00ueuc93x4Cm8One20h1.5251321845916467E12 (Customer) asked a question.
AuthenticatorEnrollment target in core.user.factor.attempt_success
For event type 'core.user.factor.attempt_success', it sometime has two target with the second target of type AuthenticatorEnrollment. Under what circumstance is this trigged?
We sees core.user.factor.attempt_success from the same user alternating between this two targets event format (AuthenticatorEnrollment) and other format using the same factor (webauthn).
I don't think the user was keeping re-enroll the same factor. So can you help explain?
Hello,
George here, thank you for contacting Okta on this matter.
After multiple attempts to reproduce this, I was not able to. I did more research on this and there are some other reports of this issue and our engineering team came back, on other instances, reporting that this is expected behavior, and happening from time to time caused by the integration of System log v1 and v2. Bringing this to the basics, we are seeing the same event twice, one from v1 and one from v2.
If you do decide this issue needs to be further investigated please feel free and open a support case with our engineers.
Thank you.