User Event Monitor Messages for the Cloud Authentication Service

User events trigger the following messages to appear in the User Event Monitor. New user events have been added and descriptions for some of the events have been modified recently. If these descriptions are used for SIEM integrations, they must be modified accordingly.

Event Code Level Type Category Description
2 notice user Authentication Method now locked.
3 notice user Authentication Method unlocked - User successfully authenticated.
4 notice user Authentication SecurID OTP automatically unlocked – Lockout duration expired.
20 error user Authentication Method enrollment failed - Required parameter missing.
21 error user Authentication Method enrollment failed - User does not exist.
22 error user Authentication Method enrollment failed - User account disabled.
23 error user Authentication Method enrollment failed - Logon authenticator not registered to user.
24 error user Authentication Method enrollment failed - Provider type not found.
30 error user Authentication Authentication failed - Required parameter missing.
31 error user Authentication Authentication failed - User does not exist.
32 error user Authentication Authentication failed - User account disabled.
33 error user Authentication Authentication failed - Application not found.
34 error user Authentication Authentication failed - Rule not found.
35 error user Authentication Authentication failed - Method locked.
36 error user Authentication Authentication failed - Authenticator not registered or authentication method not enrolled.
38 error user Authentication Illegal access.
51 error user Authentication Authentication failed - Authenticator not registered.
52 error user Authentication Authentication failed - Cannot push notification to authenticator.
53 error user Authentication Authentication failed - Internal verification interrupted.
101 notice user Authentication Authenticate OTP authentication method enrollment succeeded.
102 error user Authentication Authenticate OTP authentication method enrollment failed.
103 notice user Authentication Authenticate OTP authentication succeeded.
104 error user Authentication Authenticate OTP authentication failed - Invalid OTP.
105 error user Authentication Authenticate OTP authentication failed - Previously used OTP detected.
106 notice user Authentication Identity router API SecurID OTP request sent to Cloud Authentication Service.
107 notice user Authentication Identity router API SecurID OTP response received - Authentication succeeded.
108 error user Authentication Identity router API SecurID OTP response received - Authentication failed.
109 error user Authentication Identity router API SecurID OTP authentication failed - User not found in identity source.
110 error user Authentication Identity router API SecurID OTP authentication failed - Username is associated with multiple user accounts.
111 error user Authentication Identity router API SecurID OTP authentication failed - User account disabled in identity source.
112 error user Authentication Identity router API SecurID OTP authentication failed - User email address not found in identity source.
113 error user Authentication Identity router API SecurID OTP authentication failed - Identity source unreachable.
114 error user Authentication Identity router API SecurID OTP authentication failed - Cloud Authentication Service unreachable.
115 error user User Status Identity router API user status check - User not found in identity source.
116 error user User Status Identity router API user status check - Username is associated with multiple user accounts.
117 error user User Status Identity router API user status check - Identity source unreachable.
150 error user Authentication Authenticate OTP authentication failed - Error occurred.
151 notice user Authentication Authenticate OTP authentication unenrollment succeeded.
152 notice user Authentication Authenticate OTP authentication unenrollment failed.
153 error user My Authenticators Authenticator registration failed. Maximum number of authenticators exceeded for this user.
201 notice user Authentication LDAP password authentication succeeded.
202 error user Authentication LDAP password authentication failed - Unknown cause.
203 error user Authentication LDAP password authentication failed - Request timed out or identity router is not connected.
204 error user Authentication LDAP password authentication provider enrollment failed - Missing email or password.
205 error user Authentication LDAP password authentication provider enrollment failed - Unknown cause.
206 error user Authentication LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user.
207 error user Authentication LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user.
208 error user Authentication LDAP password authentication failed - Missing email or password.
211 error user Authentication LDAP password authentication failed - LDAP server host unreachable. Invalid port or server is not running.
212 error user Authentication LDAP password authentication failed - LDAP server host unresolvable.
213 error user Authentication LDAP password authentication failed - Cannot establish a trusted SSL/TLS connection with the LDAP directory server. Check for invalid certificate.
215 error user Authentication LDAP password authentication failed - Sign-in failure: unknown username or invalid password.
216 error user Authentication LDAP password authentication failed - LDAP account restriction, for example sign-in time or policy restriction is enforced.
217 error user Authentication LDAP password authentication failed - Time restriction prevents sign-in for this LDAP account.
218 error user Authentication LDAP password authentication failed - LDAP account not permitted to authenticate through this identity router.
219 error user Authentication LDAP password authentication failed - LDAP password expired.
220 error user Authentication LDAP password authentication failed - LDAP account disabled.
221 error user Authentication LDAP password authentication failed - LDAP account configuration prevents sign-in.
222 error user Authentication LDAP password authentication failed - LDAP account expired.
223 error user Authentication LDAP password authentication failed - LDAP password must be changed using your company's internal procedures.
224 error user Authentication LDAP password authentication failed - LDAP account locked out.

225

error

user

Authentication

LDAP password authentication failed - LDAP password locked for specified lockout duration.

230 notice user Authentication Unified Directory user password authentication succeeded.
231 error user Authentication Unified Directory user password authentication failed - Unknown cause.
232 error user Authentication Unified Directory user password authentication failed - Unknown username or invalid password.
233 error user Authentication Unified Directory user password authentication failed - Password locked for specified lockout duration.
234 notice user Authentication Unified Directory user password authentication succeeded - password must be changed.
235 error user Authentication Unified Directory user password reset failed - new password does not meet the password requirements.
236 error user Authentication Unified Directory user password authentication failed - password must be changed.
237 notice user Authentication Unified Directory user password reset succeeded.
300 notice user Authentication FIDO enrollment succeeded.
301 error user Authentication FIDO enrollment failed - User reached maximum authenticator limit.
302 error user Authentication FIDO enrollment failed - FIDO protocol error.
303 error user Authentication FIDO enrollment failed - SecurID service error.
304 error user Authentication FIDO enrollment failed - Unknown error.
310 notice user Authentication FIDO authenticator deleted.
315 notice user Authentication FIDO authenticator updated.
316 error user Authentication FIDO authenticator name update failed – Authenticator name cannot be blank.
317 error user Authentication FIDO authenticator name update failed – Authenticator name exceeds 255 characters.
318 error user Authentication FIDO authenticator name update failed – Authenticator name is already in use.
340 notice user Authentication FIDO authentication succeeded.
341 error user Authentication FIDO authentication failed - FIDO protocol error.
342 error user Authentication FIDO authentication failed - SecurID service error.
343 error user Authentication FIDO authentication failed - Unknown error.
344 error user Authentication FIDO authentication failed - FIDO token disabled.
400 notice user Authentication User re-enabled in Cloud Authentication Service.
401 notice user Authentication User disabled in directory server now disabled in Cloud Authentication Service.
402 notice user Authentication User not found in directory server now disabled in Cloud Authentication Service.
403 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Invalid email.
404 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Duplicate email.
405 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Disabled in directory server.
406 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing unique identifiers in directory server.
407 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unknown reason.
408 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing email.
409 error user Authentication

Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - No identity router can service this request.

410 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unable to contact directory server.
411 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - User not found.
413 error user Authentication Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - LDAP search of the directory server failed.
500 notice user Authentication Cloud Identity Provider (IDP) authentication succeeded.
501 error user Authentication Cloud Identity Provider (IDP) authentication failed.
600 notice user Authentication SecurID OTP Credential enrollment failed - User name not found for user.
601 notice user Authentication

Authentication Manager successfully authenticated SecurID OTP Credential.

602 notice user Authentication

Authentication Manager successfully authenticated SecurID OTP Credential - New PIN accepted.

603 notice user Authentication

Authentication Manager unable to authenticate SecurID OTP Credential – New PIN required.

604 notice user Authentication

Authentication Manager requires next OTP for SecurID OTP Credential.

605 error user Authentication

Authentication Manager unable to authenticate SecurID OTP Credential - Invalid OTP.

606 error user Authentication

Authentication Manager unable to authenticate SecurID OTP Credential - Invalid next OTP.

607 error user Authentication

Authentication Manager unable to authenticate SecurID OTP Credential - Invalid PIN.

608 error user Authentication

Unable to authenticate SecurID OTP Credential – Authentication Manager service unavailable.

609 error user Authentication

Authentication Manager unable to authenticate SecurID OTP Credential - Unknown cause.

610 error user Authentication SecurID OTP Credential enrollment succeeded.
611 error user Authentication

Authentication Manager unable to authenticate SecurID OTP Credential - Request timed out.

650 notice user Authentication Cloud Authentication Service unable to validate Hardware Authenticator credentials. Request redirected to Authentication Manager.
651 error user Authentication Cloud Authentication Service unable to validate Hardware Authenticator credentials. Previously used OTP was reused for authentication.
652 notice user Authentication Cloud Authentication Service successfully validated Hardware Authenticator credentials.
653 error user Authentication Cloud Authentication Service unable to test Hardware Authenticator – Invalid credentials.
654 error user Authentication Cloud Authentication Service unable to test Hardware Authenticator - Authenticator not found.
655 error user Authentication Cloud Authentication Service unable to test Hardware Authenticator – Invalid serial number.
656 error user Authentication Cloud Authentication Service unable to test Hardware Authenticator - Authenticator PIN not set.
657 error user Authentication Cloud Authentication Service unable to test Hardware Authenticator – Authenticator expired.
658 error user Authentication Cloud Authentication Service unable to test Hardware Authenticator – Authenticator disabled.
659 error user Authentication Cloud Authentication Service unable to test Hardware Authenticator – User not authorized to use this authenticator.
660 notice user Authentication Cloud Authentication Service successfully validated Hardware Authenticator credentials.
661 notice user Authentication Hardware Authenticator locked in Cloud Authentication Service. Request redirected to RSA Authentication Manager.
662 error user Authentication Hardware Authenticator locked in Cloud Authentication Service - User exceeded maximum failed attempts.
663 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid PIN and/or OTP.
664 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Previously used OTP was reused for authentication.
665 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator PIN not set.
666 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator expired.
667 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator disabled.
668 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid PIN and OTP.
669 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid OTP.
670 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid PIN.
671 error user Authentication Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator credentials cannot be verified.
680 notice user Authentication OTP Credential registration succeeded for RSA DS100 Hardware Authenticator.
681 error user Authentication OTP Credential registration failed for RSA DS100 Hardware Authenticator.
682 error user Authentication OTP Credential registration failed for RSA DS100 Hardware Authenticator - User not authorized to use this token.
701 notice user Authentication Approve authentication succeeded.
702 error user Authentication Approve authentication failed - User response timed out.
703 error user Authentication Approve authentication failed - User denied approval.
704 error user Authentication Approve enrollment failed.
707 notice user Authentication Approve enrollment succeeded.

709

error

user

Authentication

Approve authentication failed - All in-progress authentication requests canceled.

801 notice user Authentication

Biometric authentication succeeded.

802 error user Authentication

Biometric authentication failed - User response timed out.

803 error user Authentication

Biometric authentication failed - User denied access to biometric credentials.

804 error user Authentication

Biometric authenticator enrollment failed.

805 error user Authentication

Biometric authentication failed - Unexpected error.

806 notice user Authentication

Biometric authenticator enrollment succeeded.

807 notice user Authentication

Biometric authenticator unenrollment succeeded.

808 error user Authentication Biometric authentication failed - All in-progress authentication requests canceled.
809 error user Authentication Biometric authentication failed - Authenticator not found.
810 error user Authentication Biometric authentication canceled.
811 notice user Authentication Biometric authenticator unenrollment failed.
901 notice user Authentication Portal sign-in succeeded.
902 error user Authentication Portal sign-in failed - Authentication failed.
903 error user Authentication Portal sign-in failed - Credentials are associated with multiple user accounts.
904 error user Authentication Portal sign-in failed - Internal server error.
905 error user Authentication Portal sign-in failed - Concurrent session limit reached.
906 error user Authentication Portal sign-in failed - Password reset required.
907 notice user Authentication Portal sign-out succeeded.
908 notice user Authentication Protected application authentication attempt made.
909 notice user Authentication Protected application authentication succeeded.
910 error user Authentication Protected application authentication failed.
911 notice user Authentication Additional authentication initiated.
912 notice user Authentication Additional authentication succeeded.
913 error user Authentication Additional authentication failed.
931 notice user Authentication Additional authentication is not needed because the user already authenticated at the same assurance level or higher.
932 error user Authentication Additional authentication failed - User account disabled.
933 error user Authentication Password authentication succeeded - Client does not support required additional authentication methods - Access denied.
934 notice user Authentication Password authentication succeeded.
935 error user Authentication Unsuccessful password authentication – Access denied.
936 error user Authentication Unsuccessful password authentication - Credentials are associated with multiple user accounts.
937 error user Authentication Unsuccessful password authentication - Internal server error.
938 error user Authentication Unsuccessful password authentication - Concurrent session limit reached.
939 notice user Authorization Password authentication succeeded - Policy does not require additional authentication - Access granted.
940 error user Authorization Password authentication succeeded - User prohibited by policy settings - Access denied.
941 error user Authorization Password authentication succeeded - Access prohibited by conditional policy settings - Access denied.
942 notice user Authentication Portal sign-out - User automatically signed out because of session timeout.
943 notice user Authentication Portal sign-out -- User session removed. This might occur if the user has too many sessions.
944 notice user Authentication Portal sign-out - No user session. For example, the session timed out and was removed.
1501 notice user Authentication QR Code authentication succeeded.
1503 error user Authentication QR Code authentication failed - User denied approval.
1504 error user Authentication QR Code enrollment failed.
1505 error user Authentication QR Code authentication failed - Invalid QR code.
1506 error user Authentication QR Code authentication failed - Operation is not allowed.
1507 notice user Authentication QR Code enrollment succeeded.
1508 error user Authentication QR Code authentication failed - Empty QR code found.
1510 error user Authentication QR Code authentication cancelled.
1511 notice user Authentication QR Code unenrollment succeeded.
1512 notice user Authentication QR Code unenrollment failed.
1513 error user Authentication QR Code authentication failed - QR code has expired.
3000 notice user My Authenticators Authenticator registration succeeded.
3001 error user My Authenticators Authenticator registration failed.
3002 error user My Authenticators Authenticator registration failed. Maximum number of authenticators exceeded for this user.
3003 notice user Authentication Authenticator authentication successful.
3004 error user Authentication Authenticator authentication unsuccessful.
3005 notice user My Authenticators

User deleted Authenticator in SecurID Authenticator.

3006 error user My Authenticators Authenticator deletion failed.
3007 notice user My Authenticators Authenticator update succeeded.
3008 error user My Authenticators Authenticator update failed.
3009 error user My Authenticators Authenticator registration failed. Registration was denied by the policy.
3010 notice user My Authenticators SecurID Authenticate registration started with notifications disabled.
3012 notice user My Authenticators Registration code validation succeeded.
3013 error user My Authenticators Offline service authentication verification failed.
3014 notice user My Authenticators Offline day data download successful.
3015 error user My Authenticators Offline day data download unsuccessful.
3016 notice user Authentication Offline Emergency Access Code download successful.
3017 error user Authentication Offline Emergency Access Code download unsuccessful.
3019 notice user My Authenticators Email sent to user for registration with the SecurID Authenticator.
3020 notice user My Authenticators Email sent to user for SecurID Authenticate authenticator deletion.
3021 notice user My Authenticators Offline certificate enrollment successful.
3022 error user My Authenticators Offline certificate enrollment unsuccessful.
5104 error user Authentication Cloud Administration Console logon failed - User account inactive.
5107 notice user Authentication SecurID admin password changed.
20300 notice user Authentication Multifactor authentication failed to initiate.
20301 notice user Authentication Multifactor authentication initiated.
20302 notice user Authentication Multifactor authentication succeeded.
20303 error user Authentication Multifactor authentication was unsuccessful.
20304 notice user Authentication Multifactor authentication complete - policy allowed access without additional authentication.
20400 notice user Authentication SAML IdP - Authentication request received.
20401 notice user Authentication SAML IdP - Assertion sent for successful user authentication.
20402 error user Authentication SAML IdP - Response sent for unsuccessful user authentication.
20403 error user Authentication

SAML IdP - Error response sent.

If Authentication Details includes "Message was rejected due to issue instant expiration" or "Message was rejected because was issued in the future," then there might be a time-synchronization issue between the service provider and the Cloud Authentication Service. If you see this message during an additional authentication flow for an IDR SSO Agent application, check the time on the identity router.

20601 error user Authentication RADIUS - LDAP authentication succeeded - Access denied. Policy does not contain RADIUS-compatible methods for additional authentication.
20602 error user Authentication RADIUS - LDAP authentication succeeded - Access denied. No authenticators were found for additional authentication methods.
20603 error user Authentication RADIUS - Invalid format for additional authentication request - Access denied.
20604 error user Authentication RADIUS - Invalid checklist attributes - Access denied.
20605 error user Authentication RADIUS - Cloud Authentication Service unreachable - Access denied.
20606 error user Authentication RADIUS – Approve authentication failed – Method timeout.
20608 error user Authentication

RADIUS - Biometric authentication failed - Method timeout.

20609 error user Authentication RADIUS - Authentication failed - Internal error.
20610 error user Authentication RADIUS - Approve authentication failed - Authentication could not be completed within push notification timeout.
20611 error user Authentication RADIUS - Biometric authentication failed - Authentication could not be completed within push notification timeout.
20612 notice user Authentication User initiated additional authentication, primary authentication managed by RADIUS client.
20613 notice user Authentication RADIUS – User selected last used method or default assurance level method for additional authentication.
20614 notice user Authentication RADIUS - User selected SecurID OTP or Authenticate OTP for additional authentication.
20615 notice user Authentication RADIUS – Authentication failed.
20701 error user Authentication Access denied – User not a member of any identity source in access policy.
20702 error user Authentication Access denied – User does not match any rule sets or matches a deny rule set in access policy.
20703 error user Authentication Access denied – Policy authentication conditions deny access.
20704 notice user Authentication Access allowed – Policy conditions allow access without additional authentication.
20801 error user Authentication SMS OTP message transmission attempted.
20802 error user Authentication SMS OTP message transmission attempt failed - Invalid phone number.
20803 error user Authentication SMS OTP message transmission attempt failed.
20804 error user Authentication Authentication failed - SMS OTP regenerated.
20805 error user Authentication SMS OTP delivery failed.
20851 notice user Authentication Voice OTP call succeeded.
20852 error user Authentication Voice OTP call attempt failed - Invalid phone number.
20853 error user Authentication Voice OTP call attempt failed.
20854 error user Authentication Authentication failed - Voice OTP regenerated.
20855 error user Authentication Voice OTP delivery failed.

20900

notice

user

Authentication

OIDC - Authentication request received.

20901

notice

user

Authentication

OIDC - ID Token sent for successful user authentication.

20902

error

user

Authentication

OIDC - Response sent for unsuccessful user authentication.

20903

error

user

Authentication

OIDC - Error response sent.

21901 notice user Authentication SMS OTP verification succeeded.
21902 error user Authentication SMS OTP verification failed
21903 error user Authentication SMS OTP authentication method locked - User exceeded maximum OTPs allowed.
21904 error user Authentication SMS OTP verification failed – internal error.
21951 notice user Authentication Voice OTP verification succeeded.
21952 error user Authentication Voice OTP verification failed.
21953 error user Authentication Voice OTP authentication method locked - User exceeded maximum OTPs allowed.
21954 error user Authentication Voice OTP verification failed – internal error.
23000 error user Authentication Approve with authenticator unlock enabled – No push notification sent for Approve. SecurID Authenticator version not supported.
24001 notice user Authentication My Authenticators sign-in succeeded.
24002 notice user Authentication My Page sign-out succeeded.
24003 notice user Authentication My Page session expired.
24004 notice user Authentication User deleted authenticator in My Page.
24005 notice user Authentication User deleted FIDO authenticator in My Page.
24006 notice user Authentication Hardware Authenticator registration successful.
24007 notice user Authentication Hardware Authenticator registration unsuccessful.
24008 notice user Authentication Hardware Authenticator unassigned from this user.
24010 notice user Authentication Hardware Authenticator PIN reset successful.
24011 error user Authentication Hardware Authenticator PIN reset unsuccessful.
24012 notice user Authentication Hardware Authenticator successfully resynchronized.
24013 error user Authentication Hardware Authenticator resynchronization unsuccessful.
24014 notice user Authentication Hardware Authenticator test successful.
24015 error user Authentication Hardware Authenticator test unsuccessful.
24016 error user Authentication Attempt to unassign Hardware Authenticator unsuccessful.
24017 notice user Authentication Hardware Authenticator registration successful.
24018 notice user Authentication Hardware Authenticator rename successful.
24019 error user Authentication Hardware Authenticator rename unsuccessful.
24020 notice user Authentication User deleted OTP credential for RSA DS100 Hardware Authenticator from My Page.
24021 notice user Authentication Application credential reset successful in My Applications portal.
24022 notice user Authentication User accessed My Authenticators successfully.
24023 notice user Authentication My Authenticators authentication succeeded.
24024 error user Authentication My Authenticators authentication failed.
24025 notice user Authentication My Applications sign-in succeeded.
25001 notice user Authentication Evaluated identity confidence. See Condition Attributes for Access Policies - Reporting a User's Identity Confidence Score for details.
25002 notice user Authentication Failed to evaluate identity confidence.
25003 notice user Authentication Identity confidence collection disabled. Evaluation skipped, returning low identity confidence.
26000 notice user Authentication Emergency Access Code verification succeeded.
26001 error user Authentication Emergency Access Code verification failed.
26002 error user Authentication Emergency Access Code not configured.
26003 error user Authentication Emergency Access Code is expired.
26004 error user Authentication Emergency Access Code locked - User previously exceeded maximum attempts.
26005 error user Authentication Emergency Access Code now locked.