Identity Provider

idp

The Identity Provider object contains detailed information about a provider responsible for creating, maintaining, and managing identity information while offering authentication services to applications. An Identity Provider (IdP) serves as a trusted authority that verifies the identity of users and issues authentication tokens or assertions to enable secure access to applications or services.

Attributes

CaptionNameTypeDescription
Authentication Factorsauth_factorsAuthentication Factor[]

The Authentication Factors object describes the different types of Multi-Factor Authentication (MFA) methods and/or devices supported by the Identity Provider.

DomaindomainString

The primary domain associated with the Identity Provider.

Certificate FingerprintfingerprintFingerprint[]

Entity:FINGERPRINT
The fingerprint of the X.509 certificate used by the Identity Provider.

MFA Enforcedhas_mfaBoolean

The Identity Provider enforces Multi Factor Authentication (MFA).

Issuer DetailsissuerString

The unique identifier (often a URL) used by the Identity Provider as its issuer.

NamenameString

The name of the Identity Provider.

Supported Protocolprotocol_nameString

The supported protocol of the Identity Provider. E.g., SAML, OIDC, or OAuth2.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

SCIMscimSCIM[]

The System for Cross-domain Identity Management (SCIM) resource object provides a structured set of attributes related to SCIM protocols used for identity provisioning and management across cloud-based platforms. It standardizes user and group provisioning details, enabling identity synchronization and lifecycle management with compatible Identity Providers (IdPs) and applications. SCIM is defined in RFC-7634

SSOssoSSO[]

The Single Sign-On (SSO) object provides a structure for normalizing SSO attributes, configuration, and/or settings from Identity Providers.

StatestateString

The configuration state of the Identity Provider, normalized to the caption of the state_id value. In the case of Other, it is defined by the event source.

State IDstate_idInteger

The normalized state ID of the Identity Provider to reflect its configuration or activation status.

  • 0: Unknown (UNKNOWN)
  • 1: Active (ACTIVE)
  • 2: Suspended (SUSPENDED)
  • 3: Deprecated (DEPRECATED)
  • 4: Deleted (DELETED)
  • 99: Other (OTHER)
Tenant UIDtenant_uidString

The tenant ID associated with the Identity Provider.

Unique IDuidString

The unique identifier of the Identity Provider.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Configuration URLurl_stringURL String

Entity:URL_STRING
The URL for accessing the configuration or metadata of the Identity Provider.

Relationships

Identity Provider shown in context

Inbound Relationships

These objects and events reference Identity Provider in their attributes:

Outbound Relationships

Identity Provider references the following objects and events in its attributes:

This page describes ocsf-1.4.0