knUser Event Monitor Messages for the Cloud Authentication ServiceUser Event Monitor Messages for the Cloud Authentication Service
User events trigger the following messages to appear in the User Event Monitor. New user events have been added and descriptions for some of the events have been modified recently. If these descriptions are used for SIEM integrations, they must be modified accordingly.
| Event Code | Level | Type | Category | Description |
|---|---|---|---|---|
| 2 | notice | user | Authentication | Method now locked. |
| 3 | notice | user | Authentication | Method unlocked - User successfully authenticated. |
| 4 | notice | user | Authentication | SecurID OTP automatically unlocked – Lockout duration expired. |
| 20 | error | user | Authentication | Method enrollment failed - Required parameter missing. |
| 21 | error | user | Authentication | Method enrollment failed - User does not exist. |
| 22 | error | user | Authentication | Method enrollment failed - User account disabled. |
| 23 | error | user | Authentication | Method enrollment failed - Logon authenticator not registered to user. |
| 24 | error | user | Authentication | Method enrollment failed - Provider type not found. |
| 30 | error | user | Authentication | Authentication failed - Required parameter missing. |
| 31 | error | user | Authentication | Authentication failed - User does not exist. |
| 32 | error | user | Authentication | Authentication failed - User account disabled. |
| 33 | error | user | Authentication | Authentication failed - Application not found. |
| 34 | error | user | Authentication | Authentication failed - Rule not found. |
| 35 | error | user | Authentication | Authentication failed - Method locked. |
| 36 | error | user | Authentication | Authentication failed - Authenticator not registered or authentication method not enrolled. |
| 38 | error | user | Authentication | Illegal access. |
| 51 | error | user | Authentication | Authentication failed - Authenticator not registered. |
| 52 | error | user | Authentication | Authentication failed - Cannot push notification to authenticator. |
| 53 | error | user | Authentication | Authentication failed - Internal verification interrupted. |
| 101 | notice | user | Authentication | Authenticate OTP authentication method enrollment succeeded. |
| 102 | error | user | Authentication | Authenticate OTP authentication method enrollment failed. |
| 103 | notice | user | Authentication | Authenticate OTP authentication succeeded. |
| 104 | error | user | Authentication | Authenticate OTP authentication failed - Invalid OTP. |
| 105 | error | user | Authentication | Authenticate OTP authentication failed - Previously used OTP detected. |
| 106 | notice | user | Authentication | Identity router API SecurID OTP request sent to Cloud Authentication Service. |
| 107 | notice | user | Authentication | Identity router API SecurID OTP response received - Authentication succeeded. |
| 108 | error | user | Authentication | Identity router API SecurID OTP response received - Authentication failed. |
| 109 | error | user | Authentication | Identity router API SecurID OTP authentication failed - User not found in identity source. |
| 110 | error | user | Authentication | Identity router API SecurID OTP authentication failed - Username is associated with multiple user accounts. |
| 111 | error | user | Authentication | Identity router API SecurID OTP authentication failed - User account disabled in identity source. |
| 112 | error | user | Authentication | Identity router API SecurID OTP authentication failed - User email address not found in identity source. |
| 113 | error | user | Authentication | Identity router API SecurID OTP authentication failed - Identity source unreachable. |
| 114 | error | user | Authentication | Identity router API SecurID OTP authentication failed - Cloud Authentication Service unreachable. |
| 115 | error | user | User Status | Identity router API user status check - User not found in identity source. |
| 116 | error | user | User Status | Identity router API user status check - Username is associated with multiple user accounts. |
| 117 | error | user | User Status | Identity router API user status check - Identity source unreachable. |
| 150 | error | user | Authentication | Authenticate OTP authentication failed - Error occurred. |
| 151 | notice | user | Authentication | Authenticate OTP authentication unenrollment succeeded. |
| 152 | notice | user | Authentication | Authenticate OTP authentication unenrollment failed. |
| 153 | error | user | My Authenticators | Authenticator registration failed. Maximum number of authenticators exceeded for this user. |
| 201 | notice | user | Authentication | LDAP password authentication succeeded. |
| 202 | error | user | Authentication | LDAP password authentication failed - Unknown cause. |
| 203 | error | user | Authentication | LDAP password authentication failed - Request timed out or identity router is not connected. |
| 204 | error | user | Authentication | LDAP password authentication provider enrollment failed - Missing email or password. |
| 205 | error | user | Authentication | LDAP password authentication provider enrollment failed - Unknown cause. |
| 206 | error | user | Authentication | LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user. |
| 207 | error | user | Authentication | LDAP password authentication failed - Provider configuration in the Cloud Authentication Service is incorrect for this user. |
| 208 | error | user | Authentication | LDAP password authentication failed - Missing email or password. |
| 211 | error | user | Authentication | LDAP password authentication failed - LDAP server host unreachable. Invalid port or server is not running. |
| 212 | error | user | Authentication | LDAP password authentication failed - LDAP server host unresolvable. |
| 213 | error | user | Authentication | LDAP password authentication failed - Cannot establish a trusted SSL/TLS connection with the LDAP directory server. Check for invalid certificate. |
| 215 | error | user | Authentication | LDAP password authentication failed - Sign-in failure: unknown username or invalid password. |
| 216 | error | user | Authentication | LDAP password authentication failed - LDAP account restriction, for example sign-in time or policy restriction is enforced. |
| 217 | error | user | Authentication | LDAP password authentication failed - Time restriction prevents sign-in for this LDAP account. |
| 218 | error | user | Authentication | LDAP password authentication failed - LDAP account not permitted to authenticate through this identity router. |
| 219 | error | user | Authentication | LDAP password authentication failed - LDAP password expired. |
| 220 | error | user | Authentication | LDAP password authentication failed - LDAP account disabled. |
| 221 | error | user | Authentication | LDAP password authentication failed - LDAP account configuration prevents sign-in. |
| 222 | error | user | Authentication | LDAP password authentication failed - LDAP account expired. |
| 223 | error | user | Authentication | LDAP password authentication failed - LDAP password must be changed using your company's internal procedures. |
| 224 | error | user | Authentication | LDAP password authentication failed - LDAP account locked out. |
|
225 |
error |
user |
Authentication |
LDAP password authentication failed - LDAP password locked for specified lockout duration. |
| 300 | notice | user | Authentication | FIDO enrollment succeeded. |
| 301 | error | user | Authentication | FIDO enrollment failed - User reached maximum authenticator limit. |
| 302 | error | user | Authentication | FIDO enrollment failed - FIDO protocol error. |
| 303 | error | user | Authentication | FIDO enrollment failed - SecurID service error. |
| 304 | error | user | Authentication | FIDO enrollment failed - Unknown error. |
| 310 | notice | user | Authentication | FIDO authenticator deleted. |
| 315 | notice | user | Authentication | FIDO authenticator updated. |
| 316 | error | user | Authentication | FIDO authenticator name update failed – Authenticator name cannot be blank. |
| 317 | error | user | Authentication | FIDO authenticator name update failed – Authenticator name exceeds 255 characters. |
| 318 | error | user | Authentication | FIDO authenticator name update failed – Authenticator name is already in use. |
| 340 | notice | user | Authentication | FIDO authentication succeeded. |
| 341 | error | user | Authentication | FIDO authentication failed - FIDO protocol error. |
| 342 | error | user | Authentication | FIDO authentication failed - SecurID service error. |
| 343 | error | user | Authentication | FIDO authentication failed - Unknown error. |
| 344 | error | user | Authentication | FIDO authentication failed - FIDO token disabled. |
| 400 | notice | user | Authentication | User re-enabled in Cloud Authentication Service. |
| 401 | notice | user | Authentication | User disabled in directory server now disabled in Cloud Authentication Service. |
| 402 | notice | user | Authentication | User not found in directory server now disabled in Cloud Authentication Service. |
| 403 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Invalid email. |
| 404 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Duplicate email. |
| 405 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Disabled in directory server. |
| 406 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing unique identifiers in directory server. |
| 407 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unknown reason. |
| 408 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Missing email. |
| 409 | error | user | Authentication |
Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - No identity router can service this request. |
| 410 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - Unable to contact directory server. |
| 411 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - User not found. |
| 413 | error | user | Authentication | Just-in-time synchronization failed to synchronize user with the Cloud Authentication Service - LDAP search of the directory server failed. |
| 500 | notice | user | Authentication | Cloud Identity Provider (IDP) authentication succeeded. |
| 501 | error | user | Authentication | Cloud Identity Provider (IDP) authentication failed. |
| 600 | notice | user | Authentication | SecurID OTP Credential enrollment failed - User name not found for user. |
| 601 | notice | user | Authentication |
Authentication Manager successfully authenticated SecurID OTP Credential. |
| 602 | notice | user | Authentication |
Authentication Manager successfully authenticated SecurID OTP Credential - New PIN accepted. |
| 603 | notice | user | Authentication |
Authentication Manager unable to authenticate SecurID OTP Credential – New PIN required. |
| 604 | notice | user | Authentication |
Authentication Manager requires next OTP for SecurID OTP Credential. |
| 605 | error | user | Authentication |
Authentication Manager unable to authenticate SecurID OTP Credential - Invalid OTP. |
| 606 | error | user | Authentication |
Authentication Manager unable to authenticate SecurID OTP Credential - Invalid next OTP. |
| 607 | error | user | Authentication |
Authentication Manager unable to authenticate SecurID OTP Credential - Invalid PIN. |
| 608 | error | user | Authentication |
Unable to authenticate SecurID OTP Credential – Authentication Manager service unavailable. |
| 609 | error | user | Authentication |
Authentication Manager unable to authenticate SecurID OTP Credential - Unknown cause. |
| 610 | error | user | Authentication | SecurID OTP Credential enrollment succeeded. |
| 611 | error | user | Authentication |
Authentication Manager unable to authenticate SecurID OTP Credential - Request timed out. |
| 650 | notice | user | Authentication | Cloud Authentication Service unable to validate Hardware Authenticator credentials. Request redirected to Authentication Manager. |
| 651 | error | user | Authentication | Cloud Authentication Service unable to validate Hardware Authenticator credentials. Previously used OTP was reused for authentication. |
| 652 | notice | user | Authentication | Cloud Authentication Service successfully validated Hardware Authenticator credentials. |
| 653 | error | user | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – Invalid credentials. |
| 654 | error | user | Authentication | Cloud Authentication Service unable to test Hardware Authenticator - Authenticator not found. |
| 655 | error | user | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – Invalid serial number. |
| 656 | error | user | Authentication | Cloud Authentication Service unable to test Hardware Authenticator - Authenticator PIN not set. |
| 657 | error | user | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – Authenticator expired. |
| 658 | error | user | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – Authenticator disabled. |
| 659 | error | user | Authentication | Cloud Authentication Service unable to test Hardware Authenticator – User not authorized to use this authenticator. |
| 660 | notice | user | Authentication | Cloud Authentication Service successfully validated Hardware Authenticator credentials. |
| 661 | notice | user | Authentication | Hardware Authenticator locked in Cloud Authentication Service. Request redirected to RSA Authentication Manager. |
| 662 | error | user | Authentication | Hardware Authenticator locked in Cloud Authentication Service - User exceeded maximum failed attempts. |
| 663 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid PIN and/or OTP. |
| 664 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Previously used OTP was reused for authentication. |
| 665 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator PIN not set. |
| 666 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator expired. |
| 667 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator disabled. |
| 668 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid PIN and OTP. |
| 669 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid OTP. |
| 670 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Invalid PIN. |
| 671 | error | user | Authentication | Hardware Authenticator authentication to Cloud Authentication Service failed - Authenticator credentials cannot be verified. |
| 680 | notice | user | Authentication | OTP Credential registration succeeded for RSA DS100 Hardware Authenticator. |
| 681 | error | user | Authentication | OTP Credential registration failed for RSA DS100 Hardware Authenticator. |
| 682 | error | user | Authentication | OTP Credential registration failed for RSA DS100 Hardware Authenticator - User not authorized to use this token. |
| 701 | notice | user | Authentication | Approve authentication succeeded. |
| 702 | error | user | Authentication | Approve authentication failed - User response timed out. |
| 703 | error | user | Authentication | Approve authentication failed - User denied approval. |
| 704 | error | user | Authentication | Approve enrollment failed. |
| 707 | notice | user | Authentication | Approve enrollment succeeded. |
|
709 |
error |
user |
Authentication |
Approve authentication failed - All in-progress authentication requests canceled. |
| 801 | notice | user | Authentication |
Biometric authentication succeeded. |
| 802 | error | user | Authentication |
Biometric authentication failed - User response timed out. |
| 803 | error | user | Authentication |
Biometric authentication failed - User denied access to biometric credentials. |
| 804 | error | user | Authentication |
Biometric authenticator enrollment failed. |
| 805 | error | user | Authentication |
Biometric authentication failed - Unexpected error. |
| 806 | notice | user | Authentication |
Biometric authenticator enrollment succeeded. |
| 807 | notice | user | Authentication |
Biometric authenticator unenrollment succeeded. |
| 808 | error | user | Authentication | Biometric authentication failed - All in-progress authentication requests canceled. |
| 809 | error | user | Authentication | Biometric authentication failed - Authenticator not found. |
| 810 | error | user | Authentication | Biometric authentication canceled. |
| 811 | notice | user | Authentication | Biometric authenticator unenrollment failed. |
| 901 | notice | user | Authentication | Portal sign-in succeeded. |
| 902 | error | user | Authentication | Portal sign-in failed - Authentication failed. |
| 903 | error | user | Authentication | Portal sign-in failed - Credentials are associated with multiple user accounts. |
| 904 | error | user | Authentication | Portal sign-in failed - Internal server error. |
| 905 | error | user | Authentication | Portal sign-in failed - Concurrent session limit reached. |
| 906 | error | user | Authentication | Portal sign-in failed - Password reset required. |
| 907 | notice | user | Authentication | Portal sign-out succeeded. |
| 908 | notice | user | Authentication | Protected application authentication attempt made. |
| 909 | notice | user | Authentication | Protected application authentication succeeded. |
| 910 | error | user | Authentication | Protected application authentication failed. |
| 911 | notice | user | Authentication | Additional authentication initiated. |
| 912 | notice | user | Authentication | Additional authentication succeeded. |
| 913 | error | user | Authentication | Additional authentication failed. |
| 931 | notice | user | Authentication | Additional authentication is not needed because the user already authenticated at the same assurance level or higher. |
| 932 | error | user | Authentication | Additional authentication failed - User account disabled. |
| 933 | error | user | Authentication | Password authentication succeeded - Client does not support required additional authentication methods - Access denied. |
| 934 | notice | user | Authentication | Password authentication succeeded. |
| 935 | error | user | Authentication | Unsuccessful password authentication – Access denied. |
| 936 | error | user | Authentication | Unsuccessful password authentication - Credentials are associated with multiple user accounts. |
| 937 | error | user | Authentication | Unsuccessful password authentication - Internal server error. |
| 938 | error | user | Authentication | Unsuccessful password authentication - Concurrent session limit reached. |
| 939 | notice | user | Authorization | Password authentication succeeded - Policy does not require additional authentication - Access granted. |
| 940 | error | user | Authorization | Password authentication succeeded - User prohibited by policy settings - Access denied. |
| 941 | error | user | Authorization | Password authentication succeeded - Access prohibited by conditional policy settings - Access denied. |
| 942 | notice | user | Authentication | Portal sign-out - User automatically signed out because of session timeout. |
| 943 | notice | user | Authentication | Portal sign-out -- User session removed. This might occur if the user has too many sessions. |
| 944 | notice | user | Authentication | Portal sign-out - No user session. For example, the session timed out and was removed. |
| 1501 | notice | user | Authentication | QR Code authentication succeeded. |
| 1503 | error | user | Authentication | QR Code authentication failed - User denied approval. |
| 1504 | error | user | Authentication | QR Code enrollment failed. |
| 1505 | error | user | Authentication | QR Code authentication failed - Invalid QR code. |
| 1506 | error | user | Authentication | QR Code authentication failed - Operation is not allowed. |
| 1507 | notice | user | Authentication | QR Code enrollment succeeded. |
| 1508 | error | user | Authentication | QR Code authentication failed - Empty QR code found. |
| 1510 | error | user | Authentication | QR Code authentication cancelled. |
| 1511 | notice | user | Authentication | QR Code unenrollment succeeded. |
| 1512 | notice | user | Authentication | QR Code unenrollment failed. |
| 1513 | error | user | Authentication | QR Code authentication failed - QR code has expired. |
| 3000 | notice | user | My Authenticators | Authenticator registration succeeded. |
| 3001 | error | user | My Authenticators | Authenticator registration failed. |
| 3002 | error | user | My Authenticators | Authenticator registration failed. Maximum number of authenticators exceeded for this user. |
| 3003 | notice | user | Authentication | Authenticator authentication successful. |
| 3004 | error | user | Authentication | Authenticator authentication unsuccessful. |
| 3005 | notice | user | My Authenticators |
User deleted Authenticator in SecurID Authenticator. |
| 3006 | error | user | My Authenticators | Authenticator deletion failed. |
| 3007 | notice | user | My Authenticators | Authenticator update succeeded. |
| 3008 | error | user | My Authenticators | Authenticator update failed. |
| 3009 | error | user | My Authenticators | Authenticator registration failed. Registration was denied by the policy. |
| 3010 | notice | user | My Authenticators | SecurID Authenticate registration started with notifications disabled. |
| 3012 | notice | user | My Authenticators | Registration code validation succeeded. |
| 3013 | error | user | My Authenticators | Offline service authentication verification failed. |
| 3014 | notice | user | My Authenticators | Offline day data download successful. |
| 3015 | error | user | My Authenticators | Offline day data download unsuccessful. |
| 3016 | notice | user | Authentication | Offline Emergency Access Code download successful. |
| 3017 | error | user | Authentication | Offline Emergency Access Code download unsuccessful. |
| 3019 | notice | user | My Authenticators | Email sent to user for registration with the SecurID Authenticator. |
| 3020 | notice | user | My Authenticators | Email sent to user for SecurID Authenticate authenticator deletion. |
| 3021 | notice | user | My Authenticators | Offline certificate enrollment successful. |
| 3022 | error | user | My Authenticators | Offline certificate enrollment unsuccessful. |
| 5104 | error | user | Authentication | Cloud Administration Console logon failed - User account inactive. |
| 5107 | notice | user | Authentication | SecurID admin password changed. |
| 20300 | notice | user | Authentication | Multifactor authentication failed to initiate. |
| 20301 | notice | user | Authentication | Multifactor authentication initiated. |
| 20302 | notice | user | Authentication | Multifactor authentication succeeded. |
| 20303 | error | user | Authentication | Multifactor authentication was unsuccessful. |
| 20304 | notice | user | Authentication | Multifactor authentication complete - policy allowed access without additional authentication. |
| 20400 | notice | user | Authentication | SAML IdP - Authentication request received. |
| 20401 | notice | user | Authentication | SAML IdP - Assertion sent for successful user authentication. |
| 20402 | error | user | Authentication | SAML IdP - Response sent for unsuccessful user authentication. |
| 20403 | error | user | Authentication |
SAML IdP - Error response sent. If Authentication Details includes "Message was rejected due to issue instant expiration" or "Message was rejected because was issued in the future," then there might be a time-synchronization issue between the service provider and the Cloud Authentication Service. If you see this message during an additional authentication flow for an IDR SSO Agent application, check the time on the identity router. |
| 20601 | error | user | Authentication | RADIUS - LDAP authentication succeeded - Access denied. Policy does not contain RADIUS-compatible methods for additional authentication. |
| 20602 | error | user | Authentication | RADIUS - LDAP authentication succeeded - Access denied. No authenticators were found for additional authentication methods. |
| 20603 | error | user | Authentication | RADIUS - Invalid format for additional authentication request - Access denied. |
| 20604 | error | user | Authentication | RADIUS - Invalid checklist attributes - Access denied. |
| 20605 | error | user | Authentication | RADIUS - Cloud Authentication Service unreachable - Access denied. |
| 20606 | error | user | Authentication | RADIUS – Approve authentication failed – Method timeout. |
| 20608 | error | user | Authentication |
RADIUS - Biometric authentication failed - Method timeout. |
| 20609 | error | user | Authentication | RADIUS - Authentication failed - Internal error. |
| 20610 | error | user | Authentication | RADIUS - Approve authentication failed - Authentication could not be completed within push notification timeout. |
| 20611 | error | user | Authentication | RADIUS - Biometric authentication failed - Authentication could not be completed within push notification timeout. |
| 20612 | notice | user | Authentication | User initiated additional authentication, primary authentication managed by RADIUS client. |
| 20613 | notice | user | Authentication | RADIUS – User selected last used method or default assurance level method for additional authentication. |
| 20614 | notice | user | Authentication | RADIUS - User selected SecurID OTP or Authenticate OTP for additional authentication. |
| 20615 | notice | user | Authentication | RADIUS – Authentication failed. |
| 20701 | error | user | Authentication | Access denied – User not a member of any identity source in access policy. |
| 20702 | error | user | Authentication | Access denied – User does not match any rule sets or matches a deny rule set in access policy. |
| 20703 | error | user | Authentication | Access denied – Policy authentication conditions deny access. |
| 20704 | notice | user | Authentication | Access allowed – Policy conditions allow access without additional authentication. |
| 20801 | error | user | Authentication | SMS OTP message transmission attempted. |
| 20802 | error | user | Authentication | SMS OTP message transmission attempt failed - Invalid phone number. |
| 20803 | error | user | Authentication | SMS OTP message transmission attempt failed. |
| 20804 | error | user | Authentication | Authentication failed - SMS OTP regenerated. |
| 20805 | error | user | Authentication | SMS OTP delivery failed. |
| 20851 | notice | user | Authentication | Voice OTP call succeeded. |
| 20852 | error | user | Authentication | Voice OTP call attempt failed - Invalid phone number. |
| 20853 | error | user | Authentication | Voice OTP call attempt failed. |
| 20854 | error | user | Authentication | Authentication failed - Voice OTP regenerated. |
| 20855 | error | user | Authentication | Voice OTP delivery failed. |
|
20900 |
notice |
user |
Authentication |
OIDC - Authentication request received. |
|
20901 |
notice |
user |
Authentication |
OIDC - ID Token sent for successful user authentication. |
|
20902 |
error |
user |
Authentication |
OIDC - Response sent for unsuccessful user authentication. |
|
20903 |
error |
user |
Authentication |
OIDC - Error response sent. |
| 21901 | notice | user | Authentication | SMS OTP verification succeeded. |
| 21902 | error | user | Authentication | SMS OTP verification failed |
| 21903 | error | user | Authentication | SMS OTP authentication method locked - User exceeded maximum OTPs allowed. |
| 21904 | error | user | Authentication | SMS OTP verification failed – internal error. |
| 21951 | notice | user | Authentication | Voice OTP verification succeeded. |
| 21952 | error | user | Authentication | Voice OTP verification failed. |
| 21953 | error | user | Authentication | Voice OTP authentication method locked - User exceeded maximum OTPs allowed. |
| 21954 | error | user | Authentication | Voice OTP verification failed – internal error. |
| 23000 | error | user | Authentication | Approve with authenticator unlock enabled – No push notification sent for Approve. SecurID Authenticator version not supported. |
| 24001 | notice | user | Authentication | My Authenticators sign-in succeeded. |
| 24002 | notice | user | Authentication | My Page sign-out succeeded. |
| 24003 | notice | user | Authentication | My Page session expired. |
| 24004 | notice | user | Authentication | User deleted authenticator in My Page. |
| 24005 | notice | user | Authentication | User deleted FIDO authenticator in My Page. |
| 24006 | notice | user | Authentication | Hardware Authenticator registration successful. |
| 24007 | notice | user | Authentication | Hardware Authenticator registration unsuccessful. |
| 24008 | notice | user | Authentication | Hardware Authenticator unassigned from this user. |
| 24010 | notice | user | Authentication | Hardware Authenticator PIN reset successful. |
| 24011 | error | user | Authentication | Hardware Authenticator PIN reset unsuccessful. |
| 24012 | notice | user | Authentication | Hardware Authenticator successfully resynchronized. |
| 24013 | error | user | Authentication | Hardware Authenticator resynchronization unsuccessful. |
| 24014 | notice | user | Authentication | Hardware Authenticator test successful. |
| 24015 | error | user | Authentication | Hardware Authenticator test unsuccessful. |
| 24016 | error | user | Authentication | Attempt to unassign Hardware Authenticator unsuccessful. |
| 24017 | notice | user | Authentication | Hardware Authenticator registration successful. |
| 24018 | notice | user | Authentication | Hardware Authenticator rename successful. |
| 24019 | error | user | Authentication | Hardware Authenticator rename unsuccessful. |
| 24020 | notice | user | Authentication | User deleted OTP credential for RSA DS100 Hardware Authenticator from My Page. |
| 24021 | notice | user | Authentication | Application credential reset successful in My Applications portal. |
| 24022 | notice | user | Authentication | User accessed My Authenticators successfully. |
| 24023 | notice | user | Authentication | My Authenticators authentication succeeded. |
| 24024 | error | user | Authentication | My Authenticators authentication failed. |
| 24025 | notice | user | Authentication | My Applications sign-in succeeded. |
| 25001 | notice | user | Authentication | Evaluated identity confidence. See Condition Attributes for Access Policies - Reporting a User's Identity Confidence Score for details. |
| 25002 | notice | user | Authentication | Failed to evaluate identity confidence. |
| 25003 | notice | user | Authentication | Identity confidence collection disabled. Evaluation skipped, returning low identity confidence. |
| 26000 | notice | user | Authentication | Emergency Access Code verification succeeded. |
| 26001 | error | user | Authentication | Emergency Access Code verification failed. |
| 26002 | error | user | Authentication | Emergency Access Code not configured. |
| 26003 | error | user | Authentication | Emergency Access Code is expired. |
| 26004 | error | user | Authentication | Emergency Access Code locked - User previously exceeded maximum attempts. |
| 26005 | error | user | Authentication | Emergency Access Code now locked. |
