| Activity |
- Type
- picklist
- Properties
-
Filter, Group, Restricted picklist, Sort
- Description
-
The action the user attempted that requires identity
verification. The label is User Activity.
Available values are:
- AccessReports—The user
attempted to access reports or
dashboards.
- Apex—The user
attempted to access a Salesforce resource with a verification Apex method.
- ConnectedApp—The user attempted to access a
connected app.
- ExportPrintReports—The user
attempted to export or print reports or
dashboards.
- Login—The user
attempted to log in.
- Registration—Reserved for future use.
|
| EventGroup |
- Type
- int
- Properties
-
Filter, Group, Sort
- Description
-
ID of the verification attempt. Verification can involve
several attempts and use different verification
methods. For example, in a user’s session, a user
enters an invalid verification code (first attempt).
The user then enters the correct code and
successfully verifies identity (second attempt).
Both attempts are part of a single verification and,
therefore, have the same ID. The label is
Verification Attempt.
|
| LoginGeoId |
- Type
- reference
- Properties
-
Filter, Group, Nillable, Sort
- Description
- The 18-character ID for the record of the geographic location of the user for a
successful or unsuccessful identity verification
attempt. Due to the nature of geolocation technology,
the accuracy of geolocation fields (for example,
country, city, postal code) may vary.
|
| LoginHistoryId |
- Type
- reference
- Properties
-
Filter, Group, Sort
- Description
- The ID for the record of the user’s successful or
unsuccessful login attempt.
|
| Policy |
- Type
- picklist
- Properties
-
Filter, Group, Restricted picklist, Sort
- Description
-
The identity verification security policy or setting.
The label is Triggered By. Available values are:
- CustomApex—Identity verification made by a verification Apex method.
- DeviceActivation—Identity
verification required for users logging in from an
unrecognized device or new IP address. This
verification is part of Salesforce’s risk-based authentication.
- HighAssurance—High assurance session required
for resource access. This verification is
triggered when the user tries to access a
resource, such as a connected app, report, or
dashboard that requires a high-assurance session
level.
- ProfilePolicy—Session
security level required at login. This
verification is triggered by the “Session security
level required at login” setting on the user’s
profile.
- TwoFactorAuthentication—Two-factor authentication
required at login. This verification is triggered
by the “Two-Factor Authentication for User
Interface Logins” user permission assigned to a
custom profile. Or, the user permission is
included in a permission set that is assigned to a
user.
|
| Remarks |
- Type
- string
- Properties
-
Filter, Group, Nillable, Sort
- Description
-
The text the user sees on the screen or in Salesforce Authenticator when prompted to verify identity.
For example, if identity verification is required
for a user’s login, the user sees “You’re trying to
Log In to Salesforce”. In this instance, the
Remarks value is “Log In to
Salesforce”. The exception is when the
Activity value is Apex. In this
instance, the Remarks value is a
custom description passed by the Apex method. If the
user is verifying identity using the Salesforce Authenticator app, the custom description displays in
the app as well. If the custom description isn’t
specified, the default value is the name of the Apex
method. The label is Activity Message.
|
| ResourceId |
- Type
- reference
- Properties
-
Filter, Group, Nillable, Sort
- Description
- If the Activity value is ConnectedApp, the
ResourceId value is the ID of
the connected app. The label is Connected App ID.
|
| SourceIp |
- Type
- string
- Properties
-
Filter, Group, Sort
- Description
- The IP address of the machine from which the user attempted the
action that requires identity verification. For
example, the IP address of the machine from where
the user tried to log in or access reports. If it’s
a non-login action that required verification, the
IP address can be different from the address from
where the user logged in. This address can be an
IPv4 or IPv6 address.
|
| Status |
- Type
- picklist
- Properties
-
Filter, Group, Restricted picklist, Sort
- Description
-
The status of the identity verification attempt. Available
values are:
- AutomatedSuccess—Salesforce Authenticator approved the request for access
because the request came from a trusted location.
After users enable location services in Salesforce Authenticator, they can designate trusted
locations. When a user trusts a location for a
particular activity, such as logging in from a
recognized device, that activity is approved from
the trusted location for as long as the location
is trusted.
- Denied—The user denied the approval request in the
authenticator app, such as Salesforce Authenticator.
- FailedGeneralError—An error caused by
something other than an invalid verification code,
too many verification attempts, or authenticator
app connectivity.
- FailedInvalidCode—The user provided an
invalid verification code.
- FailedTooManyAttempts—The user attempted
to verify identity too many times. For example,
the user entered an invalid verification code
repeatedly.
- Initiated—Salesforce initiated identity verification but hasn’t yet
challenged the user.
- InProgress—Salesforce challenged the user to verify identity and is
waiting for the user to respond or for Salesforce Authenticator to send an automated
response.
- RecoverableError—Salesforce can’t reach the authenticator app to verify
identity, but will retry.
- ReportedDenied—The user denied the approval
request in the authenticator app, such as Salesforce Authenticator, and also flagged the approval
request to report to an administrator.
- Succeeded—The
user’s identity was verified.
|
| UserId |
- Type
- reference
- Properties
-
Filter, Group, Sort
- Description
- ID of the user verifying identity.
|
| VerificationMethod |
- Type
- picklist
- Properties
-
Filter, Group, Nillable, Restricted picklist, Sort
- Description
-
The method by which the user attempted to verify identity in the
verification event. The label is Method.
Available values are:
- Email—Salesforce sent an email with a verification code to the
address associated with the user’s
account.
- SalesforceAuthenticator—Salesforce Authenticator sent a notification to the user’s
mobile device to verify account
activity.
- Sms—Salesforce sent a text message with a verification code to
the user’s mobile device.
- Totp—An authenticator app generated a time-based, one-time
password (TOTP) on the user’s mobile
device.
|
| VerificationTime |
- Type
- dateTime
- Properties
-
Filter, Sort
- Description
-
The time of the identity verification attempt. The time zone is
based on GMT. The label is Time.
|
j