| Activity |
- Type
- picklist
- Properties
- Filter, Group, Restricted picklist, Sort
- Description
-
The action the user attempted that requires identity
verification. The label is User Activity.
Available values are:
- AccessReports—The user
attempted to access reports or
dashboards.
- Apex—The user
attempted to access a Salesforce resource with a verification Apex method.
- ChangeEmail—The user attempted to change an
email address.
- ConnectToopher—The user attempted to
connect Salesforce Authenticator.
- ConnectTotp—The user attempted to connect a one-time
password generator.
- ConnectU2F—The
user attempted to register a U2F security
key.
- ConnectedApp—The user attempted to access a connected
app.
- EnableLL—The
user attempted to enroll in Lightning
Login.
- ExportPrintReports—The user
attempted to export or print reports or
dashboards.
- ExtraVerification—Reserved for future
use.
- Login—The user
attempted to log in.
- Registration—Reserved for future use.
- TempCode—The
user attempted to generate a temporary
verification code.
|
| EventGroup |
- Type
- int
- Properties
- Filter, Group, Sort
- Description
-
ID of the verification attempt. Verification can involve
several attempts and use different verification
methods. For example, in a user’s session, a user
enters an invalid verification code (first attempt).
The user then enters the correct code and
successfully verifies identity (second attempt).
Both attempts are part of a single verification and,
therefore, have the same ID. The label is
Verification Attempt.
|
| LoginGeoId |
- Type
- reference
- Properties
- Filter, Group, Nillable, Sort
- Description
- The 18-character ID for the record of the geographic location of the user for a
successful or unsuccessful identity verification
attempt. Due to the nature of geolocation technology,
the accuracy of geolocation fields (for example,
country, city, postal code) may vary.
|
| LoginHistoryId |
- Type
- reference
- Properties
- Filter, Group, Sort
- Description
- The ID for the record of the user’s successful or
unsuccessful login attempt.
|
| Policy |
- Type
- picklist
- Properties
- Filter, Group, Restricted picklist, Sort
- Description
-
The identity verification security policy or setting.
The label is Triggered By. Available values are:
- CustomApex—Identity verification made by a verification Apex method.
- DeviceActivation—Identity
verification required for users logging in from an
unrecognized device or new IP address. This
verification is part of Salesforce’s risk-based authentication.
- EnableLightningLogin—Identity
verification required for users enrolling in
Lightning Login. This verification is triggered
when the user attempts to enroll. Users are
eligible to enroll if they have the “Lightning
Login User” user permission and the org has
enabled “Allow Lightning Login” in Session
Settings.
- ExtraVerification—Reserved for future
use.
- HighAssurance—High assurance
session required for resource access. This
verification is triggered when the user tries to
access a resource, such as a connected app,
report, or dashboard that requires a
high-assurance session level.
- LightningLogin—Identity
verification required for users logging in via
Lightning Login. This verification is triggered
when the enrolled user attempts to log in. Users
are eligible to log in if they have the “Lightning
Login User” user permission, have successfully
enrolled in Lightning Login, and the org has
enabled “Allow Lightning Login” in Session
Settings.
- PageAccess—Identity verification required for
users attempting to perform an action, such as
changing an email address or adding a two-factor
authentication method.
- ProfilePolicy—Session
security level required at login. This
verification is triggered by the “Session security
level required at login” setting on the user’s
profile.
- TwoFactorAuthentication—Two-factor authentication
required at login. This verification is triggered
by the “Two-Factor Authentication for User
Interface Logins” user permission assigned to a
custom profile. Or, the user permission is
included in a permission set that is assigned to a
user.
|
| Remarks |
- Type
- string
- Properties
- Filter, Group, Nillable, Sort
- Description
-
The text the user sees on the screen or in Salesforce Authenticator when prompted to verify identity.
For example, if identity verification is required
for a user’s login, the user sees “You’re trying to
Log In to Salesforce”. In this instance, the
Remarks value is “Log In to
Salesforce”. The exception is when the
Activity value is Apex. In this
instance, the Remarks value is a
custom description passed by the Apex method. If the
user is verifying identity using the Salesforce Authenticator app, the custom description displays in
the app as well. If the custom description isn’t
specified, the default value is the name of the Apex
method. The label is Activity Message.
|
| ResourceId |
- Type
- reference
- Properties
- Filter, Group, Nillable, Sort
- Description
- If the Activity value is ConnectedApp, the
ResourceId value is the ID of
the connected app. The label is Connected App ID.
|
| SourceIp |
- Type
- string
- Properties
- Filter, Group, Sort
- Description
- The IP address of the machine from which the user attempted the
action that requires identity verification. For
example, the IP address of the machine from where
the user tried to log in or access reports. If it’s
a non-login action that required verification, the
IP address can be different from the address from
where the user logged in. This address can be an
IPv4 or IPv6 address.
|
| Status |
- Type
- picklist
- Properties
- Filter, Group, Restricted picklist, Sort
- Description
-
The status of the identity verification attempt. Available
values are:
- AutomatedSuccess—Salesforce Authenticator approved the request for access
because the request came from a trusted location.
After users enable location services in Salesforce Authenticator, they can designate trusted
locations. When a user trusts a location for a
particular activity, such as logging in from a
recognized device, that activity is approved from
the trusted location for as long as the location
is trusted.
- Denied—The user denied the approval request in the
authenticator app, such as Salesforce Authenticator.
- FailedGeneralError—An error caused by
something other than an invalid verification code,
too many verification attempts, or authenticator
app connectivity.
- FailedInvalidCode—The user provided an
invalid verification code.
- FailedTooManyAttempts—The user attempted
to verify identity too many times. For example,
the user entered an invalid verification code
repeatedly.
- Initiated—Salesforce initiated identity verification but hasn’t yet
challenged the user.
- InProgress—Salesforce challenged the user to verify identity and is
waiting for the user to respond or for Salesforce Authenticator to send an automated
response.
- RecoverableError—Salesforce can’t reach the authenticator app to verify
identity, but will retry.
- ReportedDenied—The user denied the approval
request in the authenticator app, such as Salesforce Authenticator, and also flagged the approval
request to report to an administrator.
- Succeeded—The
user’s identity was verified.
|
| UserId |
- Type
- reference
- Properties
- Filter, Group, Sort
- Description
- ID of the user verifying identity.
|
| VerificationMethod |
- Type
- picklist
- Properties
- Filter, Group, Nillable, Restricted picklist, Sort
- Description
-
The method by which the user attempted to verify identity in the
verification event. The label is Method.
Available values are:
- Email—Salesforce sent an email with a verification code to the
address associated with the user’s
account.
- EnableLL—Salesforce Authenticator sent a notification to the user’s
mobile device to enroll in Lightning Login.
This value is available in API version 38.0 and later.
- LL—Salesforce Authenticator sent a notification to the user’s
mobile device to approve login via Lightning
Login. This value is available in API version 38.0 and later.
- SalesforceAuthenticator—Salesforce Authenticator sent a notification to the user’s
mobile device to verify account
activity.
- Sms—Salesforce sent a text message with a verification code to
the user’s mobile device.
- TempCode—A Salesforce admin or a user with the “Manage Two-Factor
Authentication in User Interface” permission
generated a temporary verification code for the
user. This value is available in API version 37.0 and later.
- Totp—An authenticator
app generated a time-based, one-time password
(TOTP) on the user’s mobile device.
- U2F���A U2F security key
generated required credentials for the user.
This value is available in API version 38.0 and later.
|
| VerificationTime |
- Type
- dateTime
- Properties
- Filter, Sort
- Description
-
The time of the identity verification attempt. The time zone is
based on GMT. The label is Time.
|
j