Genesys Cloud - Developer Community!

Hello,

I want to use the Audit API in order to get the following audit events:

a. When a user logged in to Genesys Cloud 

b. When a user logged out from Genesys Cloud

Single-sign on is configured and used. So, i am using the following API call with the appropriate body.

POST /api/v2/audits/query

{

  "serviceName": "PeoplePermissions",

  "filters": [

    {

      "property": "EntityType",

      "value": "UserSamlAuthentication"

    }

  ],

  "interval": "2026-05-06T12:00:00/2026-05-15T12:00:00"

}

The problem is that the returned result does not contain the logout events. Any ideas why that is happening? Note that we have already configured Single Logout URI under SSO settings in Genesys Cloud.

Best Regards,

Orestis

Hi Orestis,

From my understanding, this may actually be expected behaviour rather than an issue with your query.

The Audit APIs do support SAML authentication auditing, however the logging appears to be primarily focused on authentication/login events and failures rather than all logout scenarios.

One important detail is that SSO logout behaviour can vary depending on how the session ends:

- Genesys initiated logout
- IdP initiated logout
- session timeout
- browser/session closure

In many SAML environments, the actual session termination happens at the Identity Provider side, and it does not always appear to generate a corresponding logout audit event inside Genesys Cloud.

I also found this released update around SAML authentication auditing:
Audit SAML authentications

Notably, it discusses authentication attempts/failures/successes, but I could not find explicit mention of SAML logout audit events being emitted consistently through the Audit API.

An alternative approach you could potentially consider is tracking user Offline transitions via the Analytics/User Presence APIs, since explicit logout events do not appear to be universally exposed through the same audit.

Hope this helps and someone might add more to this.