Identity Provider

idp

The Identity Provider object contains detailed information about a provider responsible for creating, maintaining, and managing identity information while offering authentication services to applications. An Identity Provider (IdP) serves as a trusted authority that verifies the identity of users and issues authentication tokens or assertions to enable secure access to applications or services.

Attributes

CaptionNameTypeDescription
Authentication Factors auth_factors Authentication Factor[] The Authentication Factors object describes the different types of Multi-Factor Authentication (MFA) methods and/or devices supported by the Identity Provider.
Domain domain String The primary domain associated with the Identity Provider.
Certificate Fingerprint fingerprint Fingerprint[] Entity:FINGERPRINT
The fingerprint of the X.509 certificate used by the Identity Provider.
MFA Enforced has_mfa Boolean The Identity Provider enforces Multi Factor Authentication (MFA).
Issuer Details issuer String The unique identifier (often a URL) used by the Identity Provider as its issuer.
Name name String The name of the Identity Provider.
Supported Protocol protocol_name String The supported protocol of the Identity Provider. E.g., SAML, OIDC, or OAuth2.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
SCIM scim SCIM[] The System for Cross-domain Identity Management (SCIM) resource object provides a structured set of attributes related to SCIM protocols used for identity provisioning and management across cloud-based platforms. It standardizes user and group provisioning details, enabling identity synchronization and lifecycle management with compatible Identity Providers (IdPs) and applications. SCIM is defined in RFC-7634
SSO sso SSO[] The Single Sign-On (SSO) object provides a structure for normalizing SSO attributes, configuration, and/or settings from Identity Providers.
State state String The configuration state of the Identity Provider, normalized to the caption of the state_id value. In the case of Other, it is defined by the event source.
State ID state_id Integer The normalized state ID of the Identity Provider to reflect its configuration or activation status.
  • 0: Unknown (UNKNOWN)
  • 1: Active (ACTIVE)
  • 2: Suspended (SUSPENDED)
  • 3: Deprecated (DEPRECATED)
  • 4: Deleted (DELETED)
  • 99: Other (OTHER)
Tenant UID tenant_uid String The tenant ID associated with the Identity Provider.
Unique ID uid String The unique identifier of the Identity Provider.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.
Configuration URL url_string URL String Entity:URL_STRING
The URL for accessing the configuration or metadata of the Identity Provider.

Relationships

Identity Provider shown in context

Inbound Relationships

These objects and events reference Identity Provider in their attributes:

Outbound Relationships

Identity Provider references the following objects and events in its attributes:

This page describes ocsf-1.4.0