SSO

sso

The Single Sign-On (SSO) object provides a structure for normalizing SSO attributes, configuration, and/or settings from Identity Providers.

Attributes

CaptionNameTypeDescription
Auth Protocolauth_protocolString

The authorization protocol as defined by the caption of auth_protocol_id. In the case of Other, it is defined by the event source.

Auth Protocol IDauth_protocol_idInteger

The normalized identifier of the authentication protocol used by the SSO resource.

  • 0: Unknown (UNKNOWN)
  • 1: NTLM (NTLM)
  • 10: RADIUS (RADIUS)
  • 11: Basic Authentication (BASIC_AUTHENTICATION)
  • 2: Kerberos (KERBEROS)
  • 3: Digest (DIGEST)
  • 4: OpenID (OPENID)
  • 5: SAML (SAML)
  • 6: OAUTH 2.0 (OAUTH_2.0)
  • 7: PAP (PAP)
  • 8: CHAP (CHAP)
  • 9: EAP (EAP)
  • 99: Other (OTHER)
SAML CertificatecertificateDigital Certificate[]

Digital Signature associated with the SSO resource, e.g., SAML X.509 certificate details.

Created Timecreated_timeTimestamp

When the SSO resource was created.

SSO Session Durationduration_minsInteger

The duration (in minutes) for an SSO session, after which re-authentication is required.

SSO Idle Timeoutidle_timeoutInteger

Duration (in minutes) of allowed inactivity before Single Sign-On (SSO) session expiration.

SSO Login Endpointlogin_endpointURL String

Entity:URL_STRING
URL for initiating an SSO login request.

SSO Logout Endpointlogout_endpointURL String

Entity:URL_STRING
URL for initiating an SSO logout request, allowing sessions to be terminated across applications.

SSO Metadata Endpointmetadata_endpointURL String

Entity:URL_STRING
URL where metadata about the SSO configuration is available (e.g., for SAML configurations).

Modified Timemodified_timeTimestamp

The most recent time when the SSO resource was updated.

NamenameString

The name of the SSO resource.

Supported Protocolprotocol_nameString

The supported protocol for the SSO resource. E.g., SAML or OIDC.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

ScopesscopesString[]

Scopes define the specific permissions or actions that the client is allowed to perform on behalf of the user. Each scope represents a different set of permissions, and the user can selectively grant or deny access to specific scopes during the authorization process.

Unique IDuidString

A unique identifier for a SSO resource.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Service Providervendor_nameString

Name of the vendor or service provider implementing SSO. E.g., Okta, Auth0, Microsoft.

Relationships

SSO shown in context

Inbound Relationships

These objects and events reference SSO in their attributes:

Outbound Relationships

SSO references the following objects and events in its attributes:

This page describes ocsf-1.4.0