About Mosaic activity events
Mosaic captures user and admin activity across your applications—whether triggered via APIs, SDKs, Journeys, or the Admin Portal—to give you visibility into identity-related actions for monitoring, auditing, and compliance. Activity events are grouped into three categories:
- User activity events – actions like logins, password resets, verification sessions, and consent decisions. See the user activity event list .
- Admin activity events – configuration changes made through the Admin Portal or APIs. See the admin activity event list .
- Event streaming-only events – cackend or system-level events available via APIs or integrations only (not visible in the Admin Portal). See Event Streaming .
You can access these events via the Admin Portal, API, or stream them to external systems for advanced analysis or integration.
Access and analyze activity events
You can access activity events through multiple channels, depending on your needs:
- Admin Portal For in-portal filtering, search, and analysis
- Event streaming : For exporting events to third-party systems
User activity events
Below is the list of user activity events captured by Mosaic.
Note
Some events are available via event streaming only and don't show up in the Admin Portal.
| Activity | Event type | Description |
|---|---|---|
| user_logout | Identity management | A user logged out. |
| create_user_failure | Identity management | A user creation attempt failed. |
| add_password | Identity management | A password was added to a user account. |
| authentication_succeeded | Identity management | A user successfully authenticated. |
| sms_sent | Identity management | An SMS message was sent. |
| user_login | Identity management | A user successfully logged in. |
| create_user | Identity management | A new user was created. |
| session_started | Identity verification | Indicates starting a verification session. |
| consent_approved | Identity verification | Indicates saving consent info. |
| verification_completed | Identity verification | A verification process was completed. |
| face_auth_session_completed | Identity verification | A face authentication session was completed. |
| verification_status_updated | Identity verification | Indicates the status of the internal verification process. |
| image_uploaded_info | Identity verification | Indicates an image upload, including metadata information (processing time, etc.). |
| error | Identity verification | Indicates an error on frontend, such as "something went wrong" page. |
| sdk_process_completed | Identity verification | An SDK process was successfully completed. |
| session_deleted | Identity verification | Indicates a session deletion (via API or by retention). |
| session_created | Identity verification | Indicates creating a new verification session. |
| image_capture_clicked | Identity verification | An image capture action was triggered. |
| image_uploaded | Identity verification | An image was uploaded. |
| page_loaded | Identity verification | Indicates a page load. |
| deny_by_restriction_criterion | Identity verification | Indicates the verification was rejected based on restriction criteria. |
| read_image_data | Identity verification | Image data was accessed. |
| allow_by_restriction_criterion | Identity verification | Indicates the verification can continue according to the restriction criteria. |
| verification_started | Identity verification | A verification process was initiated. |
| user_action_performed | Identity verification | Indicates an action was performed by the user, such as a button click. |
| redirect | Identity verification | Indicates redirection to callback URL. |
| face_auth_session_started | Identity verification | A face authentication session was initiated. |
| check_image_quality | Identity verification | Indicates checking the image quality after capturing an image. |
| journey_initiated | Journey | A orchestrated identity journey was initiated. |
| journey_completed_successfully | Journey | A orchestrated identity journey was completed successfully. |
| journey_completed__unsuccessfully | Journey | A orchestrated identity journey was completed unsuccessfully. |
| step_initiated | Journey | A {stepCategory} journey step ({stepName}) was initiated successfully. Note: applies to both user facing and server side steps. |
| step_completed | Journey | A {stepCategory} journey step ({stepName}) was executed successfully. Note: applies to both user facing and server side steps. |
| custom_activity | Journey | Custom activity recorded as part of a journey. |
| risk_recommendation | Fraud Prevention | Risk recommendation given to a user action |
To learn how to search and analyze these events in the Admin Portal, refer to View user activity events for filtering and grouping user logs.
Admin activity events
Admin logs include the following types of activity:
| Event | Description |
|---|---|
addAdmin |
A new admin user was created |
adminCreateTenant |
A new tenant was created |
adminLogin |
An admin user logged in |
adminLogout |
An admin user logged out |
adminUpdateTenant |
The tenant was modified |
adminUpdateUser |
An admin modified a user |
createApiToken |
An API token was created |
createApp |
An new app was created |
createMgmtApp |
A new management app was created |
createUser |
A new user was created |
deleteApiToken |
An API token was deleted |
deleteApp |
An app was deleted |
deleteMgmtApp |
A management app was deleted |
deleteUser |
A user was deleted |
editAuthSettings |
An app's authentication settings were modified |
editGeneralSettings |
General settings were modified |
removeAdmin |
An admin user was removed |
updateApp |
An app was modified |
updateMgmtApp |
A management app was modified |
editPreviewPolicy |
A preview policy was modified |
pushPolicyToProduction |
A preview policy was pushed to production |
To learn how to search and analyze these events in the Admin Portal, refer to View admin activity events for filtering and grouping user logs.