SSO Events

SSO Events record activity from your identity integrations: SAML login attempts, LDAP login attempts, and LDAP sync operations. Use these logs to investigate authentication failures, review sync results, and audit login activity across your SSO providers.

We retain these logs for 90 days.

For configuration details on your SSO integrations, see SSO / Single Sign-On.

Event Types

SSO Events cover three distinct event types.

SAML Login events record each attempt by a user to authenticate using SAML. SAML login rows are column-first: the Username on Files.com field shows the user's Files.com username, and the IdP UID field shows the identifier returned by the identity provider. These fields are more reliable than reconstructing login context from body text.

LDAP Login events record each attempt by a user to authenticate using LDAP. A login event captures the outcome of the authentication request and any error information returned by the LDAP provider.

LDAP Sync events record each attempt to synchronize user and group provisioning information from your LDAP server. A sync event captures whether the synchronization succeeded, partially succeeded, or failed, along with any error details.

Admin Email Alerts

Site Administrators can receive email alerts for LDAP sync failures through the SSO/SCIM/LDAP configuration/sync failures preference in their account settings. This preference covers LDAP sync failure and partial-failure events only. LDAP login failures and SAML login failures are not included in this preference.

Details Recorded in SSO Events

Each SSO Event entry includes the following columns.