Fetch information for a specific Auth log session

200

An Auth Log Session is a summarization of an end-user's experience
when signing into apps via Kolide Device Trust authentication. An
Auth Log Session is created when an end-user is first redirected to
Kolide to complete the Device Trust authentication flow and is
updated as the end-user or the system perform actions during the
session. These actions are considered Auth Log Events and are
associated with the Auth Log Session.

Response body

object

string

The canonical identifier for this auth session

timestamp

date-time

The timestamp representing the start of the auth event

person_name

string

The name of the person triggering the event

person_email

string

The email address of the person triggering the event

person_info

object

Information for fetching the complete data on the person triggering this event

identifier

string

the canonical identifier for this object

location

url

the API URL where complete information about this object can be found

device_info

object

Information for fetching the complete data on the device triggering this event

identifier

string

the canonical identifier for this object

location

url

the API URL where complete information about this object can be found

result

string

The result of the authentication attempt

Success Fail

initial_status

string

The initial auth status of the device attempting authentication.
One of 'all_good', 'will_Block', 'blocked' or 'unknown' if no
device was detected. "

ip_address

string

IP address of the request initiating this event. May be IPv4 or IPv6

agent_version

string

Version of the Kolide Agent running on the endpoint if known

country

string

The name of the country that the session originated from. This
location data is determined via IP address, and is subject to
the limitations of IP geocoding. See
https://www.kolide.com/docs/admins/auth-logs for details
on location accuracy.

city

string

City that the session originated from. This location data is
determined via IP address, and is subject to the limitations of
IP geocoding. See https://www.kolide.com/docs/admins/auth-logs
for details on location accuracy.

browser_name

string

The common name of the browser used to initiate this session.
See https://www.kolide.com/docs/admins/auth-logs for
details on browser detection accuracy.

browser_user_agent

string

The user agent information for the browser used to initiate this
session. See https://www.kolide.com/docs/admins/auth-logs
for details on browser detection accuracy.

issues_displayed

array of objects

A list of Issue titles & blocking status that were displayed to the end user

issues_displayed

object

title

string

The title of the Issue

blocking_status

string

The blocking status of the Issue - either 'blocked' or 'will_block'

string

canonical identifier for the issue

link

string

API URL where complete information about this issue can be found

events

array of objects

The events that occured during this authentication session

events

object

timestamp

date-time

The timestamp representing the start of the auth event

event_type

string

The specific event type. Possibilities documented at https://app.kolide.com/docs/admins/auth-logs#event-types

event_description

string

A brief description of the event

401An 'unauthorized' response may occur for features restricted by or unavailable to your organization

403A 'forbidden' response may occur if the API key does not have necessary permissions to perform certain actions