Genesys Cloud - Developer Community!

 View Only

Sign Up

  • 1.  Audit API - SSO logout events missing

    Posted 2 days ago

    Hello,

    I want to use the Audit API in order to get the following audit events:

    a. When a user logged in to Genesys Cloud 

    b. When a user logged out from Genesys Cloud

    Single-sign on is configured and used. So, i am using the following API call with the appropriate body.

    POST /api/v2/audits/query

    {

      "serviceName": "PeoplePermissions",

      "filters": [

        {

          "property": "EntityType",

          "value": "UserSamlAuthentication"

        }

      ],

      "interval": "2026-05-06T12:00:00/2026-05-15T12:00:00"

    }

    The problem is that the returned result does not contain the logout events. Any ideas why that is happening? Note that we have already configured Single Logout URI under SSO settings in Genesys Cloud.

    Best Regards,

    Orestis


    #PlatformAPI

    ------------------------------
    Orestis Dimitropoulos
    ------------------------------


  • 2.  RE: Audit API - SSO logout events missing

    Posted 2 days ago

    Hi Orestis,

    From my understanding, this may actually be expected behaviour rather than an issue with your query.

    The Audit APIs do support SAML authentication auditing, however the logging appears to be primarily focused on authentication/login events and failures rather than all logout scenarios.

    One important detail is that SSO logout behaviour can vary depending on how the session ends:

    - Genesys initiated logout
    - IdP initiated logout
    - session timeout
    - browser/session closure

    In many SAML environments, the actual session termination happens at the Identity Provider side, and it does not always appear to generate a corresponding logout audit event inside Genesys Cloud.

    I also found this released update around SAML authentication auditing:
    Audit SAML authentications

    Notably, it discusses authentication attempts/failures/successes, but I could not find explicit mention of SAML logout audit events being emitted consistently through the Audit API.

    An alternative approach you could potentially consider is tracking user Offline transitions via the Analytics/User Presence APIs, since explicit logout events do not appear to be universally exposed through the same audit.

    Hope this helps and someone might add more to this.



    ------------------------------
    Phaneendra
    Technical Solutions Consultant
    ------------------------------

    Original Message


  • 3.  RE: Audit API - SSO logout events missing

    Posted 2 days ago

    Hi @Orestis Dimitropoulos and @Phaneendra Avatapalli,

    I ran a test specifically in Entra ID and noticed it records the "SingleLogout" action in the audit logs when Single Logout (SLO) is also configured in the SSO setup.
    https://developer.genesys.cloud/platform/audit/actioncatalog#peoplepermissions
     
    In Entra ID, there is a field called "Logout URL (Optional)" with the description:
    "This URL is used to send the SAML logout response back to the application."
    When this field is populated with the logout URL shown in the Genesys Cloud SSO configuration (for example: https://login.mypurecloud.com/saml/logout), I can see the SingleLogout event recorded in the audit logs.
        {
      "id": "7056XXXX-XXXX-XXXX-XXXX-XXXX2d09XXXX",
      "user": {},
      "client": {
        "id": ""
      },
      "remoteIp": [],
      "serviceName": "PeoplePermissions",
      "level": "SYSTEM",
      "eventDate": "2026-05-15T16:26:44Z",
      "message": {
        "localizableMessageCode": "USER_SINGLE_LOGOUT_SUCCESS",
        "message": "successful single logout request by user",
        "messageWithParams": "",
        "messageParams": {}
      },
      "action": "SingleLogout",
      "entity": {
        "id": "unknown",
        "name": "email@email.com"
      },
      "entityType": "UserSamlAuthentication",
      "status": "SUCCESS",
      "application": "",
      "initiatingAction": {},
      "transactionInitiator": false,
      "propertyChanges": [],
      "context": {
        "correlation_id": "XXXX9a45-XXXX-XXXX-XXXX-XXXX914eXXXX"
      },
      "entityChanges": []
    }
    However, if I remove that value and perform a logout, I don't see the logout record in the audit logs.
    I recommend checking with the team responsible for the SSO configuration whether there is any parameter on their side that prevents returning the logout information (SAML logout response) back to the application.
     
    Note: Based on my tests, with or without this parameter, the agent is still logged out from Genesys Cloud normally. So I believe this impacts audit visibility more than the logout behavior itself.


    ------------------------------
    Elisson Fernandes
    ------------------------------

    Original Message


  • 4.  RE: Audit API - SSO logout events missing

    Posted 2 days ago

    Hi Elisson,

    Thank you for testing and sharing the detailed findings.

    This is really useful information and helps clarify that the SingleLogout audit event can in fact be generated under the UserSamlAuthentication entity when the SAML logout response is properly returned back to Genesys Cloud.

    The Entra ID Logout URL configuration detail is especially valuable here. It sounds like the logout operation itself may still work without it, but the audit visibility depends on the IdP successfully returning the SAML logout response back to Genesys Cloud.

    Really appreciate you sharing the example payload and configuration behaviour differences.



    ------------------------------
    Phaneendra
    Technical Solutions Consultant
    ------------------------------

    Original Message


Related Content