Mosaic captures activity events across your applications—whether triggered via APIs, SDKs, Journeys, or the Admin Portal—to give you visibility into identity-related actions for monitoring, auditing, and compliance.
You can access activity events through multiple channels, depending on your needs:
Admin Portal: For in-portal filtering, search, and analysis:
- User activity dashboard: allows reviewing user actions like logins, password resets, and verification sessions. Additionally, it includes journey interaction events.
- Admin activity dashboard: allows reviewing configuration changes made through the Admin Portal or APIs.
- Journey analytics dashboard: focuses on journey-related events and allows in-depth research of how your journeys perform at scale.
Event streaming: For exporting events to third-party systems
To learn how to search and analyze these events in the Admin Portal, refer to Journey analytics.
| Event type | Description |
|---|---|
| Journey started | A journey was initiated. |
| Sub-journey started | A sub-journey was initiated. |
| Journey completed successfully | A journey or sub-journey has completed successfully. |
| Journey completed unsuccessfully | A journey or sub-journey has completed unsuccessfully. |
| Step started | A journey or sub-journey step was initiated successfully. |
| Step completed | A journey or sub-journey step has completed successfully. May include rich event data, for more see Report event data |
| Custom event | An event recorded as a result of the Log custom event step execution. This event includes custom data sent from the journey. |
| External connection call | A external connection was invoked. |
To learn how to search and analyze these events in the Admin Portal, refer to View user activity events.
| Event type | Description |
|---|---|
| User logout | A user logged out. |
| Create user failure | A user creation attempt failed. |
| Add password | A password was added to a user account. |
| Authentication succeeded | A user successfully authenticated. |
| SMS sent | An SMS message was sent. |
| User login | A user successfully logged in. |
| Create user | A new user was created. |
To learn how to search and analyze these events in the Admin Portal, refer to View user activity events.
| Event type | Description |
|---|---|
| Session started | Indicates starting a verification session. |
| Consent approved | Indicates saving consent info. |
| Verification completed | A verification process was completed. |
| Face auth session completed | A face authentication session was completed. |
| Verification status updated | Indicates the status of the internal verification process. |
| Image uploaded info | Indicates an image upload, including metadata information (processing time, etc.). |
| Error | Indicates an error on frontend, such as "something went wrong" page. |
| Sdk process completed | An SDK process was successfully completed. |
| Session deleted | Indicates a session deletion (via API or by retention). |
| Session created | Indicates creating a new verification session. |
| Image capture clicked | An image capture action was triggered. |
| Image uploaded | An image was uploaded. |
| Page loaded | Indicates a page load. |
| Deny by restriction criterion | Indicates the verification was rejected based on restriction criteria. |
| Read image data | Image data was accessed. |
| Allow by restriction criterion | Indicates the verification can continue according to the restriction criteria. |
| Verification started | A verification process was initiated. |
| User action performed | Indicates an action was performed by the user, such as a button click. |
| Redirect | Indicates redirection to callback URL. |
| Face auth session started | A face authentication session was initiated. |
| Check image quality | Indicates checking the image quality after capturing an image. |
To learn how to search and analyze these events in the Admin Portal, refer to View user activity events.
| Event type | Description |
|---|---|
| Risk recommendation | Risk recommendation given to a user action |
To learn how to search and analyze these events in the Admin Portal, refer to View admin activity events for filtering and grouping user logs.
| Event type | Description |
|---|---|
add_admin | A new admin user was created |
admin_create_tenant | A new tenant was created |
admin_login | An admin user logged in |
admin_logout | An admin user logged out |
admin_update_tenant | The tenant was modified |
admin_update_user | An admin modified a user |
admin_recovery_otp_code_generated | An admin generated a temporary access code for a user via the Admin Portal or journeys |
create_api_token | An API token was created |
enable_app_specific_signing_key | Token signing with an app-specific key was enabled |
disable_app_specific_signing_key | Token signing with an app-specific key was disabled |
create_app | An new app was created |
create_mgmt_app | A new management app was created |
create_user | A new user was created |
delete_api_token | An API token was deleted |
delete_app | An app was deleted |
delete_mgmt_app | A management app was deleted |
delete_user | A user was deleted |
edit_auth_settings | An app's authentication settings were modified |
edit_general_settings | General settings were modified |
remove_admin | An admin user was removed |
update_app | An app was modified |
update_mgmt_app | A management app was modified |
edit_preview_policy | A preview policy was modified |
push_policy_to_production | A preview policy was pushed to production |
Admin login outside ip allowlist | An admin user logged in from an IP address outside the configured allowlist |
Admin Magic Link login during SSO | An admin user logged in via magic link while SSO was enforced |