Identity Provider Event Log
Identity Provider Event Log is a Setup page that records all single sign-on events where Salesforce acts as the identity provider.
Definition
Identity Provider Event Log is a Setup page that records all single sign-on events where Salesforce acts as the identity provider. It logs successful and failed authentication attempts, the target service provider, timestamps, and user details, providing an audit trail for SSO-related security monitoring.
In plain English
“Here's a simple way to think about it: the Identity Provider Event Log answers "did the SSO actually fire?" Every SSO transaction Salesforce processes - successful and failed - is logged with timestamp, user, target app, result. The honest record when an external app's logs disagree.”
Worked example
After a user reports being unable to SSO into the company's expense management tool, the admin at FinServe Bank checks the Identity Provider Event Log. She finds a failed assertion entry showing that the user's SAML attribute mapping was incorrect due to a name change. She updates the mapping and the user can successfully SSO again.
Why the Identity Provider Event Log answers "did the SSO actually fire?"
When Salesforce acts as an Identity Provider, every SSO transaction - successful and failed - flows through an event log. Identity Provider Event Log is the read-only Setup page that surfaces those events: timestamp, user, target service provider, result. For an admin debugging a flaky third-party login, this is often the only honest record of what Salesforce told the other side.
The reason it earns a place on the security team's bookmark list is that a service provider's "we never got the assertion" is sometimes accurate and sometimes not. This log answers definitively whether Salesforce sent it, when, and to which endpoint. Pair it with the receiving system's logs to find the gap, and use it as the audit trail for compliance questions about who logged into which downstream app.
How to set up Identity Provider Event Log
Identity Provider Event Log records every IdP login event when Salesforce is the IdP — successful and failed authentications to downstream apps. Useful when downstream apps report SSO failures and you need to confirm whether Salesforce sent a valid SAML assertion.
- Open Setup → Identity Provider Event Log
Setup gear → Quick Find: Identity Provider → Identity Provider Event Log.
- Review the list of IdP events
Each row: Application, User, Timestamp, Success / Failure, Service Provider URL.
- Identify failed authentications
Failed events have a Failure Reason — bad SAML response, user not authorized, service provider URL mismatch.
- Drill into individual events for the SAML payload
Detail page shows the SAML assertion sent. Useful for debugging downstream app's interpretation.
- Coordinate with downstream app admin if SAML payload looks correct but app rejects
Sometimes the issue is the downstream app's SAML expectations — clock skew, NameID format, attribute mappings.
Last 24h / 7d / 30d.
Success / Failed.
Drill to specific Connected App.
- IdP Event Log only logs Salesforce-as-IdP scenarios. Salesforce-as-SP (most common) logs to Login History instead — different page.
- Retention is ~30 days. Long-term audits need export to your SIEM.
- SAML payload includes potentially sensitive attributes. Don't share IdP Event Log details with non-admins; redact before export.
How organizations use Identity Provider Event Log
Diagnosed a partner-portal login issue by correlating Identity Provider Event Log with the partner's logs; gap was between Salesforce and the partner's identity processor.
Quarterly security reviews include the log; sustained error patterns surface before they become user-impacting outages.
Compliance audits use the log as evidence - every SSO event auditable per app, per user.
Test your knowledge
Q1. What is the primary benefit of Identity Provider Event Log for Salesforce administrators?
Q2. Can a Salesforce admin configure Identity Provider Event Log without writing code?
Q3. Why is understanding Identity Provider Event Log important for Salesforce admins?
Discussion
Loading discussion…