Monitor Identity Verification History

The text the user sees on the page or in Salesforce Authenticator when prompted to verify identity. For example, if identity verification is required for a user’s login, the user sees “You’re trying to Log In to Salesforce.” In this case, the activity message is “Log In to Salesforce.” If the user activity is “Apex-defined activity,” the activity message can be a custom description passed by an Apex method. If the user is verifying identity using Salesforce Authenticator 2.0 or later, the custom description appears in the app and in Identity Verification History. If the custom description isn’t specified, Identity Verification History shows the name of the Apex method.

If the user attempted to access a connected app, but the app was renamed or deleted after the verification attempt, this field shows the original connected app name.

The identity verification security policy or setting.

• Apex method—Identity verification made by a verification Apex method.
• Device activation—Identity verification required for users logging in from an unrecognized device or new IP address. This verification is part of Salesforce’s risk-based authentication.
• Lightning Login enrollment—Identity verification required for users enrolling in Lightning Login. This verification is triggered when the user attempts to enroll. Users are eligible to enroll if they have the Lightning Login User user permission and the org has enabled Allow Lightning Login in Session Settings.
• High assurance session required—High assurance session required for resource access. This verification is triggered when the user tries to access a resource, such as a connected app, report, or dashboard, that requires a high-assurance session level.
• Lightning Login login—Identity verification required for internal users logging in via Lightning Login. This verification is triggered when the enrolled user attempts to log in. Users are eligible to log in if they have the Lightning Login User user permission and have successfully enrolled in Lightning Login. Also, from Session Settings in Setup, Allow Lightning Login must be enabled.
• Profile session level policy—Session security level required at login. This verification is triggered by the Session security level required at login setting on the user’s profile.
• Multi-factor authentication required—Multi-factor authentication (formerly called two-factor authentication) required at login. This verification is triggered by the Multi-Factor Authentication for User Interface Logins user permission assigned to a custom profile. Or the user permission is included in a permission set that is assigned to a user.

The method by which the user attempted to verify identity in the verification event.

• Built-in authenticator—A built-in authenticator set up on the user’s device, such as Touch ID or Windows Hello, generated the required credentials.
• Email message—Salesforce sent an email with a verification code to the address associated with the user’s account.
• Lightning Login enrollment—Salesforce Authenticator sent a notification to the user’s mobile device to enroll in Lightning Login.
• One-time password—An authenticator app generated a time-based, one-time password (TOTP) on the user’s mobile device.
• Lightning Login login—Salesforce Authenticator sent a notification to the user’s mobile device to approve login via Lightning Login.
• Salesforce Authenticator—Salesforce Authenticator sent a notification to the user’s mobile device to verify account activity.
• Temporary verification code—A Salesforce admin or a user with the Manage Multi-Factor Authentication in User Interface permission generated a temporary verification code for the user.
• Text message—Salesforce sent a text message with a verification code to the user’s mobile device. SMS messaging requires a Salesforce add-on license for Identity Verification Credits.
• U2F security key—A U2F security key generated required credentials for the user.

The status of the identity verification attempt.

• Access denied—The user denied the approval request in the authenticator app, such as Salesforce Authenticator.
• Access denied: Flagged by user—The user denied the approval request in the authenticator app, such as Salesforce Authenticator, and also flagged the approval request to report to an administrator.
• Failed: General error—An error caused by something other than an invalid verification code, too many verification attempts, or authenticator app connectivity.
• Failed: Invalid verification code—The user entered an invalid verification code.
• Failed: Recoverable error—Salesforce can’t reach the authenticator app to verify identity, but it continues to retry.
• Failed: Too many attempts—The user attempted to verify identity too many times. For example, the user entered an invalid verification code repeatedly.
• Succeeded—The user’s identity was verified.
• Succeeded: Automated response—Salesforce Authenticator approved the request for access because the request came from a trusted location. After users enable location services in Salesforce Authenticator, they can designate trusted locations. When a user trusts a location for a particular activity, such as logging in from a recognized device, that activity is approved from the trusted location for as long as the location is trusted.
• User challenged; waiting for response—Salesforce challenged the user to verify identity and is waiting for the user to respond or for Salesforce Authenticator to send an automated response.

The action the user attempted that requires identity verification.

• Access a connected app—The user attempted to access a connected app.
• Access reports—The user attempted to access reports or dashboards.
• Apex-defined activity—The user attempted to access a Salesforce resource with a verification Apex method.
• Export and print reports—The user attempted to export or print reports or dashboards.
• Log in to Salesforce—The user attempted to log in.