authentik/website/docs/events/index.md

---
title: Events
---

Events are authentik's built-in logging system. Whenever any of the following actions occur, an event is created:

Certain information is stripped from events, to ensure no passwords or other credentials are saved in the log.

If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info".

### `login`

A user logs in (including the source, if available)

<details><summary>Example</summary>
<p>

```json
{
    "pk": "f00f54e7-2b38-421f-bc78-e61f950048d6",
    "user": {
        "pk": 1,
        "email": "root@localhost",
        "username": "akadmin"
    },
    "action": "login",
    "app": "authentik.events.signals",
    "context": {
        "auth_method": "password",
        "http_request": {
            "args": {
                "query": "next=%2F"
            },
            "path": "/api/v3/flows/executor/default-authentication-flow/",
            "method": "GET"
        },
        "auth_method_args": {}
    },
    "client_ip": "::1",
    "created": "2023-02-15T15:33:42.771091Z",
    "expires": "2024-02-15T15:33:42.770425Z",
    "tenant": {
        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
        "app": "authentik_tenants",
        "name": "Default tenant",
        "model_name": "tenant"
    }
}
```

</p>
</details>

### `login_failed`

A failed login attempt

<details><summary>Example</summary>
<p>

```json
{
    "pk": "2779b173-eb2a-4c2b-a1a4-8283eda308d7",
    "user": {
        "pk": 2,
        "email": "",
        "username": "AnonymousUser"
    },
    "action": "login_failed",
    "app": "authentik.events.signals",
    "context": {
        "stage": {
            "pk": "7e88f4a991c442c1a1335d80f0827d7f",
            "app": "authentik_stages_password",
            "name": "default-authentication-password",
            "model_name": "passwordstage"
        },
        "password": "********************",
        "username": "akadmin",
        "http_request": {
            "args": {
                "query": "next=%2F"
            },
            "path": "/api/v3/flows/executor/default-authentication-flow/",
            "method": "POST"
        }
    },
    "client_ip": "::1",
    "created": "2023-02-15T15:32:55.319608Z",
    "expires": "2024-02-15T15:32:55.314581Z",
    "tenant": {
        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
        "app": "authentik_tenants",
        "name": "Default tenant",
        "model_name": "tenant"
    }
}
```

</p>
</details>

### `logout`

A user logs out.

<details><summary>Example</summary>
<p>

```json
{
    "pk": "474ffb6b-77e3-401c-b681-7d618962440f",
    "user": {
        "pk": 1,
        "email": "root@localhost",
        "username": "akadmin"
    },
    "action": "logout",
    "app": "authentik.events.signals",
    "context": {
        "http_request": {
            "args": {
                "query": ""
            },
            "path": "/api/v3/flows/executor/default-invalidation-flow/",
            "method": "GET"
        }
    },
    "client_ip": "::1",
    "created": "2023-02-15T15:39:55.976243Z",
    "expires": "2024-02-15T15:39:55.975535Z",
    "tenant": {
        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
        "app": "authentik_tenants",
        "name": "Default tenant",
        "model_name": "tenant"
    }
}
```

</p>
</details>

### `user_write`

A user is written to during a flow execution.

<details><summary>Example</summary>
<p>

```json
{
    "pk": "d012e8af-cb94-4fa2-9e92-961e4eebc060",
    "user": {
        "pk": 1,
        "email": "root@localhost",
        "username": "akadmin"
    },
    "action": "user_write",
    "app": "authentik.events.signals",
    "context": {
        "name": "authentik Default Admin",
        "email": "root@localhost",
        "created": false,
        "username": "akadmin",
        "attributes": {
            "settings": {
                "locale": ""
            }
        },
        "http_request": {
            "args": {
                "query": ""
            },
            "path": "/api/v3/flows/executor/default-user-settings-flow/",
            "method": "GET"
        }
    },
    "client_ip": "::1",
    "created": "2023-02-15T15:41:18.411017Z",
    "expires": "2024-02-15T15:41:18.410276Z",
    "tenant": {
        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
        "app": "authentik_tenants",
        "name": "Default tenant",
        "model_name": "tenant"
    }
}
```

</p>
</details>

### `suspicious_request`

A suspicious request has been received (for example, a revoked token was used).

### `password_set`

A user sets their password.

### `secret_view`

A user views a token's/certificate's data.

### `secret_rotate`

A token was rotated automatically by authentik.

### `invitation_used`

An invitation is used.

### `authorize_application`

A user authorizes an application.

<details><summary>Example</summary>
<p>

```json
{
    "pk": "f52f9eb9-dc2a-4f1e-afea-ad5af90bf680",
    "user": {
        "pk": 1,
        "email": "root@localhost",
        "username": "akadmin"
    },
    "action": "authorize_application",
    "app": "authentik.providers.oauth2.views.authorize",
    "context": {
        "geo": {
            "lat": 42.0,
            "city": "placeholder",
            "long": 42.0,
            "country": "placeholder",
            "continent": "placeholder"
        },
        "flow": "53287faa8a644b6cb124cb602a84282f",
        "scopes": "ak_proxy profile openid email",
        "http_request": {
            "args": {
                "query": "[...]"
            },
            "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/",
            "method": "GET"
        },
        "authorized_application": {
            "pk": "bed6a2495fdc4b2e8c3f93cb2ed7e021",
            "app": "authentik_core",
            "name": "Alertmanager",
            "model_name": "application"
        }
    },
    "client_ip": "::1",
    "created": "2023-02-15T10:02:48.615499Z",
    "expires": "2023-04-26T10:02:48.612809Z",
    "tenant": {
        "pk": "10800be643d44842ab9d97cb5f898ce9",
        "app": "authentik_tenants",
        "name": "Default tenant",
        "model_name": "tenant"
    }
}
```

</p>
</details>

### `source_linked`

A user links a source to their account

### `impersonation_started` / `impersonation_ended`

A user starts/ends impersonation, including the user that was impersonated

### `policy_execution`

A policy is executed (when a policy has "Execution Logging" enabled).

### `policy_exception` / `property_mapping_exception`

A policy or property mapping causes an exception

### `system_task_exception`

An exception occurred in a system task.

### `system_exception`

A general exception in authentik occurred.

### `configuration_error`

A configuration error occurs, for example during the authorization of an application

### `model_created` / `model_updated` / `model_deleted`

Logged when any model is created/updated/deleted, including the user that sent the request.

### `email_sent`

An email has been sent. Included is the email that was sent.

### `update_available`

An update is available
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00			`---`
			`title: Events`
			`---`

			`Events are authentik's built-in logging system. Whenever any of the following actions occur, an event is created:`

website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			`Certain information is stripped from events, to ensure no passwords or other credentials are saved in the log.`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			`If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info".`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			### `login`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			`A user logs in (including the source, if available)`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			`<details><summary>Example</summary>`
			`<p>`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			```json
			`{`
			`"pk": "f00f54e7-2b38-421f-bc78-e61f950048d6",`
			`"user": {`
			`"pk": 1,`
			`"email": "root@localhost",`
			`"username": "akadmin"`
			`},`
			`"action": "login",`
			`"app": "authentik.events.signals",`
			`"context": {`
			`"auth_method": "password",`
			`"http_request": {`
			`"args": {`
			`"query": "next=%2F"`
			`},`
			`"path": "/api/v3/flows/executor/default-authentication-flow/",`
			`"method": "GET"`
			`},`
			`"auth_method_args": {}`
			`},`
			`"client_ip": "::1",`
			`"created": "2023-02-15T15:33:42.771091Z",`
			`"expires": "2024-02-15T15:33:42.770425Z",`
			`"tenant": {`
			`"pk": "fcba828076b94dedb2d5a6b4c5556fa1",`
			`"app": "authentik_tenants",`
			`"name": "Default tenant",`
			`"model_name": "tenant"`
			`}`
			`}`
			```
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			`</p>`
			`</details>`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			### `login_failed`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			`A failed login attempt`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			`<details><summary>Example</summary>`
			`<p>`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			```json
			`{`
			`"pk": "2779b173-eb2a-4c2b-a1a4-8283eda308d7",`
			`"user": {`
			`"pk": 2,`
			`"email": "",`
			`"username": "AnonymousUser"`
			`},`
			`"action": "login_failed",`
			`"app": "authentik.events.signals",`
			`"context": {`
			`"stage": {`
			`"pk": "7e88f4a991c442c1a1335d80f0827d7f",`
			`"app": "authentik_stages_password",`
			`"name": "default-authentication-password",`
			`"model_name": "passwordstage"`
			`},`
			`"password": "********************",`
			`"username": "akadmin",`
			`"http_request": {`
			`"args": {`
			`"query": "next=%2F"`
			`},`
			`"path": "/api/v3/flows/executor/default-authentication-flow/",`
			`"method": "POST"`
			`}`
			`},`
			`"client_ip": "::1",`
			`"created": "2023-02-15T15:32:55.319608Z",`
			`"expires": "2024-02-15T15:32:55.314581Z",`
			`"tenant": {`
			`"pk": "fcba828076b94dedb2d5a6b4c5556fa1",`
			`"app": "authentik_tenants",`
			`"name": "Default tenant",`
			`"model_name": "tenant"`
			`}`
			`}`
			```

			`</p>`
			`</details>`

			### `logout`

			`A user logs out.`

			`<details><summary>Example</summary>`
			`<p>`

			```json
			`{`
			`"pk": "474ffb6b-77e3-401c-b681-7d618962440f",`
			`"user": {`
			`"pk": 1,`
			`"email": "root@localhost",`
			`"username": "akadmin"`
			`},`
			`"action": "logout",`
			`"app": "authentik.events.signals",`
			`"context": {`
			`"http_request": {`
			`"args": {`
			`"query": ""`
			`},`
			`"path": "/api/v3/flows/executor/default-invalidation-flow/",`
			`"method": "GET"`
			`}`
			`},`
			`"client_ip": "::1",`
			`"created": "2023-02-15T15:39:55.976243Z",`
			`"expires": "2024-02-15T15:39:55.975535Z",`
			`"tenant": {`
			`"pk": "fcba828076b94dedb2d5a6b4c5556fa1",`
			`"app": "authentik_tenants",`
			`"name": "Default tenant",`
			`"model_name": "tenant"`
			`}`
			`}`
			```

			`</p>`
			`</details>`

			### `user_write`

			`A user is written to during a flow execution.`

			`<details><summary>Example</summary>`
			`<p>`

			```json
			`{`
			`"pk": "d012e8af-cb94-4fa2-9e92-961e4eebc060",`
			`"user": {`
			`"pk": 1,`
			`"email": "root@localhost",`
			`"username": "akadmin"`
			`},`
			`"action": "user_write",`
			`"app": "authentik.events.signals",`
			`"context": {`
			`"name": "authentik Default Admin",`
			`"email": "root@localhost",`
			`"created": false,`
			`"username": "akadmin",`
			`"attributes": {`
			`"settings": {`
			`"locale": ""`
			`}`
			`},`
			`"http_request": {`
			`"args": {`
			`"query": ""`
			`},`
			`"path": "/api/v3/flows/executor/default-user-settings-flow/",`
			`"method": "GET"`
			`}`
			`},`
			`"client_ip": "::1",`
			`"created": "2023-02-15T15:41:18.411017Z",`
			`"expires": "2024-02-15T15:41:18.410276Z",`
			`"tenant": {`
			`"pk": "fcba828076b94dedb2d5a6b4c5556fa1",`
			`"app": "authentik_tenants",`
			`"name": "Default tenant",`
			`"model_name": "tenant"`
			`}`
			`}`
			```

			`</p>`
			`</details>`

			### `suspicious_request`

			`A suspicious request has been received (for example, a revoked token was used).`

			### `password_set`

			`A user sets their password.`

			### `secret_view`

			`A user views a token's/certificate's data.`

			### `secret_rotate`

			`A token was rotated automatically by authentik.`

			### `invitation_used`

			`An invitation is used.`

			### `authorize_application`

			`A user authorizes an application.`

			`<details><summary>Example</summary>`
			`<p>`

			```json
			`{`
			`"pk": "f52f9eb9-dc2a-4f1e-afea-ad5af90bf680",`
			`"user": {`
			`"pk": 1,`
			`"email": "root@localhost",`
			`"username": "akadmin"`
			`},`
			`"action": "authorize_application",`
			`"app": "authentik.providers.oauth2.views.authorize",`
			`"context": {`
			`"geo": {`
			`"lat": 42.0,`
			`"city": "placeholder",`
			`"long": 42.0,`
			`"country": "placeholder",`
			`"continent": "placeholder"`
			`},`
			`"flow": "53287faa8a644b6cb124cb602a84282f",`
			`"scopes": "ak_proxy profile openid email",`
			`"http_request": {`
			`"args": {`
			`"query": "[...]"`
			`},`
			`"path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/",`
			`"method": "GET"`
			`},`
			`"authorized_application": {`
			`"pk": "bed6a2495fdc4b2e8c3f93cb2ed7e021",`
			`"app": "authentik_core",`
			`"name": "Alertmanager",`
			`"model_name": "application"`
			`}`
			`},`
			`"client_ip": "::1",`
			`"created": "2023-02-15T10:02:48.615499Z",`
			`"expires": "2023-04-26T10:02:48.612809Z",`
			`"tenant": {`
			`"pk": "10800be643d44842ab9d97cb5f898ce9",`
			`"app": "authentik_tenants",`
			`"name": "Default tenant",`
			`"model_name": "tenant"`
			`}`
			`}`
			```

			`</p>`
			`</details>`

			### `source_linked`

			`A user links a source to their account`

			### `impersonation_started` / `impersonation_ended`

			`A user starts/ends impersonation, including the user that was impersonated`

			### `policy_execution`

			`A policy is executed (when a policy has "Execution Logging" enabled).`

			### `policy_exception` / `property_mapping_exception`

			`A policy or property mapping causes an exception`

			### `system_task_exception`

			`An exception occurred in a system task.`

			### `system_exception`

			`A general exception in authentik occurred.`

			### `configuration_error`

			`A configuration error occurs, for example during the authorization of an application`

			### `model_created` / `model_updated` / `model_deleted`

			`Logged when any model is created/updated/deleted, including the user that sent the request.`

			### `email_sent`

			`An email has been sent. Included is the email that was sent.`

			### `update_available`
docs: add docs for events and notifications 2021-01-12 22:32:07 +00:00
website/docs: update events page Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-02-15 15:44:13 +00:00			`An update is available`