Add general authentication audit events to top-level group for Enterprise users

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Proposal

A group with Enterprise users should be capable of viewing authentication events for their enterprise users. Such as when a login occurred with standard or two-factor authentication or if an authentication failed.

Example events:

Signed in with STANDARD authentication
Signed in with TWO-FACTOR authentication
Failed to login with OTP authentication
User access locked
- User access locked - excessive failed login attempts
- User access locked - sign in from untrusted IP address
User access unlocked
{Provider} login failed
- GITHUB login failed
- GOOGLE_OAUTH2 login failed

Slack discussions:

https://gitlab.slack.com/archives/C079EHT9AMU/p1740698460029069?thread_ts=1740614512.094509&cid=C079EHT9AMU
https://gitlab.slack.com/archives/CLM1D8QR0/p1740688186827429

Edited Aug 18, 2025 by 🤖 GitLab Bot 🤖