Outcome output for failures
The outcome element provides more detailed information about the authentication failure. The following snippet of an audit event shows the outcome element:<outcome status="320938184" reason="authenticationFailure">The following list explains the meaning for the reason attribute of the outcome element:
- accountDisabled
- The account is disabled.
- accountDisabledRetryViolation
- The account was disabled because of a violation of the max-login-failures policy. The account was permanently disabled.
- accountExpired
- The account is expired or disabled.
- accountLockedOutMaxLoginFail
- The login failed because the account is temporarily disabled due to the max-login-failures policy.
- authenticationFailure
- General authentication failure, including incorrect password.
- certificateFailure
- Incorrect SSL certificate.
- invalidUserName
- Incorrect user name.
- nextToken
- Token authentication requires next token.
- passwordExpired
- The password expired and must be changed.
- pinRequired
- Token authentication requires a new PIN (personal identification number).
- policyViolationMaxLotginsReached
- Violation of the max-concurrent-web-session policy.
- policyViolationTOD
- Violation of the time-of-day policy.
- userNameMismatch
- Attempt at authentication or step-up authenticate failed because the user name that was provided did not match the previous user name.
Parent topic: Authentication failures