Guides

SSO

Suggest Edits

sso

The Single Sign-On (SSO) object provides a structure for normalizing SSO attributes, configuration, and/or settings from Identity Providers.

Attributes

CaptionNameTypeDescription
Auth Protocol auth_protocol String The authorization protocol as defined by the caption of auth_protocol_id. In the case of Other, it is defined by the event source.
Auth Protocol ID auth_protocol_id Integer The normalized identifier of the authentication protocol used by the SSO resource.
  • 0: Unknown (UNKNOWN)
  • 1: NTLM (NTLM)
  • 2: Kerberos (KERBEROS)
  • 3: Digest (DIGEST)
  • 4: OpenID (OPENID)
  • 5: SAML (SAML)
  • 6: OAUTH 2.0 (OAUTH_2.0)
  • 7: PAP (PAP)
  • 8: CHAP (CHAP)
  • 9: EAP (EAP)
  • 10: RADIUS (RADIUS)
  • 11: Basic Authentication (BASIC_AUTHENTICATION)
  • 99: Other (OTHER)
SAML Certificate certificate Digital Certificate[] Digital Signature associated with the SSO resource, e.g., SAML X.509 certificate details.
Created Time created_time Timestamp When the SSO resource was created.
Created Time created_time_dt Datetime When the SSO resource was created.
SSO Session Duration duration_mins Integer The duration (in minutes) for an SSO session, after which re-authentication is required.
SSO Idle Timeout idle_timeout Integer Duration (in minutes) of allowed inactivity before Single Sign-On (SSO) session expiration.
SSO Login Endpoint login_endpoint URL String URL for initiating an SSO login request.
SSO Logout Endpoint logout_endpoint URL String URL for initiating an SSO logout request, allowing sessions to be terminated across applications.
SSO Metadata Endpoint metadata_endpoint URL String URL where metadata about the SSO configuration is available (e.g., for SAML configurations).
Modified Time modified_time Timestamp The most recent time when the SSO resource was updated.
Modified Time modified_time_dt Datetime The most recent time when the SSO resource was updated.
Name name String The name of the SSO resource.
Supported Protocol protocol_name String The supported protocol for the SSO resource. E.g., SAML or OIDC.
Raw Data raw_data String The raw event/finding data as received from the source.
Record ID record_id String Unique identifier for the object
Scopes scopes String[] Scopes define the specific permissions or actions that the client is allowed to perform on behalf of the user. Each scope represents a different set of permissions, and the user can selectively grant or deny access to specific scopes during the authorization process.
Unique ID uid String A unique identifier for a SSO resource.
Unmapped Data unmapped Object[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Service Provider vendor_name String Name of the vendor or service provider implementing SSO. E.g., Okta, Auth0, Microsoft.

Relationships

SSO shown in context

Inbound Relationships

These objects and events reference SSO in their attributes:

Outbound Relationships

SSO references the following objects and events in its attributes:

This page describes qdm-1.4.0+ocsf-1.4.0

Updated 5 days ago