Monitoring User Actions Programmatically
This page contains a list of sample notifications that will be sent as a result of user management actions. These events can be used by enterprise security teams to monitor any changes in the VGS system. Details on how to configure and consume these notifications can be found in the Webhook Notifications section.
User Logged In
{
"description": "User logged in",
"details": {
"user_email": "[email protected]",
"user_ip": "100.151.54.26"
},
"event": "user.logged_in",
"grouping": "every_single",
"id": "ccd01bb2-e87f-4934-9a72-1367f5131905",
"integration_id": "INxxxxxxxxR31",
"occurrence": 1,
"org_id": "ACxxxxxxxxxxxxxxxxx2399",
"producer": {
"user_agent": "",
"user_email": "[email protected]"
},
"scope": "user",
"summary": "User \"[email protected]\" logged in",
"tenant": "ACxxxxxxxxxxxxxxxxx2399",
"timestamp": "2025-10-23T16:31:39.680Z"
}User Password Updated
{
"description": "User permissions updated",
"details": {
"user_email": "[email protected]",
"user_ip": "100.151.54.26"
},
"event": "user.permissions_updated",
"grouping": "every_single",
"id": "ccd01bb2-e87f-4934-9a72-1367f5131905",
"integration_id": "INxxxxxxxxR31",
"occurrence": 1,
"org_id": "ACxxxxxxxxxxxxxxxxx2399",
"producer": {
"user_agent": "",
"user_email": "[email protected]"
},
"scope": "user",
"summary": "User \"[email protected]\" updated permissions",
"tenant": "ACxxxxxxxxxxxxxxxxx2399",
"timestamp": "2025-10-23T16:31:39.680Z"
}
User Password Deleted
{
"description": "User permissions deleted",
"details": {
"user_email": "[email protected]",
"user_ip": "100.151.54.26"
},
"event": "user.permissions_deleted",
"grouping": "every_single",
"id": "ccd01bb2-e87f-4934-9a72-1367f5131905",
"integration_id": "INxxxxxxxxR31",
"occurrence": 1,
"org_id": "ACxxxxxxxxxxxxxxxxx2399",
"producer": {
"user_agent": "",
"user_email": "[email protected]"
},
"scope": "user",
"summary": "User \"[email protected]\" deleted permissions",
"tenant": "ACxxxxxxxxxxxxxxxxx2399",
"timestamp": "2025-10-23T16:31:39.680Z"
}User Password Updated
{
"description": "User password updated",
"details": {
"user_email": "[email protected]",
"user_ip": "100.151.54.26"
},
"event": "user.password_updated",
"grouping": "every_single",
"id": "ccd01bb2-e87f-4934-9a72-1367f5131905",
"integration_id": "INxxxxxxxxR31",
"occurrence": 1,
"org_id": "ACxxxxxxxxxxxxxxxxx2399",
"producer": {
"user_agent": "",
"user_email": "[email protected]"
},
"scope": "user",
"summary": "User \"[email protected]\" updated password",
"tenant": "ACxxxxxxxxxxxxxxxxx2399",
"timestamp": "2025-10-23T16:31:39.680Z"
}
User Enabled MFA
{
"description": "User enabled MFA",
"details": {
"user_email": "[email protected]",
"user_ip": "100.151.54.26"
},
"event": "user.mfa_created",
"grouping": "every_single",
"id": "ccd01bb2-e87f-4934-9a72-1367f5131905",
"integration_id": "INxxxxxxxxR31",
"occurrence": 1,
"org_id": "ACxxxxxxxxxxxxxxxxx2399",
"producer": {
"user_agent": "",
"user_email": "[email protected]"
},
"scope": "user",
"summary": "User \"[email protected]\" enabled MFA",
"tenant": "ACxxxxxxxxxxxxxxxxx2399",
"timestamp": "2025-10-23T16:31:39.680Z"
}User Disabled MFA
{
"description": "User disabled MFA",
"details": {
"user_email": "[email protected]",
"user_ip": "100.151.54.26"
},
"event": "user.mfa_deleted",
"grouping": "every_single",
"id": "ccd01bb2-e87f-4934-9a72-1367f5131905",
"integration_id": "INxxxxxxxxR31",
"occurrence": 1,
"org_id": "ACxxxxxxxxxxxxxxxxx2399",
"producer": {
"user_agent": "",
"user_email": "[email protected]"
},
"scope": "user",
"summary": "User \"[email protected]\" enabled MFA",
"tenant": "ACxxxxxxxxxxxxxxxxx2399",
"timestamp": "2025-10-23T16:31:39.680Z"
}Last updated