User Event Monitor Messages for the Cloud Authentication Service

User events trigger the following messages to appear in the User Event Monitor.

Event Code Level Type Category Description
2 notice user Authentication Method now locked.
3 notice user Authentication Method unlocked - User successfully authenticated.
20 error user Authentication Method enrollment failed - Required parameter missing.
21 error user Authentication Method enrollment failed - User does not exist.
22 error user Authentication Method enrollment failed - User account disabled.
23 error user Authentication Method enrollment failed - Device not registered to user.
24 error user Authentication Method enrollment failed - Provider type not found.
30 error user Authentication Authentication failed - Required parameter missing.
31 error user Authentication Authentication failed - User does not exist.
32 error user Authentication Authentication failed - User account disabled.
33 error user Authentication Authentication failed - Application not found.
34 error user Authentication Authentication failed - Rule not found.
35 error user Authentication Authentication failed - Method locked.
36 error user Authentication Authentication failed - Device not registered or authentication method not enrolled.
51 error user Authentication Authentication failed - Device not registered.
52 error user Authentication Authentication failed - Cannot push notification to device.
53 error user Authentication Authentication failed - Internal verification interrupted.
101 notice user Authentication Authenticate Tokencode enrollment succeeded.
102 error user Authentication Authenticate Tokencode authentication enrollment failed.
103 notice user Authentication Authenticate Tokencode authentication succeeded.
104 error user Authentication Authenticate Tokencode authentication failed - Invalid tokencode.
105 error user Authentication Authenticate Tokencode authentication failed - Previously used tokencode detected.
106 notice user Authentication Identity router API tokencode request sent to the Cloud Authentication Service.
107 notice user Authentication Identity router API tokencode response received - Authentication succeeded.
108 error user Authentication Identity router API tokencode response received - Authentication failed.
109 error user Authentication Identity router API tokencode authentication failed - User not found in identity source.
110 error user Authentication Identity router API tokencode authentication failed - Username is associated with multiple user accounts.
111 error user Authentication Identity router API tokencode authentication failed - User account disabled in identity source.
112 error user Authentication Identity router API tokencode authentication failed - User email address not found in identity source.
113 error user Authentication Identity router API tokencode authentication failed - Identity source unreachable.
114 error user Authentication Identity router API tokencode authentication failed - Cloud Authentication Service unreachable.
115 error user User Status Identity router API user status check - User not found in identity source.
116 error user User Status Identity router API user status check - Username is associated with multiple user accounts.
117 error user User Status Identity router API user status check - Identity source unreachable.
201 notice user Authentication LDAP password authentication succeeded.
202 error user Authentication LDAP password authentication failed - Unknown cause.
203 error user Authentication LDAP password authentication failed - Request timed out or identity router is not connected.
204 error user Authentication LDAP password authentication provider enrollment failed - Missing email or password.
205 error user Authentication LDAP password authentication provider enrollment failed - Unknown cause.
206 error user Authentication LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user.
207 error user Authentication LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user.
208 error user Authentication LDAP password authentication failed - Missing email or password.
211 error user Authentication LDAP password authentication failed - LDAP server host unreachable. Invalid port or server is not running.
212 error user Authentication LDAP password authentication failed - LDAP server host unresolvable.
213 error user Authentication LDAP password authentication failed - Cannot establish a trusted SSL/TLS connection with the LDAP directory server. Check for invalid certificate.
215 error user Authentication LDAP password authentication failed - Sign-in failure: unknown username or invalid password.
216 error user Authentication LDAP password authentication failed - LDAP account restriction, for example sign-in time or policy restriction is enforced.
217 error user Authentication LDAP password authentication failed - Time restriction prevents sign-in for this LDAP account.
218 error user Authentication LDAP password authentication failed - LDAP account not permitted to authenticate through this identity router.
219 error user Authentication LDAP password authentication failed - LDAP password expired.
220 error user Authentication LDAP password authentication failed - LDAP account disabled.
221 error user Authentication LDAP password authentication failed - LDAP account configuration prevents sign-in.
222 error user Authentication LDAP password authentication failed - LDAP account expired.
223 error user Authentication LDAP password authentication failed - LDAP password must be changed using your company's internal procedures.
224 error user Authentication LDAP password authentication failed - LDAP account locked out.

225

error

user

Authentication

LDAP password authentication failed - LDAP password locked for specified lockout duration.

300 notice user Authentication FIDO enrollment succeeded.
301 error user Authentication FIDO enrollment failed - User reached maximum authenticator limit.
302 error user Authentication FIDO enrollment failed - FIDO protocol error.
303 error user Authentication FIDO enrollment failed - RSA SecurID Access service error.
304 error user Authentication FIDO enrollment failed - Unknown error.
310 notice user Authentication FIDO authenticator deleted.
315 notice user Authentication FIDO authenticator updated.
316 error user Authentication FIDO authenticator name update failed – Authenticator name cannot be blank.
317 error user Authentication FIDO authenticator name update failed – Authenticator name exceeds 255 characters.
318 error user Authentication FIDO authenticator name update failed – Authenticator name is already in use.
340 notice user Authentication FIDO authentication succeeded.
341 error user Authentication FIDO authentication failed - FIDO protocol error.
342 error user Authentication FIDO authentication failed - RSA SecurID Access service error.
343 error user Authentication FIDO authentication failed - Unknown error.
400 notice user Authentication User re-enabled in Cloud Authentication Service.
401 notice user Authentication User disabled in directory server now disabled in Cloud Authentication Service.
402 notice user Authentication User not found in directory server now disabled in Cloud Authentication Service.
403 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Invalid email.
404 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Duplicate email.
405 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Disabled in directory server.
406 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing unique identifiers in directory server.
407 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unknown reason.
408 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing email.
409 error user Authentication

Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - No identity router can service this request.

410 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unable to contact directory server.
411 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - User not found.
601 notice user Authentication RSA SecurID user authentication succeeded.
602 notice user Authentication RSA SecurID user authentication succeeded - New PIN accepted.
603 notice user Authentication RSA SecurID user authentication - Requires new PIN.
604 notice user Authentication RSA SecurID user authentication - Requires next tokencode.
605 error user Authentication RSA SecurID user authentication failed - Invalid passcode.
606 error user Authentication RSA SecurID user authentication failed - Invalid next tokencode.
607 error user Authentication RSA SecurID user authentication failed - Invalid PIN.
608 error user Authentication RSA SecurID user authentication failed - RSA SecurID service is not available.
609 error user Authentication

RSA SecurID user authentication failed - Unknown cause.

611 error user Authentication RSA SecurID user authentication failed - Request timed out.
701 notice user Authentication Approve authentication succeeded.
702 error user Authentication Approve authentication failed - User response timed out.
703 error user Authentication Approve authentication failed - User denied approval.
704 error user Authentication Approve enrollment failed.
707 notice user Authentication Approve enrollment succeeded.

709

error

user

Authentication

Approve authentication failed - All in-progress authentication requests canceled.

801 notice user Authentication

Device Biometrics authentication succeeded.

802 error user Authentication

Device Biometrics authentication failed - User response timed out.

803 error user Authentication

Device Biometrics authentication failed.

804 error user Authentication

RSA SecurID Access enrollment for Device Biometrics failed.

805 error user Authentication

Device Biometrics authentication failed - Unexpected error.

806 notice user Authentication

RSA SecurID Access enrollment for Device Biometrics succeeded.

807 notice user Authentication

RSA SecurID Access unenrollment for Device Biometrics succeeded - Device unenrolled.

901 notice user Authentication Portal sign-in succeeded.
902 error user Authentication Portal sign-in failed - Authentication failed.
903 error user Authentication Portal sign-in failed - Credentials are associated with multiple user accounts.
904 error user Authentication Portal sign-in failed - Internal server error.
905 error user Authentication Portal sign-in failed - Concurrent session limit reached.
906 error user Authentication Portal sign-in failed - Password reset required.
907 notice user Authentication Portal sign-out succeeded.
908 notice user Authentication Protected application authentication attempt made.
909 notice user Authentication Protected application authentication succeeded.
910 error user Authentication Protected application authentication failed.
911 notice user Authentication Additional authentication initiated.
912 notice user Authentication Additional authentication succeeded.
913 error user Authentication Additional authentication failed.
931 notice user Authentication Additional authentication is not needed because the user already authenticated at the same assurance level or higher.
932 error user Authentication Additional authentication failed - User account disabled.
933 error user Authentication Password authentication succeeded - Client does not support required additional authentication methods - Access denied.
934 notice user Authentication Password authentication succeeded.
935 error user Authentication Unsuccessful password authentication – Access denied.
936 error user Authentication Unsuccessful password authentication - Credentials are associated with multiple user accounts.
937 error user Authentication Unsuccessful password authentication - Internal server error.
938 error user Authentication Unsuccessful password authentication - Concurrent session limit reached.
939 notice user Authorization Password authentication succeeded - Policy does not require additional authentication - Access granted.
940 error user Authorization Password authentication succeeded - User prohibited by policy settings - Access denied.
941 error user Authorization Password authentication succeeded - Access prohibited by conditional policy settings - Access denied.
942 notice user Authentication Portal sign-out - User automatically signed out because of session timeout.
943 notice user Authentication Portal sign-out -- User session removed. This might occur if the user has too many sessions.
944 notice user Authentication Portal sign-out - No user session. For example, the session timed out and was removed.
3000 notice user Device Management Registration succeeded.
3001 error user Device Management Registration failed.
3002 error user Device Management Registration unsuccessful. Maximum limit (1) for devices reached.
3003 notice user Authentication Device authentication successful.
3004 error user Authentication Device authentication unsuccessful.
3005 notice user Device Management

User deleted device in RSA SecurID Authenticate app.

3006 error user Device Management Device deletion failed.
3007 notice user Device Management Device update succeeded.
3008 error user Device Management Device update failed.
3009 error user Device Management Registration unsuccessful. Blocked by Device Registration Using Password policy.
3010 notice user Device Management RSA SecurID Authenticate registration started with notifications disabled.
3012 notice user Device Management Registration code validation succeeded.
3013 error user Device Management RSA MFA Agent for Microsoft Windows configuration not approved.
3014 notice user Device Management RSA MFA Agent for Microsoft Windows successful configuration.
3015 error user Device Management RSA MFA Agent for Microsoft Windows unsuccessful configuration.
3016 notice user Authentication Offline Emergency Tokencode download successful.
3017 error user Authentication Offline Emergency Tokencode download unsuccessful.
3019 notice user Device Management Email sent to user for registration with RSA SecurID Authenticate app.
3020 notice user Device Management Email sent to user for RSA SecurID Authenticate device deletion.
5104 error user Authentication Cloud Administration Console logon failed - User account inactive.
5107 notice user Authentication RSA SecurID Access admin password changed.
20301 notice user Authentication Multifactor authentication initiated.
20302 notice user Authentication Multifactor authentication succeeded.
20303 error user Authentication Multifactor authentication was unsuccessful.
20400 notice user Authentication SAML IdP - Authentication request received.
20401 notice user Authentication SAML IdP - Assertion sent for successful user authentication.
20402 error user Authentication SAML IdP - Response sent for unsuccessful user authentication.
20403 error user Authentication

SAML IdP - Error response sent.

If Authentication Details includes "Message was rejected due to issue instant expiration" or "Message was rejected because was issued in the future," then there might be a time-synchronization issue between the service provider and the Cloud Authentication Service. If you see this message during an additional authentication flow for an SSO Agent application, check the time on the identity router.

20601 error user Authentication RADIUS - LDAP authentication succeeded - Policy contains no RADIUS-compatible methods for additional authentication - Access denied.
20602 error user Authentication RADIUS - LDAP authentication succeeded - No user device registered for required additional authentication methods - Access denied.
20603 error user Authentication RADIUS - Invalid format for additional authentication request - Access denied.
20604 error user Authentication RADIUS - Invalid checklist attributes - Access denied.
20605 error user Authentication RADIUS - Cloud Authentication Service unreachable - Access denied.
20606 error user Authentication RADIUS – Approve authentication failed – Method timeout.
20608 error user Authentication

RADIUS - Device Biometrics authentication failed - Method timeout.

20609 error user Authentication RADIUS - Authentication failed - Internal error.
20610 error user Authentication RADIUS – Approve authentication failed – Not completed before automatic push notification timeout.
20611 error user Authentication RADIUS – Device Biometrics failed - Not completed before automatic push notification timeout.
20612 notice user Authentication User initiated additional authentication, primary authentication managed by RADIUS client.
20613 notice user Authentication RADIUS – User selected last used method or default assurance level method for additional authentication.
20614 notice user Authentication RADIUS – User selected SecurID Token or Authenticate Tokencode for additional authentication.
20615 notice user Authentication RADIUS – Authentication failed.
20701 error user Authentication Access denied – User not a member of any identity source in access policy.
20702 error user Authentication Access denied – User does not match any rule sets or matches a deny rule set in access policy.
20703 error user Authentication Access denied – Policy authentication conditions deny access.
20704 notice user Authentication Access allowed – Policy authentication conditions allow access without any additional authentication.
20801 error user Authentication SMS Tokencode message transmission attempted.
20802 error user Authentication SMS Tokencode message transmission attempt failed - Invalid phone number.
20803 error user Authentication SMS Tokencode message transmission attempt failed.
20804 error user Authentication Authentication failed - SMS Tokencode regenerated.
20805 error user Authentication SMS Tokencode delivery failed.
20851 notice user Authentication Voice Tokencode call succeeded.
20852 error user Authentication Voice Tokencode call attempt failed - Invalid phone number.
20853 error user Authentication Voice Tokencode call attempt failed.
20854 error user Authentication Authentication failed - Voice Tokencode regenerated.
20855 error user Authentication Voice Tokencode delivery failed.

20900

notice

user

Authentication

OIDC - Authentication request received.

20901

notice

user

Authentication

OIDC - ID Token sent for successful user authentication.

20902

error

user

Authentication

OIDC - Response sent for unsuccessful user authentication.

20903

error

user

Authentication

OIDC - Error response sent.

21901 notice user Authentication SMS Tokencode verification succeeded.
21902 error user Authentication SMS Tokencode verification failed.
21903 error user Authentication SMS Tokencode authentication method locked – User exceeded maximum tokencodes allowed.
21953 error user Authentication Voice Tokencode authentication method locked - User exceeded maximum tokencodes allowed.
23000 error user Authentication Approve with device unlock enabled - No push notification sent for Approve. RSA SecurID Authenticate app version not supported.
24001 notice user Authentication My Page sign-in succeeded.
24002 notice user Authentication My Page sign-out succeeded.
24003 notice user Authentication My Page session expired.
24004 notice user Authentication User deleted device in My Page.
24005 notice user Authentication User deleted FIDO authenticator in My Page.
25001 notice user Authentication Evaluated identity confidence. See Condition Attributes for Access Policies - Reporting a User's Identity Confidence Score for details.
25002 notice user Authentication Failed to evaluate identity confidence.
25003 notice user Authentication Identity confidence collection disabled. Evaluation skipped, returning low identity confidence.
26000 notice user Authentication Emergency Tokencode verification succeeded.
26001 error user Authentication Emergency Tokencode verification failed.
26002 error user Authentication Emergency Tokencode not configured.
26003 error user Authentication Emergency Tokencode is expired.
26004 error user Authentication Emergency Tokencode locked - User previously exceeded maximum attempts.
26005 error user Authentication Emergency Tokencode now locked.