Identity Provider

idp

The Identity Provider object contains detailed information about a provider responsible for creating, maintaining, and managing identity information while offering authentication services to applications. An Identity Provider (IdP) serves as a trusted authority that verifies the identity of users and issues authentication tokens or assertions to enable secure access to applications or services.

Attributes

Caption	Name	Type	Description
Authentication Factors	`auth_factors`	Authentication Factor[]	The Authentication Factors object describes the different types of Multi-Factor Authentication (MFA) methods and/or devices supported by the Identity Provider.
Domain	`domain`	String	The primary domain associated with the Identity Provider.
Certificate Fingerprint	`fingerprint`	Fingerprint[]	Entity:`FINGERPRINT` The fingerprint of the X.509 certificate used by the Identity Provider.
MFA Enforced	`has_mfa`	Boolean	The Identity Provider enforces Multi Factor Authentication (MFA).
Issuer Details	`issuer`	String	The unique identifier (often a URL) used by the Identity Provider as its issuer.
Name	`name`	String	The name of the Identity Provider.
Supported Protocol	`protocol_name`	String	The supported protocol of the Identity Provider. E.g., `SAML`, `OIDC`, or `OAuth2`.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
SCIM	`scim`	SCIM[]	The System for Cross-domain Identity Management (SCIM) resource object provides a structured set of attributes related to SCIM protocols used for identity provisioning and management across cloud-based platforms. It standardizes user and group provisioning details, enabling identity synchronization and lifecycle management with compatible Identity Providers (IdPs) and applications. SCIM is defined in RFC-7634
SSO	`sso`	SSO[]	The Single Sign-On (SSO) object provides a structure for normalizing SSO attributes, configuration, and/or settings from Identity Providers.
State	`state`	String	The configuration state of the Identity Provider, normalized to the caption of the `state_id` value. In the case of `Other`, it is defined by the event source.
State ID	`state_id`	Integer	The normalized state ID of the Identity Provider to reflect its configuration or activation status. `0`: Unknown (`UNKNOWN`) `1`: Active (`ACTIVE`) `2`: Suspended (`SUSPENDED`) `3`: Deprecated (`DEPRECATED`) `4`: Deleted (`DELETED`) `99`: Other (`OTHER`)
Tenant UID	`tenant_uid`	String	The tenant ID associated with the Identity Provider.
Unique ID	`uid`	String	The unique identifier of the Identity Provider.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Configuration URL	`url_string`	URL String	Entity:`URL_STRING` The URL for accessing the configuration or metadata of the Identity Provider.

Relationships

Inbound Relationships

These objects and events reference Identity Provider in their attributes:

Outbound Relationships

Identity Provider references the following objects and events in its attributes:

This page describes ocsf-1.4.0