Audit reporting caches incoming audit messages and provides endpoints to request audit events for a specified date range. The following events and actors are tracked:

Filtering data

The GET /environments/{{envID}}/activities and POST /environments/{{envID}}/activities requests accept SCIM filtering expressions to fine-tune the response data. For large collections, additional filtering expressions can be added to the request URL to focus on particular event types. For example, this SCIM filter returns audit events from the start date of “2018-01-01” and an end date of “2018-03-31”:

https://api.pingone.com/v1/environments/{environmentId}/activities?filter=recordedat gt "2018-01-01T00:00:00Z" AND recordedat lt "2018-03-31T23:59:00Z"

These SCIM operators can be applied to the following attributes:

For more information about SCIM syntax and operators, see Conventions.

Audit reporting data model

Property Description
action.description A string that specifies the description of the action performed.
action.type A string that specifies the type of action performed (such as authentication or password reset).
actors.client.id A string that specifies the ID of the client.
actors.client.name A string that specifies the name assigned to the client for PingOne sign on.
actors.client.type A string that specifies the type of actor. Options are USER or CLIENT.
actors.client.href A string that specifies the URL for the specified client resource.
actors.client.environment.id A string that specifies the ID of the environment resource associated with the client.
actors.user.id A string that specifies the ID of the user.
actors.user.name A string that specifies the name assigned to the user for PingOne sign on.
actors.user.href A string that specifies the URL for the specified user resource.
actors.user.type A string that specifies the type of actor. Options are USER or CLIENT.
actors.user.environment.id A string that specifies the ID of the environment resource associated with the user.
actors.user.population.id A string that specifies the ID of the population resource associated with the user.
correlationId A string that specifies a PingOne identifier for multiple messages in a transaction.
createdAt The date and time at which the event was created (ISO 8601 format).
id A string that specifies the ID of the audit activity event.
recordedAt The date and time at which the event was recorded (ISO 8601 format).
resources.href A string that specifies the URL for the specified resource.
resources.id A string that specifies the ID assigned as the key for the identifier resource (such as the environment, population or event message).
resources.name A string that can be either the user name or the name of the environment, based on the resource type.
resources.type A string that specifies the type of resource associated with the event. Options are USER, ORGANIZATION, or ENVIRONMENT.
resources.population.id The UUID assigned as the key for the population resource.
result.description A string that specifies the description of the result of the operation.
result.id A string that specifies the ID for the result of the operation.
result.status A string that specifies the result of the operation. Options are succeeded or failed.
tags.adminIdentityEvent A string identifying the activity as the action of an administrator on other administrators.

Response codes

Code Message
200 Successful operation.
400 The request could not be completed.
401 You do not have access to this resource.
403 You do not have permissions or are not licensed to make this request.
404 The requested resource was not found.