroruserAuthentication

Device Biometrics authentication failed - User response timed out.

803erroruserAuthentication

Device Biometrics authentication failed.

804erroruserAuthentication

RSA SecurID Access enrollment for Device Biometrics failed.

805erroruserAuthentication

Fingerprint Verification authentication failed - Unexpected error.

806noticeuserAuthentication

RSA SecurID Access enrollment for Device Biometrics succeeded.

807noticeuserAuthentication

RSA SecurID Access unenrollment for Device Biometrics succeeded - Device unenrolled.

901noticeuserAuthenticationPortal sign-in succeeded.
902erroruserAuthenticationPortal sign-in failed - Authentication failed.
903erroruserAuthenticationPortal sign-in failed - Credentials are associated with multiple user accounts.
904erroruserAuthenticationPortal sign-in failed - Internal server error.
905erroruserAuthenticationPortal sign-in failed - Concurrent session limit reached.
906erroruserAuthenticationPortal sign-in failed - Password reset required.
907noticeuserAuthenticationPortal sign-out succeeded.
908noticeuserAuthenticationProtected application authentication attempt made.
909noticeuserAuthenticationProtected application authentication succeeded.
910erroruserAuthenticationProtected application authentication failed.
911noticeuserAuthenticationAdditional authentication initiated.
912noticeuserAuthenticationAdditional authentication succeeded.
913erroruserAuthenticationAdditional authentication failed.
931noticeuserAuthenticationAdditional authentication is not needed because the user already authenticated at the same assurance level or higher.
932erroruserAuthenticationAdditional authentication failed - User account disabled.
933erroruserAuthenticationPassword authentication succeeded - Client does not support required additional authentication methods - Access denied.
934noticeuserAuthenticationPassword authentication succeeded.
935erroruserAuthenticationUnsuccessful password authentication – Access denied.
936erroruserAuthenticationUnsuccessful password authentication - Credentials are associated with multiple user accounts.
937erroruserAuthenticationUnsuccessful password authentication - Internal server error.
938erroruserAuthenticationUnsuccessful password authentication - Concurrent session limit reached.
939noticeuserAuthorizationPassword authentication succeeded - Policy does not require additional authentication - Access granted.
940erroruserAuthorizationPassword authentication succeeded - User prohibited by policy settings - Access denied.
941erroruserAuthorizationPassword authentication succeeded - Access prohibited by conditional policy settings - Access denied.
942noticeuserAuthenticationPortal sign-out - User automatically signed out because of session timeout.
943noticeuserAuthenticationPortal sign-out -- User session removed. This might occur if the user has too many sessions.
944noticeuserAuthenticationPortal sign-out - No user session. For example, the session timed out and was removed.
3000noticeuserDevice ManagementDevice registration succeeded.
3001erroruserDevice ManagementDevice registration failed.
3002erroruserDevice ManagementDevice registration unsuccessful. Maximum limit (1) for devices reached.
3003noticeuserAuthenticationDevice authentication successful.
3004erroruserAuthenticationDevice authentication unsuccessful.
3005noticeuserDevice Management

User deleted device in RSA SecurID Authenticate app.

3006erroruserDevice ManagementDevice deletion failed.
3007noticeuserDevice ManagementDevice update succeeded.
3008erroruserDevice ManagementDevice update failed.
3009erroruserDevice ManagementDevice registration unsuccessful. Blocked by RSA SecurID Authenticate Device Registration policy.
3010noticeuserDevice ManagementRSA SecurID Authenticate device registration started with notifications disabled.
3012noticeuserDevice ManagementRegistration code validation succeeded.
3013erroruserDevice ManagementRSA MFA Agent for Microsoft Windows configuration not approved.
3014noticeuserDevice ManagementRSA MFA Agent for Microsoft Windows successful configuration.
3015erroruserDevice ManagementRSA MFA Agent for Microsoft Windows unsuccessful configuration.
3019noticeuserDevice ManagementEmail sent to user for RSA SecurID Authenticate device registration.
3020noticeuserDevice ManagementEmail sent to user for RSA SecurID Authenticate device deletion.
5104erroruserAuthenticationCloud Administration Console logon failed - User account inactive.
5107noticeuserAuthenticationRSA SecurID Access admin password changed.
20301noticeuserAuthenticationMultifactor authentication initiated.
20302noticeuserAuthenticationMultifactor authentication succeeded.
20303erroruserAuthenticationMultifactor authentication was unsuccessful.
20400noticeuserAuthenticationSAML IdP - Authentication request received.
20401noticeuserAuthenticationSAML IdP - Assertion sent for successful user authentication.
20402erroruserAuthenticationSAML IdP - Response sent for unsuccessful user authentication.
20403erroruserAuthentication

SAML IdP - Error response sent.

If Authentication Details includes "Message was rejected due to issue instant expiration" or "Message was rejected because was issued in the future," then there might be a time-synchronization issue between the service provider and the Cloud Authentication Service. If you see this message during an additional authentication flow for an SSO Agent application, check the time on the identity router.

20601erroruserAuthenticationRADIUS - LDAP authentication succeeded - Policy contains no RADIUS-compatible methods for additional authentication - Access denied.
20602erroruserAuthenticationRADIUS - LDAP authentication succeeded - No user device registered for required additional authentication methods - Access denied.
20603erroruserAuthenticationRADIUS - Invalid format for additional authentication request - Access denied.
20604erroruserAuthenticationRADIUS - Invalid checklist attributes - Access denied.
20605erroruserAuthenticationRADIUS - Cloud Authentication Service unreachable - Access denied.
20606erroruserAuthenticationRADIUS – Approve authentication failed – Method timeout.
20608erroruserAuthentication

RADIUS - Device Biometrics authentication failed - Method timeout.

20609erroruserAuthenticationRADIUS - Authentication failed - Internal error.
20610erroruserAuthenticationRADIUS – Approve authentication failed – Not completed before automatic push notification timeout.
20611erroruserAuthenticationRADIUS – Device Biometrics failed - Not completed before automatic push notification timeout.
20612noticeuserAuthenticationUser initiated additional authentication, primary authentication managed by RADIUS client.
20613noticeuserAuthenticationRADIUS – User selected last used method or default assurance level method for additional authentication.
20614noticeuserAuthenticationRADIUS – User selected SecurID Token or Authenticate Tokencode for additional authentication.
20615noticeuserAuthenticationRADIUS – Authentication failed.
20701erroruserAuthenticationAccess denied – User not a member of any identity source in access policy.
20702erroruserAuthenticationAccess denied – User does not match any rule sets or matches a deny rule set in access policy.
20703erroruserAuthenticationAccess denied – Policy authentication conditions deny access.
20704noticeuserAuthenticationAccess allowed – Policy authentication conditions allow access without any additional authentication.
20801erroruserAuthenticationSMS Tokencode message transmission attempted.
20802erroruserAuthenticationSMS Tokencode message transmission attempt failed - Invalid phone number.
20803erroruserAuthenticationSMS Tokencode message transmission attempt failed.
20804erroruserAuthenticationAuthentication failed - SMS Tokencode regenerated.
20805erroruserAuthenticationSMS Tokencode delivery failed.
20851noticeuserAuthenticationVoice Tokencode call succeeded.
20852erroruserAuthenticationVoice Tokencode call attempt failed - Invalid phone number.
20853erroruserAuthenticationVoice Tokencode call attempt failed.
20854erroruserAuthenticationAuthentication failed - Voice Tokencode regenerated.
20855erroruserAuthenticationVoice Tokencode delivery failed.

20900

notice

user

Authentication

OIDC - Authentication request received.

20901

notice

user

Authentication

OIDC - ID Token sent for successful user authentication.

20902

error

user

Authentication

OIDC - Response sent for unsuccessful user authentication.

20903

error

user

Authentication

OIDC - Error response sent.

21901noticeuserAuthenticationSMS Tokencode verification succeeded.
21902erroruserAuthenticationSMS Tokencode verification failed.
21903erroruserAuthenticationSMS Tokencode authentication method locked – User exceeded maximum tokencodes allowed.
21953erroruserAuthenticationVoice Tokencode authentication method locked - User exceeded maximum tokencodes allowed.
23000erroruserAuthenticationApprove with device unlock enabled - No push notification sent for Approve. RSA SecurID Authenticate app version not supported.
24001noticeuserAuthenticationMy Page sign-in succeeded.
24002noticeuserAuthenticationMy Page sign-out succeeded.
24003noticeuserAuthenticationMy Page session expired.
24004noticeuserAuthenticationUser deleted device in My Page.
25001noticeuserAuthenticationEvaluated identity confidence. See Condition Attributes for Access Policies - Reporting a User's Identity Confidence Score for details.
25002noticeuserAuthenticationFailed to evaluate identity confidence.

 

 

 

 

 

You are here

Table of Contents > Logging > User Event Monitor Messages for the Cloud Authentication Service

Attachments

    Outcomes