Introduction
User events are captured when user accounts are created or revised or when users authenticate. You can view user events in the ZEDEDA Cloud Reports. If you need all the details, you can use the API docs from the link in the Help Center. This is a brief overview of how user events are generally captured.
Prerequisites
Create an account
When you create an account, that generates an event. When you run an event report for a user, the report calls the following API endpoint with the ID of the user:
GET /api/v1/users/id/AAF1ABCPiqU-8-JAoJtd_jA-J8h9
Response example
{
"id": "AAF1ABCPiqU-8-JAoJtd_jA-J8h9",
"username": "user@acme.com",
"SfdcId": "",
"HubspotId": "",
"revision": {
"prev": "",
"curr": "1",
"createdAt": "2024-10-10T05:12:05.863478Z",
"createdBy": "SysAdmin@acme.com",
"updatedAt": "2024-10-11T15:56:22.491223Z",
"updatedBy": "SysAdmin@acme.com"
},
"state": "USER_STATE_ACTIVE",
"firstName": "UserFirst",
"locale": "",
"fullName": "UserFirst UserLast",
"timeZone": "",
"roleId": "AAGFABCFc6p2XtZBGISdXrrSPmMm",
"type": "AUTH_TYPE_LOCAL",
"email": "user@acme.com",
"phone": "",
"notifyPref": "",
"LastLoginTime": "2024-10-11T15:56:22.491222Z",
"LastLogoutTime": "0001-01-01T00:00:00Z",
"emailState": "ID_STATE_VERIFIED",
"phoneState": "ID_STATE_UNSPECIFIED",
"customUserInput": {},
"allowedEnterprises": [
{
"id": "AAFlABBtJ0mP_lhJjIyVzjzgMXiR",
"name": "acme",
"roleId": "AAGFABCFc6p2XtZBGISdXrrSPmMm"
}
],
"enterpriseId": "AAFlABBtJ0mP_lhJjIyVzjzgMXiR",
"totpEnabled": false
}
The following parameters can return the following values:
state: General well being of the user |
|
type: Authentication type |
|
emailState: state of the ID |
|
phoneState: state of the ID |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA IAM Service from the dropdown menu and expand the item for:
GET /v1/users/id/{id}
Deactivate an account
After you create an account, you can deactivate the account, and that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:
GET /api/v1/events?startTime.seconds=1730279711&endTime.seconds=1730322911&objtype=user&objname=SysAdmin@acme.com&next.pageSize=20&next.pageNum=1
Response example
{
"list": [
{
"user": "SysAdmin@acme.com",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "User user@acme.com is Updated ",
"timestamp": "2024-10-30T21:15:01.450572775Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "user@acme.com",
"jsonData": null,
"clusterInstance": ""
},
],
"next": {
"pageToken": "2024-10-30T17:02:39.51375351Z",
"orderBy": [],
"pageNum": 1,
"pageSize": 20,
"totalPages": 1
},
"summary": {
"description": "",
"total": 19,
"values": {}
}
}
The following parameters can return the following values:
severity: Severity of events |
|
source: Source of events |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for:
GET /v1/events
Activate an account
After you deactivate an account, you can activate it, and that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:
GET /api/v1/events?startTime.seconds=1730280114&endTime.seconds=1730323314&objtype=user&objname=SysAdmin@acme.com&next.pageSize=20&next.pageNum=1
Response example
{
"list": [
{
"user": "SysAdmin@acme.com",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "User user@acme.com is Updated ",
"timestamp": "2024-10-30T21:21:48.950818656Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "user@acme.com",
"jsonData": null,
"clusterInstance": ""
},
],
"next": {
"pageToken": "2024-10-30T17:02:39.51375351Z",
"orderBy": [],
"pageNum": 1,
"pageSize": 20,
"totalPages": 1
},
"summary": {
"description": "",
"total": 20,
"values": {}
}
}
The following parameters can return the following values:
severity: Severity of events |
|
source: Source of events |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for:
GET /v1/events
Delete an account
After you create an account, you can delete it, and that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:
GET /api/v1/events?startTime.seconds=1730280653&endTime.seconds=1730323853&objtype=user&objname=SysAdmin@acme.com&next.pageSize=20&next.pageNum=1
Response example
{
"list": [
{
"user": "SysAdmin@acme.com",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "User user@acme.com is Deleted ",
"timestamp": "2024-10-30T21:30:39.814541880Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "user@acme.com",
"jsonData": null,
"clusterInstance": ""
},
],
"next": {
"pageToken": "2024-10-30T18:49:26.407264565Z",
"orderBy": [],
"pageNum": 1,
"pageSize": 20,
"totalPages": 2
},
"summary": {
"description": "",
"total": 21,
"values": {}
}
}
The following parameters can return the following values:
severity: Severity of events |
|
source: Source of events |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for:
GET /v1/events
Authenticate
When a user authenticates, that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:
GET /api/v1/events?startTime.seconds=1728576746&endTime.seconds=1728663146&objtype=user&objname=user@acme.com&next.pageSize=20&next.pageNum=1
Response Example
{
"list": [
{
"user": "user@acme.com",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "User 'user@acme.com' Logged in after successful password verification",
"timestamp": "2024-10-11T15:56:22.493958164Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "user@acme.com",
"jsonData": null,
"clusterInstance": ""
},
],
"next": {
"pageToken": "2024-10-10T20:04:48.557269742Z",
"orderBy": [],
"pageNum": 1,
"pageSize": 20,
"totalPages": 1
},
"summary": {
"description": "",
"total": 2,
"values": {}
}
}
The following parameters can return the following values:
severity: Severity of events |
|
source: Source of events |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for:
GET /v1/events
Edit credentials
When you create an account, you can assign a password. You can change the password at any time & that creates an event. When you run an event report for a user, the report calls the following API endpoint with the ID of the user:
GET /api/v1/users/id/AAF1ABCPiqU-8-JAoJtd_jA-J8h9
Response example
{
"list": [
{
"user": "SysAdmin@acme.com",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "SysAdmin@acme.com reset user user@acme.com password",
"timestamp": "2024-10-16T18:43:08.567156468Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "",
"jsonData": null,
"clusterInstance": ""
},
{
"user": "SysAdmin@acme.com",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "Password reset failed: new password cannot be one of the recently used passwords",
"timestamp": "2024-10-16T18:42:52.906844485Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "",
"jsonData": null,
"clusterInstance": ""
}
The following parameters can return the following values:
severity: The severity of the event |
|
source: The source of the event |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA IAM Service from the dropdown menu and expand the item for:
GET /v1/users/id/{id}
Assign roles
When you create an account, you can assign a role. You can change the role at any time & that creates an event. When you run an event report for a user, the report calls the following API endpoint with the ID of the user:
GET /api/v1/users/id/AAF1ABCPiqU-8-JAoJtd_jA-J8h9
Response example
{
"list": [
{
"user": "SysAdmin@acme.com",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "User user@acme.com is Updated ",
"timestamp": "2024-10-16T17:33:46.596038387Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "user@acme.com",
"jsonData": null,
"clusterInstance": ""
},
]
The following parameters can return the following values:
severity: The severity of the event |
|
source: The source of the event |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA IAM Service from the dropdown menu and expand the item for:
GET /v1/users/id/{id}
Enable two factor authentication
After your account has been added, you can edit your own user details to enable two factor authentication (2FA). You can enable 2FA at any time. When you register with the time-based one-time password (TOTP), it generates an event. When you run an event report for yourself, the report calls the following API endpoint with the date and time range you specify and the pagination:
GET /api/v1/events?startTime.seconds=1730271552&endTime.seconds=1730314752&next.pageSize=20&next.pageNum=1
Response example
{
"list": [
{
"user": "",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "Tenant User 'user@acme.com' Totp Registration succeeded ",
"timestamp": "2024-10-30T18:55:00.919123380Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "user@acme.com",
"jsonData": null,
"clusterInstance": ""
},
],
"next": {
"pageToken": "2024-10-30T17:02:39.51375351Z",
"orderBy": [],
"pageNum": 1,
"pageSize": 20,
"totalPages": 1
},
"summary": {
"description": "",
"total": 7,
"values": {}
}
}
The following parameters can return the following values:
severity: The severity of the event |
|
source: The source of the event |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for:
GET /v1/events
Disable two factor authentication
After you enable 2FA, you can disable 2FA. You can disable it at any time, and that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:
GET /api/v1/events?startTime.seconds=1730271552&endTime.seconds=1730314752&objtype=user&objname=user@acme.com&next.pageSize=20&next.pageNum=1
Response example
{
"list": [
{
"user": "user@acme.com",
"project": "",
"device": "",
"instance": "",
"severity": "INFO",
"description": "User loria@zededa.com is Updated ",
"timestamp": "2024-10-30T19:15:27.726863159Z",
"source": "EVENT_SOURCE_USER",
"resource": "User",
"eventType": "",
"tags": [],
"resourceName": "user@acme.com",
"jsonData": null,
"clusterInstance": ""
},
],
"next": {
"pageToken": "2024-10-16T17:17:36.167510742Z",
"orderBy": [],
"pageNum": 1,
"pageSize": 20,
"totalPages": 1
},
"summary": {
"description": "",
"total": 4,
"values": {}
}
}
The following parameters can return the following values:
severity: The severity of the event |
|
source: The source of the event |
|
The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for:
GET /v1/events