SSO

sso

The Single Sign-On (SSO) object provides a structure for normalizing SSO attributes, configuration, and/or settings from Identity Providers.

Attributes

Caption	Name	Type	Description
Auth Protocol	`auth_protocol`	String	The authorization protocol as defined by the caption of `auth_protocol_id`. In the case of `Other`, it is defined by the event source.
Auth Protocol ID	`auth_protocol_id`	Integer	The normalized identifier of the authentication protocol used by the SSO resource. `0`: Unknown (`UNKNOWN`) `1`: NTLM (`NTLM`) `10`: RADIUS (`RADIUS`) `11`: Basic Authentication (`BASIC_AUTHENTICATION`) `2`: Kerberos (`KERBEROS`) `3`: Digest (`DIGEST`) `4`: OpenID (`OPENID`) `5`: SAML (`SAML`) `6`: OAUTH 2.0 (`OAUTH_2.0`) `7`: PAP (`PAP`) `8`: CHAP (`CHAP`) `9`: EAP (`EAP`) `99`: Other (`OTHER`)
SAML Certificate	`certificate`	Digital Certificate[]	Digital Signature associated with the SSO resource, e.g., SAML X.509 certificate details.
Created Time	`created_time`	Timestamp	When the SSO resource was created.
SSO Session Duration	`duration_mins`	Integer	The duration (in minutes) for an SSO session, after which re-authentication is required.
SSO Idle Timeout	`idle_timeout`	Integer	Duration (in minutes) of allowed inactivity before Single Sign-On (SSO) session expiration.
SSO Login Endpoint	`login_endpoint`	URL String	Entity:`URL_STRING` URL for initiating an SSO login request.
SSO Logout Endpoint	`logout_endpoint`	URL String	Entity:`URL_STRING` URL for initiating an SSO logout request, allowing sessions to be terminated across applications.
SSO Metadata Endpoint	`metadata_endpoint`	URL String	Entity:`URL_STRING` URL where metadata about the SSO configuration is available (e.g., for SAML configurations).
Modified Time	`modified_time`	Timestamp	The most recent time when the SSO resource was updated.
Name	`name`	String	The name of the SSO resource.
Supported Protocol	`protocol_name`	String	The supported protocol for the SSO resource. E.g., `SAML` or `OIDC`.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Scopes	`scopes`	String[]	Scopes define the specific permissions or actions that the client is allowed to perform on behalf of the user. Each scope represents a different set of permissions, and the user can selectively grant or deny access to specific scopes during the authorization process.
Unique ID	`uid`	String	A unique identifier for a SSO resource.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Service Provider	`vendor_name`	String	Name of the vendor or service provider implementing SSO. E.g., `Okta`, `Auth0`, `Microsoft`.

Relationships

Inbound Relationships

These objects and events reference SSO in their attributes:

Identity Provider

Outbound Relationships

SSO references the following objects and events in its attributes:

This page describes ocsf-1.4.0