# Audit

Audit log events.

## Account login method removed

 - [POST account-login-method-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/account-login-method-removed-event.md): A login method for an account has been removed

## Admin accepted invitation

 - [POST admin-accepted-invitation](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/admin-accepted-invitation-event.md): A new admin user has accepted the invitation.

## Admin enabled MFA

 - [POST admin-enabled-mfa](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/admin-enabled-mfa-event.md): An admin user has enabled MFA for their account.

## Admin exported data

 - [POST admin-exported-data](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/admin-exported-data-event.md): An admin user has exported data.

## Admin loaded data

 - [POST admin-loaded-data](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/admin-loaded-data-event.md): An admin user has loaded data.

Note: this event will only be emitted if extended admin audit logging is
enabled. Learn more

## Admin logged in

 - [POST admin-logged-in](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/admin-logged-in-event.md): An admin user has logged in.

## Admin removed

 - [POST admin-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/admin-removed-event.md): An admin user has been removed.

## Admin role updated

 - [POST admin-role-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/admin-role-updated-event.md): An admin user has updated another user's role.

## API key added

 - [POST api-key-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/api-key-added-event.md): An admin user has added a new API Key.

## API key removed

 - [POST api-key-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/api-key-removed-event.md): An admin user has removed an API Key.

## App approval status updated

 - [POST app-approval-status-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/app-approval-status-updated-event.md): The approval status of an app has been updated

## App labels added

 - [POST app-labels-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/app-labels-added-event.md): A set of labels has been added to one or more apps.

## App labels removed

 - [POST app-labels-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/app-labels-removed-event.md): A set of labels has been removed from one or more apps.

## App notes updated

 - [POST app-notes-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/app-notes-updated-event.md): The notes of an app have been updated

## App owner ID updated

 - [POST app-owner-id-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/app-owner-id-updated-event.md): The owner ID of an app has been updated

## App sensitivity level updated

 - [POST app-sensitivity-level-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/app-sensitivity-level-updated-event.md): The sensitivity level of an app has been updated

## Auto-licensing toggled

 - [POST auto-licensing-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/auto-licensing-toggled-event.md): An admin user has toggled the auto-licensing setting.

## Auto-unlicensing configuration updated

 - [POST automatic-unlicensing-configuration-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/automatic-unlicensing-configuration-updated-event.md): An admin user updated the automatic unlicensing configuration.

## Blocked URLs added

 - [POST blocked-urls-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/blocked-urls-added-event.md): A set of URLs has been added to the URL blocking configuration.

## Blocked URLs removed

 - [POST blocked-urls-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/blocked-urls-removed-event.md): A set of URLs has been removed from the URL blocking configuration.

## Blocked URLs URL schema obfuscation toggled

 - [POST blocked-urls-url-schema-obfuscation-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/blocked-urls-url-schema-obfuscation-toggled-event.md): The URL schema obfuscation setting for blocked URLs has been toggled.

## Browser extension enumeration toggled

 - [POST browser-extension-enumeration-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/browser-extension-enumeration-toggled-event.md): An admin user has enabled or disabled browser extension enumeration.

## Cloned login page detection ignored domains added

 - [POST cloned-login-page-detection-ignored-domains-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/cloned-login-page-detection-ignored-domains-added-event.md): A set of domains have been added to the list of ignored domains for the Cloned login page detection feature.

## Cloned login page detection ignored domains removed

 - [POST cloned-login-page-detection-ignored-domains-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/cloned-login-page-detection-ignored-domains-removed-event.md): A set of domains have been removed from the list of ignored domains for the Cloned login page detection feature.

## Control rule added

 - [POST control-rule-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/control-rule-added-event.md): An admin user has added a new control rule.

## Control rule updated

 - [POST control-rule-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/control-rule-updated-event.md): An admin user has updated a control rule.

## Control rule removed

 - [POST control-rule-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/control-rule-removed-event.md): An admin user has removed a control rule.

## Control rule toggled

 - [POST control-rule-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/control-rule-toggled-event.md): An admin user has enabled or disabled a control rule.

## Control rule reordered

 - [POST control-rule-reordered](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/control-rule-reordered-event.md): An admin user has reordered a new control rule.

## Custom login URL added

 - [POST custom-login-url-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/custom-login-url-added-event.md): A custom login URL has been added for an app.

## Custom login URL removed

 - [POST custom-login-url-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/custom-login-url-removed-event.md): A custom login URL has been removed for an app.

## Data retention configuration updated

 - [POST data-retention-configuration-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/data-retention-configuration-updated-event.md): An admin user updated the data retention configuration.

## Detection archive status updated

 - [POST detection-archived](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/detection-archive-status-updated-event.md): The archive status of a detection has been updated

## Detection classification updated

 - [POST detection-classification-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/detection-classification-updated-event.md): The classification of a detection has been updated

## Detection screenshots toggled

 - [POST detection-screenshots-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/detection-screenshots-toggled-event.md): An admin user has enabled or disabled detection screenshots.

## Domain enrichment toggled

 - [POST domain-enrichment-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/domain-enrichment-toggled-event.md): An admin user has enabled or disabled domain enrichment.

## Employees added to group

 - [POST employee-added-to-group](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/employees-added-to-group-event.md): An admin user has added one or more employees to a group.

## Employee disabled extension

 - [POST employee-disabled-extension](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/employee-disabled-extension-event.md): An employee has temporarily disabled the Push extension for a specific domain.

## Excluded extension domains added

 - [POST excluded-extension-domains-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/excluded-extension-domains-added-event.md): A set of domains have been added to the list of excluded browser extension domains to monitor.

## Extended audit logging toggled

 - [POST extended-audit-logs-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/extended-audit-logs-toggled-event.md): An admin user has enabled or disabled extended audit logging.

## Excluded extension domains removed

 - [POST excluded-extension-domains-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/excluded-extension-domains-removed-event.md): A set of domains have been removed from the list of excluded browser extension domains to monitor.

## Employee email updated

 - [POST employee-email-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/employee-email-updated-event.md): An admin user has updated the primary email of an employee.

## Employee name updated

 - [POST employee-name-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/employee-name-updated-event.md): An admin user has updated the first name and/or last name of an employee.

## Employee removed from group

 - [POST employee-removed-from-group](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/employee-removed-from-group-event.md): An admin user removed an employee from a group.

## Employees merged

 - [POST employees-merged](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/employees-merged-event.md): An admin user has merged a list of employees.

## Employees unmerged

 - [POST employees-unmerged](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/employees-unmerged-event.md): An admin user has unmerged one of the emails of an employee into a new employee.

## Integration added

 - [POST integration-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/integration-added-event.md): A new integration has been added.

## Integration completed

 - [POST integration-completed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/integration-completed-event.md): An integration has been successfully completed.

## Integration removed

 - [POST integration-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/integration-removed-event.md): A integration has been removed.

## Label updated

 - [POST label-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/label-updated-event.md): A label has been updated.

## Label removed

 - [POST label-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/label-removed-event.md): A label has been removed.

## Leaked password check toggled

 - [POST leaked-password-check-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/leaked-password-check-toggled-event.md): An admin user has toggled the leaked password check.

## License assigned

 - [POST license-assigned](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/license-assigned-event.md): One or more employees have been assigned a license.

## License removed

 - [POST license-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/license-removed-event.md): The license has been removed from one or more employees.

## Malicious copy paste detection ignored domains added

 - [POST malicious-copy-paste-detection-ignored-domains-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/malicious-copy-paste-detection-ignored-domains-added-event.md): A set of domains have been added to the list of ignored domains for the malicious copy and paste detection feature.

## Malicious copy paste detection ignored domains removed

 - [POST malicious-copy-paste-detection-ignored-domains-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/malicious-copy-paste-detection-ignored-domains-removed-event.md): A set of domains have been removed from the list of ignored domains for the malicious copy and paste detection feature.

## MFA tracking exclusions updated

 - [POST mfa-tracking-exclusions-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/mfa-tracking-exclusions-updated.md): The MFA tracking exclusions list has been updated

## Monitor all domains toggled

 - [POST monitor-all-domains-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/monitor-all-domains-toggled-event.md): An admin user has toggled the "Monitor all domains" setting.

## Monitored domains added

 - [POST monitored-domains-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/monitored-domains-added-event.md): A set of domains have been added to the list of monitored company domains.

## Monitored domains removed

 - [POST monitored-domains-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/monitored-domains-removed-event.md): A set of domains have been removed from the list of monitored company domains.

## Password protection URL masking toggled

 - [POST password-protection-hide-urls-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/password-protection-hide-urls-toggled-event.md): An admin user has toggled the password protection URL masking setting.

## Password protection ignore work apps toggled

 - [POST password-protection-ignore-work-apps-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/password-protection-ignore-work-apps-toggled-event.md): An admin user has toggled the "Ignore work apps" setting of the password protection feature.

## Password protection ignored domains added

 - [POST password-protection-ignored-domains-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/password-protection-ignored-domains-added-event.md): A set of domains have been added to the list of ignored domains for the password protection feature.

## Password protection ignored domains removed

 - [POST password-protection-ignored-domains-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/password-protection-ignored-domains-removed-event.md): A set of domains have been removed from the list of ignored domains for the password protection feature.

## Phishing tool detection ignored domains added

 - [POST phishing-tool-detection-ignored-domains-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/phishing-tool-detection-ignored-domains-added-event.md): A set of domains have been added to the list of ignored domains for the Phishing tool detection feature.

## Phishing tool detection ignored domains removed

 - [POST phishing-tool-detection-ignored-domains-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/phishing-tool-detection-ignored-domains-removed-event.md): A set of domains have been removed from the list of ignored domains for the Phishing tool detection feature.

## Reused password exceptions updated

 - [POST reused-password-finding-exceptions-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/reused-password-exceptions-updated.md): The reused password exceptions list has been updated

## SAML SSO added

 - [POST saml-sso-added-event](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/saml-sso-added-event.md): A SAML SSO connection has been added.

## SAML SSO completed

 - [POST saml-sso-completed-event](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/saml-sso-completed-event.md): A SAML SSO connection has been successfully setup and enabled.

## SAML SSO default role updated

 - [POST saml-sso-default-role-updated-event](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/saml-sso-default-role-updated-event.md): An admin updated the SAML SSO default role.

## Session theft domains added

 - [POST session-theft-domains-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/session-theft-domains-added-event.md): A set of domains have been added to the list of domains in which the session theft marker is injected.

## Session theft domains removed

 - [POST session-theft-domains-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/session-theft-domains-removed-event.md): A set of domains have been removed from the list of domains in which the session theft marker is injected.

## Session theft marker rotated

 - [POST session-theft-marker-rotated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/session-theft-marker-rotated-event.md): An admin user has rotated the session theft marker.

## Stolen credentials added

 - [POST stolen-credentials-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/stolen-credentials-added-event.md): A set of stolen credentials have been added.

## Stolen credentials removed

 - [POST stolen-credentials-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/stolen-credentials-removed-event.md): A set of stolen credentials have been removed.

## Stolen credentials mode updated

 - [POST stolen-credentials-mode-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/stolen-credentials-mode-updated-event.md): An admin user has updated the mode of the stolen credentials feature.

## Unsupported app support requested

 - [POST unsupported-app-support-requested](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/unsupported-app-support-requested-event.md): Support for an unsupported app has been requested.

## Unsupported app support request cancelled

 - [POST unsupported-app-support-request-cancelled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/unsupported-app-support-request-cancelled-event.md): Support request for an unsupported app has been cancelled.

## URL block page updated

 - [POST url-block-page-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/url-block-page-updated-event.md): An admin user updated the contents of the page shown when access to a URL is blocked by the URL blocking control.

## Weak password custom words added

 - [POST weak-password-custom-words-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/weak-password-custom-words-added-event.md): An admin user has added custom words to the weak password check.

## Weak password custom words removed

 - [POST weak-password-custom-words-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/weak-password-custom-words-removed-event.md): An admin user has removed custom words from the weak password check.

## Webhook added

 - [POST webhook-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/webhook-added-event.md): An admin user has configured a new webhook URL.

## Webhook removed

 - [POST webhook-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/webhook-removed-event.md): An admin user has removed a webhook URL.

## App banner configured (deprecated)

 - [POST app-banner-configured](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/app-banner-configured-event.md): An app banner was configured.

## App banner enabled (deprecated)

 - [POST app-banner-enabled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/app-banner-enabled-event.md): An app banner was enabled or disabled.

## MFA enforcement apps updated (deprecated)

 - [POST mfa-enforcement-apps-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/mfa-enforcement-apps-updated-event.md): An admin user has updated which apps the MFA enforcement control is enabled for.

## MFA enforcement settings updated (deprecated)

 - [POST mfa-enforcement-settings-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/mfa-enforcement-settings-updated-event.md): An admin user has updated the MFA enforcement control settings.

## Phishing tool detection page updated (deprecated)

 - [POST phishing-tool-detection-page-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/phishing-tool-detection-page-updated-event.md): An admin user has updated the page settings of the Phishing tool detection feature.

## Phishing tool detection mode updated (deprecated)

 - [POST phishing-tool-detection-mode-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/phishing-tool-detection-mode-updated-event.md): An admin user has updated the mode of the Phishing tool detection feature.

## SSO password protection ignored domains added (deprecated)

 - [POST sso-password-protection-ignored-domains-added](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/sso-password-protection-ignored-domains-added-event.md): A set of domains have been added to the list of ignored domains for the SSO password protection feature.

## SSO password protection ignored domains removed (deprecated)

 - [POST sso-password-protection-ignored-domains-removed](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/sso-password-protection-ignored-domains-removed-event.md): A set of domains have been removed from the list of ignored domains for the SSO password protection feature.

## SSO password protection ignore work apps toggled (deprecated)

 - [POST sso-password-protection-ignore-work-apps-toggled](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/sso-password-protection-ignore-work-apps-toggled-event.md): An admin user has toggled the "Ignore work apps" setting of the SSO password protection feature.

## SSO password protection mode updated (deprecated)

 - [POST sso-password-protection-mode-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/sso-password-protection-mode-updated-event.md): An admin user has updated the mode of the SSO password protection feature.

## SSO password protection page updated (deprecated)

 - [POST sso-password-protection-page-updated](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/sso-password-protection-page-updated-event.md): An admin user has updated the page settings of the SSO password protection feature.

## SSO password protection URL masking toggled (deprecated)

 - [POST sso-password-protection-url-masking-toggled-event](https://push-security-prd-ba8f0f76-a2d2-42f5-aea2-d421.redocly.app/webhooks-v1/audit/sso-password-protection-url-masking-toggled-event.md): An admin user has toggled the password protection URL masking setting.