Prompt Details in Tenant Logs

Auth0 tenant logs provide transaction details for user authentication actions. Tenant logs capture information from the sign-in, login, and verification processes for review. You can review how the user authenticated, which credentials they provided, length of transaction, and connection status.

Below are the default values captured in tenant logs:

Attribute Description
completedAt Stage completion time, including user interaction time
elapsedTime Difference between completedAt and initiatedAt
flow Varies based on login experience (i.e., Universal or Classic)
initiatedAt Stage start time
name Name of the stage

login

The login stage provides the following values:

Attribute Description
flow Able to take two values dependent on Universal or Classic Login
user_id Auth0 ID of the user authenticated in this stage
user_name Name of the user authenticated in this stage

Additional fields with the following information:

Attribute Description
connection Connection used to authenticate the user
connection_id ID of the connection used to authenticate the user
strategy Strategy of the connection used to authenticate user
identity Users’ authenticated identity

Values for additional events in the login flow:

Name Universal Login Experience Description
federated-authenticate Universal Federated connection used for authentication, social, legal, or enterprise
lock-password-authenticate Classic User authenticated with a username and password
oauth1-authenticate Classic User authenticated with an oauth1 federation
oauth2-authenticate Classic User authenticated with an oauth2 federation
oidc-authenticate Classic User authenticated with an oidc federation
prompt-authenticate Universal User authenticated with a username and password
prompt-authenticate-password Universal User authenticated with username and password in the idfirst flow
prompt-signup Universal User signed up using a username and password
prompt-signup-password Universal User signed up using username and password using the idfirst flow
saml-authenticate Classic User authenticated with a SAML federation
wsfed-authenticate Classic User authenticated with a WS-FED federation

The consent stage provides the following values:

Attribute Description
grantInfo The {myApiIdentifier} or identifier of the API granted permission by the user
audience Token audience
id User grant persisted in the database
scope Approved scope granted by the user

login-email-verification

The email verification prompt provides the following values:

Attribute Description
login-email-verification Is included if the email verification prompt was presented

redirect

The redirect stage provides the following values:

Attribute Description
URL URL the user was redirected to

mfa

Multi-factor authentication provides the following values:

Attribute Description
flow Can take two values depending if used with the Classic experience (mfa) or the Universal experience (universal-mfa).
performed_acr acr that will be included in the id_token.
performed_amr amr that will be included in the id_token.
provider Provider used to perform mfa.