Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

IDAAS core - Tulip

Event store

search
printsuggest an editpdf paneldownload

Event store

The OneWelcome Identity Platform generates an event and associated attributes for every activity, such as adding a user. The events are divided into categories and uniquely identified in the event store. Event categories share event attributes, so events can be filtered by event attribute values, such as userId or IP address.

In addition, you can use the OneWelcome Identity Platform event API to retrieve events by category, time span, time stamp, IDs, and many other criteria. You can also include events generated by other applications and pushed via the Event API into the OneWelcome Identity Platform event store.

copy link to clipboardEvent categories

The event store is a component of the OneWelcome Identity Platform identity and access core. It tracks the following two categories of events:

  • Public events (Domain events) record state changes, such as a user signed in (UserSignedInEvent) or created an account (UserCreatedEvent). These events contain metadata such as IdentityProvider ID and destination.

  • Log events provide an audit trail of technical activities. These events contain metadata such as date/time, trigger/agent/user, and IP address.

All events follow the high-level structure shown in this JSON example:

{
  "metadata": {
    ...
  },
  "payload": {
   ...
  }
}

copy link to clipboardEvent attributes

The following table describes OneWelcome Identity Platform event attributes.

Event attribute name Description Example of content/values
device Browser characteristics
event - category Functional group - CREDENTIAL_VERIFICATION
- AUTHENTICATION
- ACCESS
- LIFECYCLE
- CREDENTIAL_MANAGEMENT
- COMMUNICATION
- PROFILE
- CONSENT_MANAGEMENT
- PRIVACY
event - type Short name for the event type
event - typeid Event identifier used for filtering See Event types.
timestamp Date and time of the event
userDataBeforeEvent A JSON representation of the user before the event
userid Identifier generated by OneWelcome Identity Platform when user is created

copy link to clipboardEvent types

The following tables describe OneWelcome Identity Platform event types.

copy link to clipboardAccess events

Event Type Name Event Type ID Event Description
Access granted (SAML, OAuth OIDC) 201 A Service Provider (or Relying application) delegated authentication and/or authorization towards OneWelcome Identity Platform through SAML, OAuth or OpenID Connect and OneWelcome Identity Platform granted the access.
Access denied 202 A Service Provider (or Relying application) delegated authentication and/or authorization towards OneWelcome Identity Platform through SAML, OAuth or OpenID Connect but OneWelcome Identity Platform denied the access.
Access token renewal 203 After access was granted through OAuth, the access token was refreshed. This typically applies to mobile applications.
Access withdrawal (SLO SAML) 204 Single logout has been requested.
Token introspection 205 Validation of an OAuth/OIDC token was executed.

copy link to clipboardAuthentication events

Event type name Event type ID Event description
Login 101 A user logged in successfully with either:
-username and password
-a 2FA authentication flow including OTP-SMS
Login failure 102 A user failed to login.
Log off 103 A user logged off.
Social Login with IDP 105 A user successfully did a federated login (e.g. Facebook login).
Click on Authenticating link 106 A user authenticated himself by clicking on a link that was sent to him via a trusted communication channel. This event is generated when a user is resetting his forgotten password and clicks on the link in the password reset email that was sent to his primary email address.
Click on identifying link 107 A user click on identifying link.
Emailed OTP validation 109 Generated whenever OneWelcome Identity Platform verifies an OTP that was sent to a user's verified email address.
User not found 111 User does not exist.

copy link to clipboardAuthorization group events

Event Type Name Event Type ID Event Description
User added to a group 1001 A user was added to a group.
User removed from a group 1002 A user was removed from a group.
Group created 1050 A group was created.
Group deleted 1051 A group was deleted.

copy link to clipboardCommunication events

Event Type Name Event Type ID Event Description
Activation email sent 501 An email was sent to an INACTIVE user as part of the account registration and/or activation process. The email contains a link to proceed with the account activation.
Verification email sent 502 An email was sent to an ACTIVE account to validate a (new) email address.
Password reset email sent 503 An email was sent containing a password reset link.
Sms verification 506 Sms verification code.
OTP SMS sent 507 Indicates a login code has been sent per SMS text message to the user's verified phone number.
Email account is deleted 509 An email was sent to confirm to the end user that his identity and associated personal information will be deleted.
OTP email verification sent 510 This event indicates a code has been sent per email message to verify a user's email address.
OTP email sent 511 This event indicates a login code has been sent per email text message to the user's verified email address.
Event Type Name Event Type ID Event Description
Consent of Legal document 801 The user gave his consent to a legal document such as Privacy Policy or Terms of Service. This typically happens during a registration process.
Document consent withdrawn 802 The end-user revoked his consent to a document, such as Privacy Policy or Terms of Service.
Attribute consent given 805 The user gave his consent to use some of his personal data to be used for a certain processing purpose. This consent was given in accordance with the GDPR privacy regulation. The consent was given by an affirmative act.
Attribute consent revoked 806 The user withdrew his consent for some of his personal data to be used for a certain processing purpose.

copy link to clipboardCredential management events

Event Type Name Event Type ID Event Description
Set password 401 A new value for the user’s password was set during registration or via SCIM API.
Username was set 402 A new value for the identity's userName is set.
Password reset requested 403 A password reset process was initiated for a forgotten password.
Password reset 404 A new value for the identity's password was set as the result of a password reset process (forgotten password).
Primary Email is set 405 The user's primary email address value was set.
Password was changed 406 The end user changed their password via Self-Service (Credential API).
Password change failed 407 An attempt to change the user's password failed.
Request to change primary email 408 Request to change primary email.
Change primary email 409 Primary email is changed.
Primary phone number is set 410 The user's primary phone number value was set or changed.
Request to change primary phone number 411 Request to change primary phone number.
Change primary phone number 412 Primary phone number is changed.
User enrol success 413 OneWelcome Identity Platform mobile Identity user enrolled with with success.
User enrol failed 414 OneWelcome Identity Platform mobile identity enrollment failed.
Enrol QR code generation success 415 OneWelcome Identity Platform mobile identity enrollment QR code generation successful.
Enrol QR code generation failed 416 OneWelcome Identity Platform mobile identity enrollment QR code generation failed.
Push confirmation success 419 OneWelcome Identity Platform mobile identity push confirmation successful.
Social Account is linked 420 A social account was linked to an identity within OneWelcome Identity Platform so it can be used for delegated authentication.
Social Account is unlinked 421 A social account was unlinked to an identity.
Link failed 422 Social account linking failed.
Unlink failed 423 Social account unlinking failed.
Identity link activated success 424 Identity link activated with success.
Identity link activated failed 425 Identity link activated failed.
Push confirmation timeout 426 OneWelcome Identity Platform mobile identity push confirmation timeout.
Get devices success 427 OneWelcome Identity Platform mobile identity get devices successful.
Get devices failed 428 OneWelcome Identity Platform mobile identity get devices failed.
Delete device success 429 OneWelcome Identity Platform mobile identity delete device successful.
Delete device failed 430 OneWelcome Identity Platform mobile identity delete device failed.
Push device notification success 437 OneWelcome Identity Platform mobile identity push device notification successful.
Push device notification failed 438 OneWelcome Identity Platform mobile identity push device notification failed.
Admin enrol QR code generation success 441 OneWelcome Identity Platform mobile identity enrollment QR code generation by admin successful.
Admin enrol QR code generation failed 442 OneWelcome Identity Platform mobile identity enrollment QR code generation by admin failed.
Admin push device notification success 445 OneWelcome Identity Platform mobile identity push device notification by admin successful.
Admin push device notification failed 446 OneWelcome Identity Platform mobile identity push device notification by admin failed.
Admin get devices success 447 OneWelcome Identity Platform mobile identity get devices by admin successful.
Admin get devices failed 448 OneWelcome Identity Platform mobile identity get devices by admin failed.
Admin delete device success 451 Identity Platform mobile identity delete device by admin successful.
Admin delete device failed 452 OneWelcome Identity Platform mobile identity delete device by admin failed.
QR code enrollment timeout 455 OneWelcome Identity Platform mobile identity get devices by admin failed.
QR code login timeout 456 OneWelcome Identity Platform mobile identity QR code login timeout.
Request change primary email failed 457 Request to change primary email failed.
Push notification declined 458 OneWelcome Identity Platform mobile identity push notification declined.
Invitation send 460 Invitation has been sent successfully.
Invitation accepted 461 Invitation has been accepted.
Invitation rejected 462 The invitation has been rejected.
Invitation expired 463 The invitation has expired.
Link invitation data to account 464 The invitation data has successfully linked to user account.
Failed to link invitation data to user account 465 The invitation data wasn't linked to user account.

copy link to clipboardCredential verification events

Event type name Event type ID Event description
Password validation 151 A password that is entered is validated against the hashed password that is stored for user's identity.
SMS OTP validation 152 A One Time Password (OTP) that is entered by the end user is validated against the OTP that was sent to him via SMS/ text message.
Delegated authentication 153 User authentication was delegated to an external IDP (identity provider) and a positive response was received from that IDP.
TOTP validation 154 Time based one time password validation.
Validation authentication link 155 The user clicked on a link that contains a token and the validity of that token was verified.
SMS OTP validation failed 157 One Time Password (OTP) that is entered by the end user fails being validated against the OTP that was sent to him via SMS/ text message.
Password validation failed 161 A password that is entered fails being validated against the hashed password that is stored for user's identity.
Login QR code success 162 OneWelcome Identity Platform mobile identity login with QR code successful.
Login QR code failed 163 OneWelcome Identity Platform mobile identity login with QR code failed. User does not exist in system.
Login with push notification failed 164 OneWelcome Identity Platform mobile identity login with push notification failed. User does not exist in system.
Create session failed 165 OneWelcome Identity Platform mobile identity create session failed.
Create session success 166 OneWelcome Identity Platform mobile identity create session success.
QR code validation failed 167 OneWelcome Identity Platform mobile identity QR code validation for login with second factor failed.
Push notification validation failed 168 OneWelcome Identity Platform mobile identity push notification validation for login with second factor failed.
Emailed OTP validation failed 169 Generated whenever OneWelcome Identity Platform verifies an OTP that was sent to a user's verified email address and the OTP was not correct.

copy link to clipboardIdentity lifecycle events

Event Type Name Event Type ID Event Description
Create account 301 A new identity is created within OneWelcome Identity Platform.
Hard delete account 302 Hard delete account.
Activation 311 The state of an identity is changed from INACTIVE to ACTIVE.
Soft delete 303 The state of an identity is changed to GRACE. This occurs when a ServiceDesk user deletes an identity.
Account restored 304 A soft deleted account is restored from GRACE to its previous state.
Status change: blocked 305 The account status changed into BLOCKED.
Account unblocked 306 The state of the user changed from BLOCKED to ACTIVE after last block was removed. The block information that is included in the event is the (last) block that was removed.
Block added 307 An additional block was added to an account that was already BLOCKED. CHECK, This may actually be generated for any block that is added; 1st one or 2nd one.
Block requested/removed 308 One of the block reasons that caused the identity to be BLOCKED was removed. After this event the state of the identity may be ACTIVE or may still be BLOCKED because a different block reason still exists.
Account temporarily blocked 313 Account is temporarily blocked after a failed login attempt.
State changed 314 The account state has changed.

copy link to clipboardPrivacy events

Event Type Name Event Type ID Event Description
User data viewed 901 The user's profile data was (possibly) viewed through OneWelcome's ServiceDesk application.

copy link to clipboardProfile management events

Event Type Name Event Type ID Event Description
Attribute added 601 Attribute value added.
Attribute verified 602 OneWelcome Identity Platform features tracking Attribute Value Metadata including accuracy metadata. When an attribute value is verified and the accuracy information is updated this event is generated.
Update account 603 User profile updated.
Attribute value was retrieved 605 The attribute value was retrieved.
User looked-up 650 The user was looked-up in an external identity store.

copy link to clipboardEvent examples

This section shows the sequence of events for typical configurations of the following use cases:

copy link to clipboardSocial registration

When a registration process doesn't include any optional data, the sequence of events is typically as follows:

  • LIFECYCLE: Create Identity
  • CREDENTIAL MANAGEMENT: social account linked
  • CREDENTIAL MANAGEMENT: primary email is set
  • CONSENT: Post document consent (ToS)
  • CONSENT: Post document consent (PP)

copy link to clipboardEmail-based registration

When a user registers by using their email address, the sequence of events is typically as follows:

  • LIFECYCLE: Create Identity
  • COMMUNICATION: Email sent
  • PROFILE: attribute verified
  • CREDENTIAL MANAGEMENT: primary email is set
  • CREDENTIAL MANAGEMENT: Set password
  • LIFECYCLE: identity activated
  • CONSENT: Post document consent (ToS)
  • CONSENT: Post document consent (PP)

copy link to clipboardPassword reset

When a user requests a password reset, the sequence of events is typically as follows:

  • CREDENTIAL MANAGEMENT: password reset requested
  • COMMUNICATION: password reset email sent
  • AUTHENTICATION: user clicks on link
  • CREDENTIAL MANAGEMENT: password reset

copy link to clipboardDetailed event examples

Events are always associated with users, the userID (UUID), and the identifying attributes unique to the event, as outlined in the Business Object Model scheme.

copy link to clipboardLogin with username and password (AUTHENTICATION 101)

{
    "device" : {
        "browserDetailVersion" : "69.0.3497",
        "name" : "Other",
        "os" : "Mac OS X",
        "userAgent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
        "browser" : "Chrome",
        "browserVersion" : "69.0"
    },
    "identifyingField" : "USERID",
    "identifyingValue" : "sdadmin",
    "timestamp" : "2018-09-25T18:57:09.352Z",
    "event" : {
        "category" : "AUTHENTICATION",
        "eventType" : "LoginSuccessEvent",
        "type" : "Login",
        "typeId" : "101"
    },
    "userId" : "43d4a519fd964cad82645083c83f9a98",
    "segment" : "sd",
    "location" : {
            "ip" : "172.18.0.1"
     },
    "authenticationFlow" : "USERNAME_AND_PASSWORD"
}

copy link to clipboardLogoff (AUTHENTICATION 103)

{
    "device" : {
        "browserDetailVersion" : "69.0.3497",
        "name" : "Other",
        "os" : "Mac OS X",
        "userAgent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
        "browser" : "Chrome",
        "browserVersion" : "69.0"
    },
    "timestamp" : "2018-09-26T05:47:40.844Z",
    "event" : {
        "category" : "AUTHENTICATION",
        "eventType" : "LogOffEvent",
        "type" : "Logoff",
        "typeId" : "103"
    },
    "userId" : "98127d312d484a86a18e37b0ca404bb4",
    "segment" : "ongo",
    "location" : {
        "ip" : "172.18.0.1",
    }
}

copy link to clipboardUser data viewed (PRIVACY 901)

{
  "userId": "3b3bf20a2e464c44824b43ab56a47f5c",
  "timestamp": "2018-02-08T15:48:29.516Z",
  "segment": "ongo/bikes",
  "event": {
    "category": "PRIVACY",
    "typeId": "901",
    "type": "User data viewed",
    "eventType": "UserDateViewedEvent"
  },
  "clientName": "sd",
  "employeeResourceId": "5a377494075648679e37a02a86992e84",
  "employeeFormattedName": "test.onewelcome",
  "userDataBeforeEvent": {
    "emails": [
      {
        "type": "other",
        "value": "wcarnava1@yopmail.com",
        "primary": true
      }
    ],
    "urn:scim:schemas:extension:iwelcome:1+0": {
      "segment": "ongo/bikes",
      "state": "ACTIVE",
      "birthDate": "26/01/1981"
    },
    "meta": {
      "created": "2017-11-13T09:56:30.402Z",
      "lastModified": "2017-11-16T11:47:07.725Z",
      "version": "W/1041344808",
      "location": "https://test.onewelcome.nl/api/scim1.1/v1/Users/3b3bf20a2e464c44824b43ab56a47f5c"
    },
    "schemas": [
      "urn:scim:schemas:core:1.0",
      "urn:scim:schemas:extension:iwelcome:1.0",
      "urn:scim:schemas:extension:iwelcomeattributemetadata:1.0"
    ]
    },
    "name": {
      "familyName": "Carnaval",
      "givenName": "W",
      "formatted": "W Carnaval"
    },
    "active": true,
    "id": "3b3bf20a2e464c44824b43ab56a47f5c",
    "userName": "wcarnava1"
  }

copy link to clipboardEmail address verification (COMMUNICATION-501)

{
  "userId": "b989bbf85eb14785a86e81fc73eb5104",
  "timestamp": "2018-02-09T08:54:59.465Z",
  "segment": "bikes",
  "event": {
    "category": "COMMUNICATION",
    "typeId": "501",
    "type": "Email address verification.",
    "eventType": "ActivationEmailSentEvent"
  }
}

copy link to clipboardAccount created (LIFECYCLE-301)

In this user creation example, the event metadata includes device fingerprinting, geolocation, and IP address.

{
  "userId": "b989bbf85eb14785a86e81fc73eb5104",
  "timestamp": "2018-02-09T08:54:59.275Z",
  "segment": "ongo/bikes",
  "event": {
    "category": "LIFECYCLE",
    "typeId": "301",
    "type": "create account",
    "eventType": "CreateAccountEvent"
  },
  "device": {
    "name": "Spider",
    "os": "Other",
    "browser": "Java",
    "browserVersion": "8.0",
    "browserDetailVersion": "8.0.151",
    "userAgent": "Java/1.8.0_151"
  },
  "location": {
    "ip": "192.168.1.21"
  },
  "clientName": "ums",
  "dateTime": "2018-02-09T08:54:59.275Z",
  "host": "https://test.onewelcome.nl/workflowapi/",
  "userDataAfterEvent": {
    "urn:scim:schemas:core:1+0:emails": [
      {
        "type": "other",
        "value": "test.user9001@yopmail.com",
        "primary": true
      }
    ],
    "urn:scim:schemas:extension:iwelcome:1+0:state": "INACTIVE",
    "urn:scim:schemas:core:1+0:schemas": [
      "urn:scim:schemas:core:1.0",
      "urn:scim:schemas:extension:iwelcome:1.0",
      "urn:scim:schemas:extension:iwelcomeattributemetadata:1.0",
      "urn:scim:schemas:extension:iwelcomeattributevaluemetadata:1.0"
    ],
    "urn:scim:schemas:core:1+0:id": "b989bbf85eb14785a86e81fc73eb5104",
    "urn:scim:schemas:core:1+0:userName": "TEST009001",
    "urn:scim:schemas:extension:iwelcome:1+0:segment": "ongo/bikes",
    "urn:scim:schemas:core:1+0:name": {
      "familyName": "Testnovember",
      "givenName": "ABC",
      "middleName": null,
      "formatted": "ABC Testnovember"
    },
    "urn:scim:schemas:extension:iwelcome:1+0:birthDate": "02/02/1980"
  }
}

copy link to clipboardBlock event (unblock via ServiceDesk)

{
          "dateTime" : "2018-09-27T15:38:30.197Z",
          "block" : {
            "date" : "2018-09-27T15:38:18.281Z",
            "reason" : "System generated reason",
            "userid" : "b15027b304514cc5ba89f15af745afa4"
          },
          "uuid" : "ccd788af41be41ee9bc6e201b9c2c07b",
          "@version" : "1",
    "timestamp" : "2018-09-27T15:38:30.204Z",
    "eventType" : "UnblockUserAuditEvent",
    "source" : "UnblockEvent"
}

copy link to clipboardActivation email sent (COMMUNICATION-501)

{
  "userId": "b989bbf85eb14785a86e81fc73eb5104",
  "timestamp": "2018-02-09T08:54:59.465Z",
  "segment": "ongo/bikes",
  "event": {
    "category": "COMMUNICATION",
    "typeId": "501",
    "type": "Email address verification.",
    "eventType": "ActivationEmailSentEvent"
  },
  "device": {
    "name": "Other",
    "os": "Other",
    "browser": "Other",
    "userAgent": "okhttp/3.8.1"
  },
  "location": {
    "ip": "192.168.1.22"
  }
}

copy link to clipboardApproval of Terms of Service

In this example, category=consent and typeId=801.

{
   "userId": "b989bbf85eb14785a86e81fc73eb5104",
   "timestamp": "2018-02-09T08:59:40.364Z",
   "segment": "ongo/bikes",
   "event": {
     "category": "CONSENT",
     "typeId": "801",
     "type": "Approval terms of service",
     "eventType": "ApprovalTermsOfServiceEvent"
   },
   "device": {
     "name": "Other",
     "os": "Mac OS X",
     "browser": "Firefox",
     "browserVersion": "58.0",
     "browserDetailVersion": "58.0",
     "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0"
   },
   "document": {
     "name": "Ongo Terms of Service",
     "version": "3.1",
     "versionDate": "2017-06-01"
   },
   "location": {
     "ip": "77.165.59.121"
   }
}

copy link to clipboardUser added to a group (AUTHORISATION 1001)

{
  "event_type_id": "1001",
  "event_type_details": {
    "category": "AUTHORISATION",
    "name": "User added to a group"
  },
  "user": {
    "id": "98127d312d484a86a18e37b0ca404bb4",
    "external_id": "ongo-customer-id-0123456789",
    "segment": "ongo-bikes"
  },
  "authenticated_user": {
    "id": "5a377494075648679e37a02a86992e84",
    "segment": "employees"
  },
  "client_application": {
    "client_id": "s6BhdRkqt3",
    "client_name": "DUMS"
  },
  "group": {
    "id": "f480b020-61f5-478b-aa75-ec0c8b0dbba3",
    "display_name": "Office365 users"
  }
}

On this page