Webhooks
Sign In can push events to an external system over webhooks, so that authentication activity can be forwarded to a SIEM, a log-management platform such as Splunk, or a custom endpoint. This gives an organization real-time or batched insight into who is connecting and when, in its own tooling.
What is emitted
Section titled “What is emitted”Sign In publishes login and session events, including a successful captive-portal login and a resumed session (a remembered device that reconnected without user interaction). Each event carries the relevant context as structured JSON.
Delivery
Section titled “Delivery”- Destination: an HTTPS endpoint that the organization controls.
- Mode: events can be delivered in real time, or collected and delivered in batches. A batch is bounded by a maximum size and a delivery interval, whichever comes first.
- Security: a secret token can be attached so the receiver can verify that a delivery came from the platform, typically passed as an HTTP header.
- Resilience: if the receiving endpoint does not accept a delivery, the platform retries with an increasing back-off before marking the delivery failed.
Monitoring
Section titled “Monitoring”The Administration Portal shows each configured webhook, the events pending delivery (for batch mode), and a history of recent deliveries with their outcome, response code, and payload, so an administrator can confirm that events are reaching the destination and investigate any that failed.
Related sections
Section titled “Related sections”- Audit Log: the record of administrative configuration changes.
- Logging, Reporting, and Retention: the platform-wide logging and event model.