Search results
The search results display the values of the search criteria from the specified date and time range in tabular format.
| Field | Description |
|---|---|
| Event Type | The type of event |
|
User ID |
The user who performed the action |
| Session ID | The session when the action occurred |
| User Agent | The browser the user used during the event |
| Sign In Source | Cloud Identities (CI) or Federated Identities (IdP) depending on how the user signed in |
| Sign In Source ID | For Cloud Identities: null For SAML IdP: the entity ID value For OpenId: the issuer value |
| MFA | true or false, depending on whether MFA is performed: if MFA is enabled and not enforced on the tenant, and MFA is not performed, the result is false |
| MFA Type | The value of the "device_provider" claim on the id_token provided by the MFA API, or null if MFA is not performed |
| MFA Device | The value of the "device_name" claim on the id_token provided by the MFA API, or null if MFA is not performed (assuming this is the id_token from MFA, this should be the device_id value) |
| Time | The time the event occurred |