Issue Summary

Tuning audit log (System Administration --> Audit Log --> Settings --> Security) to full will log user login activities. However, Jira doesn't capture the login event upon successful login during SSO 2.0/SAML/OIDC login. At the same time, such an event could be captured during failed login attempt using Embedded Crowd (Jira Internal Directory) or an external user directory (used Microsoft AD for my tests). It will be good to capture login activities for SSO users as well.

Steps to Reproduce
1) Integrate Jira with SSO 2.0/SAML/OIDC and also any external directory (tested on Jira version 9.0)
2) Change audit log (System Administration --> Audit Log --> Settings --> Security) to full.
3) Perform login actions for internal directory users, external directory users and also SSO users.
4) Login success event will be captured for all users except SSO users. Logout will be captured for all including SSO users.

Expected Results
Audit captures successful or failed login event

Actual Results
Audit only captures log out. Login success and failures are not capture when using SSO.

The old Jira 8.8 Audit log guide had a comment that:

Currently, the audit log can only track User failed to log in events if the authentication does not involve a redirect to an external identity provider. If a user tries to log in using SSO and fails, this event will not be logged. Most identity providers track these events in their own audit logs.

So, current behaviour seems to be expected from the application's design but this limits Jira Audit log capabilities since such attempts will not be captured.