Event Types
The IAM Event API captures actions taken by the user or service account in Flexera One. Each action is identified as eventType. The API will give the details of who/when/what/where type of information for each available event. The following sections describes supported eventTypes.
Events will refer to a system-account principal when they are created by the Flexera One system.
authentication.saml2
SAML2 authentication events are generated when users log into Flexera One with a SAML2 Identity Provider.
Example
{
"eventType": "authentication.saml2",
"id": "7bfcf75b8c4b4b5d9d9f05937f039307",
"outcome":
{
"result": "SUCCESS"
},
"principal":
{
"email": "luke.skywalker@flexera.com",
"geographical":
{
"city": "Itasca",
"country": "United States",
"geolocation":
{
"latitude": "41.9901",
"longitude": "-88.0225"
},
"postalCode": "60143",
"state": "Illinois"
},
"ip": "1.2.3.4",
"kind": "iam#user",
"name": "Luke Skywalker",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"raw": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
}
},
"timestamp": "2020-10-21T10:20:50Z"
}
Attributes
| field | description |
|---|---|
| eventType | authentication.saml2 |
| id | The unique event ID |
| outcome.result | Whether the authentication succeeded ("SUCCESS") or failed ("FAILURE") |
| principal.email | The principal's email address |
| principal.geographical.city | The city the request originated from |
| principal.geographical.country | The country the request originated from |
| principal.geographical.geolocation.latitude | The latitude the request originated from |
| principal.geographical.geolocation.longitude | The longitude the request originated from |
| principal.geographical.postalCode | The postal code the request originated from |
| principal.geographical.state | The state the request originated from |
| principal.ip | The IP address the request originated from |
| principal.kind | The principal's kind, e.g. user or service account |
| principal.name | The name of the principal |
| principal.userAgent.browser | The client's browser, if applicable |
| principal.userAgent.os | The client's operating system, if applicable |
| principal.userAgent.raw | Unparsed details of the application making the API request |
| timestamp | The time the event occurred in UTC |
access-rule.grant
Access rule grant events are generated when a role is granted by a Flexera One principal to a Flexera One subject.
Example
{
"eventType": "access-rule.grant",
"id": "7bfcf75b8c4b4b5d9d9f05937f039307",
"outcome":
{
"result": "SUCCESS"
},
"principal":
{
"kind": "iam#user",
"id": "789"
},
"targets":
[
{
"kind": "iam#access-rule",
"scope":
{
"kind": "iam#org",
"id": "123"
},
"role":
{
"id": "989"
},
"subject":
{
"kind": "iam#user",
"id": "1234"
}
}
]
}
Attributes
| field | description |
|---|---|
| eventType | access-rule.grant |
| id | The unique event ID |
| outcome.result | Whether the role assignment succeeded ("SUCCESS") or failed ("FAILURE") |
| principal.id | The ID of the principal who granted the role |
| principal.kind | The kind of the principal who granted the role |
| targets | The targets list will include one object: the access rule which was created. |
| targets[].kind | The kind of target, e.g. iam#access-rule |
| targets[].scope.kind | The context in which the access rule applies. If the scope's kind is iam#org the access rule applies throughout the org, and its projects. If the scope's kind is iam#project, the access rule applies to exactly one project within the org. |
| targets[].scope.id | The id of the org in case the scope.kind is iam#org or the id of the project in case the scope.kind is iam#project |
| targets[].role.id | The id of the role that is being granted to the subject |
| targets[].subject.kind | The type of subject to whom the permission has been granted, e.g. user or service account |
| targets[].subject.id | The id of the user/service account that was granted the role |
access-rule.revoke
Access rule revoke events are generated when a role is revoked from a Flexera One subject by a Flexera One principal.
Example
{
"eventType": "access-rule.revoke",
"id": "7bfcf75b8c4b4b5d9d9f05937f039307",
"outcome":
{
"result": "SUCCESS"
},
"principal":
{
"kind": "iam#user",
"id": "789"
},
"targets":
[
{
"kind": "iam#access-rule",
"scope":
{
"kind": "iam#org",
"id": "123"
},
"role":
{
"id": "989"
},
"subject":
{
"kind": "iam#user",
"id": "1234"
}
}
]
}
Attributes
| field | description |
|---|---|
| eventType | access-rule.revoke |
| id | The unique event ID |
| outcome.result | Whether the revocation of role succeeded ("SUCCESS") or failed ("FAILURE") |
| principal.id | The ID of the principal who revoked the role |
| principal.kind | The kind of the principal who revoked the role |
| targets | The targets list will include one object: the access rule which was revoked. |
| targets[].kind | The kind of target, e.g. iam#access-rule |
| targets[].scope.kind | The context in which the access rule applies. If the scope's kind is iam#org the access rule applies throughout the org, and its projects. If the scope's kind is iam#project, the access rule applies to exactly one project within the org. |
| targets[].scope.id | The id of the org in case the scope.kind is iam#org or the id of the project in case the scope.kind is iam#project |
| targets[].role.id | The id of the role that is being revoked from the subject |
| targets[].subject.kind | The type of subject whose permission was revoked, e.g. user or service account |
| targets[].subject.id | The id of the user/service account that had their role revoked |