User Event Monitor Messages for Cloud Access Service (400 - 1409)
User Event Monitor Messages for Cloud Access Service (400 - 1409)
User events trigger the following messages to appear in the User Event Monitor. New user events have been added and descriptions for some of the events have been modified recently. If these descriptions are used for SIEM integrations, they must be modified accordingly.
| Event Code | Level | Category | Description |
|---|---|---|---|
| 400 | notice | Authentication | User re-enabled in the Cloud Authentication Service. |
| 401 | notice | Authentication | User disabled in directory server now disabled in the Cloud Authentication Service. |
| 402 | notice | Authentication | User not found in directory server now disabled in the Cloud Authentication Service. |
| 403 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Invalid email. |
| 404 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Duplicate email. |
| 405 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Disabled in directory server. |
| 406 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing unique identifiers in directory server. |
| 407 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unknown reason. |
| 408 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing email. |
| 409 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - No identity router can service this request. |
| 410 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unable to contact directory server. |
| 413 | error | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - LDAP search of the directory server failed. |
| 500 | notice | Authentication | Cloud Identity Provider (IDP) authentication succeeded. |
| 501 | error | Authentication | Cloud Identity Provider (IDP) authentication failed. |
| 600 | notice | Authentication | SecurID OTP Credential enrollment failed - User name not found for user. |
| 601 | notice | Authentication | Authentication Manager successfully authenticated SecurID OTP Credential. |
| 602 | notice | Authentication | Authentication Manager successfully authenticated SecurID OTP Credential - New PIN accepted. |
| 603 | notice | Authentication | Authentication Manager unable to authenticate SecurID OTP Credential – New PIN required. |
| 604 | notice | Authentication | Authentication Manager requires next OTP for SecurID OTP Credential. |
| 605 | error | Authentication | Authentication Manager unable to authenticate SecurID OTP Credential - Invalid OTP. |
| 606 | error | Authentication | Authentication Manager unable to authenticate SecurID OTP Credential - Invalid next OTP. |
| 607 | error | Authentication | Authentication Manager unable to authenticate SecurID OTP Credential - Invalid PIN. |
| 608 | error | Authentication | Unable to authenticate SecurID OTP Credential – Authentication Manager service unavailable. |
| 609 | error | Authentication | Authentication Manager unable to authenticate SecurID OTP Credential - Unknown cause. |
| 610 | error | Authentication | SecurID OTP Credential enrollment succeeded. |
| 611 | error | Authentication | Authentication Manager unable to authenticate SecurID OTP Credential - Request timed out. |
| 650 | notice | Authentication | Cloud Authentication Service unable to validate credentials. Request redirected to Authentication Manager. |
| 652 | notice | Authentication | Cloud Authentication Service successfully validated Hardware Authenticator credentials. |
| 653 | error | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – Invalid credentials. |
| 654 | error | Authentication | Cloud Authentication Service unable to test Hardware Authenticator - Authenticator not found. |
| 655 | error | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – Invalid serial number. |
| 656 | error | Authentication | Cloud Authentication Service unable to test Hardware Authenticator - Authenticator PIN not set. |
| 657 | error | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – Authenticator expired. |
| 658 | error | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – Authenticator disabled. |
| 659 | error | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – User not authorized to use this authenticator. |
| 660 | notice | Authentication | Cloud Authentication Service successfully validated Hardware Authenticator credentials. |
| 661 | notice | Authentication | Hardware Authenticator locked in Cloud Authentication Service. Request redirected to RSA Authentication Manager. |
| 662 | error | Authentication | Hardware Authenticator locked in Cloud Authentication Service - User exceeded maximum failed attempts. |
| 663 | error | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid PIN and/or OTP. |
| 664 | error | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Previously used OTP was reused for authentication. |
| 665 | error | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator PIN not set. |
| 666 | error | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator expired. |
| 667 | error | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator disabled. |
| 670 | error | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid PIN. |
| 671 | error | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator credentials cannot be verified. |
| 680 | notice | Authentication | OTP Credential registration succeeded for RSA DS100 Hardware Authenticator. |
| 681 | error | Authentication | OTP Credential registration failed for RSA DS100 Hardware Authenticator. |
| 682 | error | Authentication | OTP Credential registration failed for RSA DS100 Hardware Authenticator - User not authorized to use this token. |
| 701 | notice | Authentication | Approve authentication succeeded. |
| 702 | error | Authentication | Approve authentication failed - User response timed out. |
| 703 | error | Authentication | Approve authentication failed - User denied approval. |
| 704 | error | Authentication | Approve enrollment failed. |
| 707 | notice | Authentication | Approve enrollment succeeded. |
709 | error | Authentication | Approve authentication failed - All in-progress authentication requests canceled. |
| 713 | notice | Authentication | Agent does not support the Code Matching feature. Code will not be used as part of the Approve push notification. |
| 714 | notice | Authentication | Agent does not support the Code Matching feature. Code will not be used as part of the Biometric push notification. |
| 715 | notice | Authentication | Authenticator does not support the Code Matching feature. Code will not be used as part of the Biometric push notification. |
| 716 | notice | Authentication | Authenticator does not support the Code Matching feature. Code will not be used as part of the Approve push notification. |
| 720 | error | Authentication | Approve authentication failed - Disabled device platform |
| 801 | notice | Authentication | Biometric authentication succeeded. |
| 802 | error | Authentication | Biometric authentication failed - User response timed out. |
| 803 | error | Authentication | Biometric authentication failed - User denied access to biometric credentials. |
| 804 | error | Authentication | Biometric authenticator enrollment failed. |
| 805 | error | Authentication | Biometric authentication failed - Unexpected error. |
| 806 | notice | Authentication | Biometric authenticator enrollment succeeded. |
| 807 | notice | Authentication | Biometric authenticator unenrollment succeeded. |
| 808 | error | Authentication | Biometric authentication failed - All in-progress authentication requests canceled. |
| 809 | error | Authentication | Biometric authentication failed - Authenticator not found. |
| 810 | error | Authentication | Biometric authentication canceled. |
| 811 | notice | Authentication | Biometric authenticator unenrollment failed. |
| 812 | error | Authentication | Biometric authentication failed - Disabled device platform. |
| 831 | notice | Authentication | Device Biometrics (RSA Agent) authentication succeeded. |
| 832 | error | Authentication | Device Biometrics (RSA Agent) authentication failed - User response timed out. |
| 833 | error | Authentication | Device Biometrics (RSA Agent) authentication failed - User denied access to biometric credentials. |
| 834 | error | Authentication | Device Biometrics (RSA Agent) authenticator enrollment failed. |
| 835 | error | Authentication | Device Biometrics (RSA Agent) authentication failed - Unexpected error. |
| 836 | notice | Authentication | Device Biometrics (RSA Agent) authenticator enrollment succeeded. |
| 837 | error | Authentication | Device Biometrics (RSA Agent) authenticator unenrollment succeeded. |
| 838 | error | Authentication | Device Biometrics (RSA Agent) authentication failed - All in-progress authentication requests cancelled. |
| 839 | error | Authentication | Device Biometrics (RSA Agent) authentication failed - Authenticator not found. |
| 840 | notice | Authentication | Device Biometrics (RSA Agent) authentication cancelled. |
| 841 | error | Authentication | Device Biometrics (RSA Agent) authenticator unenrollment failed. |
| 842 | error | Authentication | Device Biometrics (RSA Agent) authentication failed - Disabled device platform. |
| 901 | notice | Authentication | Portal sign-in succeeded. |
| 902 | error | Authentication | Portal sign-in failed - Authentication failed. |
| 903 | error | Authentication | Portal sign-in failed - Credentials are associated with multiple user accounts. |
| 904 | error | Authentication | Portal sign-in failed - Internal server error. |
| 905 | error | Authentication | Portal sign-in failed - Concurrent session limit reached. |
| 906 | error | Authentication | Portal sign-in failed - Password reset required. |
| 907 | notice | Authentication | Portal sign-out succeeded. |
| 908 | notice | Authentication | Protected application authentication attempt made. |
| 909 | notice | Authentication | Protected application authentication succeeded. |
| 910 | error | Authentication | Protected application authentication failed. |
| 911 | notice | Authentication | Additional authentication initiated. |
| 912 | notice | Authentication | Additional authentication succeeded. |
| 913 | error | Authentication | Additional authentication failed. |
| 931 | notice | Authentication | Additional authentication is not needed because the user already authenticated at the same assurance level or higher. |
| 932 | error | Authentication | Additional authentication failed - User account disabled. |
| 933 | error | Authentication | Password authentication succeeded - Client does not support required additional authentication methods - Access denied. |
| 934 | notice | Authentication | Password authentication succeeded. |
| 935 | error | Authentication | Unsuccessful password authentication – Access denied. |
| 936 | error | Authentication | Unsuccessful password authentication - Credentials are associated with multiple user accounts. |
| 937 | error | Authentication | Unsuccessful password authentication - Internal server error. |
| 938 | error | Authentication | Unsuccessful password authentication - Concurrent session limit reached. |
| 939 | notice | Authorization | Password authentication succeeded - Policy does not require additional authentication - Access granted. |
| 940 | error | Authorization | Password authentication succeeded - User prohibited by policy settings - Access denied. |
| 941 | error | Authorization | Password authentication succeeded - Access prohibited by conditional policy settings - Access denied. |
| 942 | notice | Authentication | Portal sign-out - User automatically signed out because of session timeout. |
| 943 | notice | Authentication | Portal sign-out - User session removed. This might occur if the user has too many sessions. |
| 944 | notice | Authentication | Portal sign-out - No user session. For example, the session timed out and was removed. |
| 945 | notice | Authentication | Protected HFED application authentication succeeded through My Page. |
| 1409 | error | Authentication | Mobile Passkey (RSA Agent) authentication failed - Disabled device platform. |
See:
User Event Monitor Messages for Cloud Access Service (02 - 345)
User Event Monitor Messages for Cloud Access Service (1501 - 20406)
User Event Monitor Messages for Cloud Access Service (20601 - 38000)
Related Articles
User Event Monitor Messages for Cloud Access Service (20601 - 38000) Number of Views User Event Monitor Messages for Cloud Access Service (02 - 345) Number of Views User Event Monitor Messages for Cloud Access Service (1501 - 20406) Number of Views Event Message Components for Cloud Access Service Number of Views System Event Monitor Messages for Cloud Access Service Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
