Prompt details in Tenant Logs

Prompt details in Tenant Logs

Auth0 tenant logs provide transaction details for user authentication actions. Tenant logs capture information from the sign-in, login, and verification processes for review. You can review how the user authenticated, which credentials they provided, length of transaction, and connection status.

Below are the default values captured in tenant logs:

Attribute Description
completedAt Stage completion time, including user interaction time
elapsedTime Difference between completedAt and initiatedAt
flow Varies based on New or Classic Universal Login
initiatedAt Stage start time
name Name of the stage

login

The login stage provides the following values:

Attibute Description
flow Able to take two values dependent on Classic or New Universal Login
user_id Auth0 ID of the user authenticated in this stage
user_name Name of the user authenticated in this stage

Additional fields with the following information:

Attribute Description
connection Connection used to authenticate the user
connection_id ID of the connection used to authenticate the user
strategy Strategy of the connection used to authenticate user
identity Users’ authenticated identity

Values for additional events in the login flow:

Name Universal Login Experience Description
federated-authenticate New Federated connection used for authentication, social, legal, or enterprise
lock-password-authenticate Classic User authenticated with a username and password
oauth1-authenticate Classic User authenticated with an oauth1 federation
oauth2-authenticate Classic User authenticated with an oauth2 federation
oidc-authenticate Classic User authenticated with an oidc federation
prompt-authenticate New User authenticated with a username and password
prompt-authenticate-password New User authenticated with username and password in the idfirst flow
prompt-signup New User signed up using a username and password
prompt-signup-password New User signed up using username and password using the idfirst flow
saml-authenticate Classic User authenticated with a SAML federation
wsfed-authenticate Classic User authenticated with a WS-FED federation

The consent stage provides the following values:

Attribute Description
grantInfo

    audience
    id
    scope


    The {myApiIdentifier} or identifier of the API granted permission by the user
    User grant persisted in the database
    Approved scope granted by the user

login-email-verification

The email verification prompt provides the following values:

Attribute Description
login-email-verification Is included if the email verification prompt was presented

redirect

The redirect stage provides the following values:

Attribute Description
URL URL the user was redirected to

mfa

Multi-factor authentication provides the following values:

Attribute Description
flow Can take two values depending if it used the classic experience (mfa) or the new experience (universal-mfa).
performed_acr acr that will be included in the id_token.
performed_amr amr that will be included in the id_token.
provider Provider used to perform mfa.