SSO

sso

The Single Sign-On (SSO) object provides a structure for normalizing SSO attributes, configuration, and/or settings from Identity Providers.

Attributes

CaptionNameTypeDescription
Auth Protocolauth_protocolStringThe authorization protocol as defined by the caption of auth_protocol_id. In the case of Other, it is defined by the event source.
Auth Protocol IDauth_protocol_idIntegerThe normalized identifier of the authentication protocol used by the SSO resource.
  • 0: Unknown (UNKNOWN)
  • 1: NTLM (NTLM)
  • 2: Kerberos (KERBEROS)
  • 3: Digest (DIGEST)
  • 4: OpenID (OPENID)
  • 5: SAML (SAML)
  • 6: OAUTH 2.0 (OAUTH_2.0)
  • 7: PAP (PAP)
  • 8: CHAP (CHAP)
  • 9: EAP (EAP)
  • 10: RADIUS (RADIUS)
  • 11: Basic Authentication (BASIC_AUTHENTICATION)
  • 12: LDAP (LDAP)
  • 99: Other (OTHER)
SAML CertificatecertificateDigital Certificate[]Digital Signature associated with the SSO resource, e.g., SAML X.509 certificate details.
Created Timecreated_timeTimestampWhen the SSO resource was created.
SSO Session Durationduration_minsIntegerThe duration (in minutes) for an SSO session, after which re-authentication is required.
SSO Idle Timeoutidle_timeoutIntegerDuration (in minutes) of allowed inactivity before Single Sign-On (SSO) session expiration.
SSO Login Endpointlogin_endpointURL StringEntity:URL_STRING

URL for initiating an SSO login request.
SSO Logout Endpointlogout_endpointURL StringEntity:URL_STRING

URL for initiating an SSO logout request, allowing sessions to be terminated across applications.
SSO Metadata Endpointmetadata_endpointURL StringEntity:URL_STRING

URL where metadata about the SSO configuration is available (e.g., for SAML configurations).
Modified Timemodified_timeTimestampThe most recent time when the SSO resource was updated.
NamenameStringThe name of the SSO resource.
Supported Protocolprotocol_nameStringThe supported protocol for the SSO resource. E.g., SAML or OIDC.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
ScopesscopesString[]Scopes define the specific permissions or actions that the client is allowed to perform on behalf of the user. Each scope represents a different set of permissions, and the user can selectively grant or deny access to specific scopes during the authorization process.
Unique IDuidStringA unique identifier for a SSO resource.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
Service Providervendor_nameStringName of the vendor or service provider implementing SSO. E.g., Okta, Auth0, Microsoft.

Relationships

SSO shown in context

Inbound Relationships

These objects and events reference SSO in their attributes:

Outbound Relationships

SSO references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0


Did this page help you?