Class: Idp
The Identity Provider object contains detailed information about a provider
responsible for creating, maintaining, and managing identity information while
offering authentication services to applications. An Identity Provider (IdP)
serves as a trusted authority that verifies the identity of users and issues
authentication tokens or assertions to enable secure access to applications or
services.
URI: ocsf:Idp
classDiagram
class Idp
click Idp href "../Idp/"
Entity <|-- Idp
click Entity href "../Entity/"
Idp : auth_factors
Idp --> "*" AuthFactor : auth_factors
click AuthFactor href "../AuthFactor/"
Idp : domain
Idp : fingerprint
Idp --> "0..1" Fingerprint : fingerprint
click Fingerprint href "../Fingerprint/"
Idp : has_mfa
Idp : issuer
Idp : name
Idp : protocol_name
Idp : scim
Idp --> "0..1" Scim : scim
click Scim href "../Scim/"
Idp : sso
Idp --> "0..1" Sso : sso
click Sso href "../Sso/"
Idp : state
Idp : state_id
Idp --> "0..1" IdpStateIdEnum : state_id
click IdpStateIdEnum href "../IdpStateIdEnum/"
Idp : tenant_uid
Idp : uid
Idp : url_string
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| auth_factors | * AuthFactor |
The Authentication Factors object describes the different types of Multi-Fact... | direct |
| domain | 0..1 String |
The primary domain associated with the Identity Provider | direct |
| fingerprint | 0..1 Fingerprint |
The fingerprint of the X | direct |
| has_mfa | 0..1 Boolean |
The Identity Provider enforces Multi Factor Authentication (MFA) | direct |
| issuer | 0..1 String |
The unique identifier (often a URL) used by the Identity Provider as its | direct |
| name | 0..1 recommended String |
The name of the Identity Provider | direct |
| protocol_name | 0..1 String |
The supported protocol of the Identity Provider | direct |
| scim | 0..1 Scim |
The System for Cross-domain Identity Management (SCIM) resource object provid... | direct |
| sso | 0..1 Sso |
The Single Sign-On (SSO) object provides a structure for normalizing SSO | direct |
| state | 0..1 String |
The configuration state of the Identity Provider, normalized to the caption o... | direct |
| state_id | 0..1 IdpStateIdEnum |
The normalized state ID of the Identity Provider to reflect its configuration | direct |
| tenant_uid | 0..1 String |
The tenant ID associated with the Identity Provider | direct |
| uid | 0..1 recommended String |
The unique identifier of the Identity Provider | direct |
| url_string | 0..1 UrlT |
The URL for accessing the configuration or metadata of the Identity Provider | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Actor | idp | range | Idp |
| CloudResourcesInventoryInfo | idp | range | Idp |
In Subsets
Aliases
- Identity Provider
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Idp |
| native | ocsf:Idp |
LinkML Source
Direct
name: Idp
description: 'The Identity Provider object contains detailed information about a provider
responsible for creating, maintaining, and managing identity information while
offering authentication services to applications. An Identity Provider (IdP)
serves as a trusted authority that verifies the identity of users and issues
authentication tokens or assertions to enable secure access to applications or
services.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Identity Provider
is_a: Entity
slots:
- auth_factors
- domain
- fingerprint
- has_mfa
- issuer
- name
- protocol_name
- scim
- sso
- state
- state_id
- tenant_uid
- uid
- url_string
slot_usage:
auth_factors:
name: auth_factors
description: 'The Authentication Factors object describes the different types
of Multi-Factor
Authentication (MFA) methods and/or devices supported by the Identity Provider.'
domain:
name: domain
description: The primary domain associated with the Identity Provider.
fingerprint:
name: fingerprint
description: The fingerprint of the X.509 certificate used by the Identity Provider.
has_mfa:
name: has_mfa
description: The Identity Provider enforces Multi Factor Authentication (MFA).
issuer:
name: issuer
description: 'The unique identifier (often a URL) used by the Identity Provider
as its
issuer.'
name:
name: name
description: The name of the Identity Provider.
recommended: true
protocol_name:
name: protocol_name
description: 'The supported protocol of the Identity Provider. E.g., <code>SAML</code>,
<code>OIDC</code>, or <code>OAuth2</code>.'
state:
name: state
description: 'The configuration state of the Identity Provider, normalized to
the caption of
the <code>state_id</code> value. In the case of <code>Other</code>, it is
defined by the event source.'
state_id:
name: state_id
description: 'The normalized state ID of the Identity Provider to reflect its
configuration
or activation status.'
range: IdpStateIdEnum
tenant_uid:
name: tenant_uid
description: The tenant ID associated with the Identity Provider.
uid:
name: uid
description: The unique identifier of the Identity Provider.
recommended: true
url_string:
name: url_string
description: The URL for accessing the configuration or metadata of the Identity
Provider.
Induced
name: Idp
description: 'The Identity Provider object contains detailed information about a provider
responsible for creating, maintaining, and managing identity information while
offering authentication services to applications. An Identity Provider (IdP)
serves as a trusted authority that verifies the identity of users and issues
authentication tokens or assertions to enable secure access to applications or
services.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Identity Provider
is_a: Entity
slot_usage:
auth_factors:
name: auth_factors
description: 'The Authentication Factors object describes the different types
of Multi-Factor
Authentication (MFA) methods and/or devices supported by the Identity Provider.'
domain:
name: domain
description: The primary domain associated with the Identity Provider.
fingerprint:
name: fingerprint
description: The fingerprint of the X.509 certificate used by the Identity Provider.
has_mfa:
name: has_mfa
description: The Identity Provider enforces Multi Factor Authentication (MFA).
issuer:
name: issuer
description: 'The unique identifier (often a URL) used by the Identity Provider
as its
issuer.'
name:
name: name
description: The name of the Identity Provider.
recommended: true
protocol_name:
name: protocol_name
description: 'The supported protocol of the Identity Provider. E.g., <code>SAML</code>,
<code>OIDC</code>, or <code>OAuth2</code>.'
state:
name: state
description: 'The configuration state of the Identity Provider, normalized to
the caption of
the <code>state_id</code> value. In the case of <code>Other</code>, it is
defined by the event source.'
state_id:
name: state_id
description: 'The normalized state ID of the Identity Provider to reflect its
configuration
or activation status.'
range: IdpStateIdEnum
tenant_uid:
name: tenant_uid
description: The tenant ID associated with the Identity Provider.
uid:
name: uid
description: The unique identifier of the Identity Provider.
recommended: true
url_string:
name: url_string
description: The URL for accessing the configuration or metadata of the Identity
Provider.
attributes:
auth_factors:
name: auth_factors
description: 'The Authentication Factors object describes the different types
of Multi-Factor
Authentication (MFA) methods and/or devices supported by the Identity Provider.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Authentication Factors
rank: 1000
alias: auth_factors
owner: Idp
domain_of:
- Idp
- AccountChange
- Authentication
range: AuthFactor
multivalued: true
domain:
name: domain
description: The primary domain associated with the Identity Provider.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Domain
rank: 1000
alias: domain
owner: Idp
domain_of:
- Url
- Whois
- Endpoint
- Group
- HttpCookie
- Idp
- User
- Device
range: string
fingerprint:
name: fingerprint
description: The fingerprint of the X.509 certificate used by the Identity Provider.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Fingerprint
rank: 1000
alias: fingerprint
owner: Idp
domain_of:
- Hassh
- Idp
range: Fingerprint
has_mfa:
name: has_mfa
description: The Identity Provider enforces Multi Factor Authentication (MFA).
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- MFA Assigned
rank: 1000
alias: has_mfa
owner: Idp
domain_of:
- Idp
- User
range: boolean
issuer:
name: issuer
description: 'The unique identifier (often a URL) used by the Identity Provider
as its
issuer.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Issuer Details
rank: 1000
alias: issuer
owner: Idp
domain_of:
- Session
- Certificate
- Idp
range: string
name:
name: name
description: The name of the Identity Provider.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Idp
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
protocol_name:
name: protocol_name
description: 'The supported protocol of the Identity Provider. E.g., <code>SAML</code>,
<code>OIDC</code>, or <code>OAuth2</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Protocol Name
rank: 1000
alias: protocol_name
owner: Idp
domain_of:
- PortInfo
- Scim
- Sso
- Idp
- NetworkConnectionInfo
- EmailActivity
- TunnelActivity
- AirborneBroadcastActivity
- DroneFlightsActivity
range: string
scim:
name: scim
description: 'The System for Cross-domain Identity Management (SCIM) resource
object provides
a structured set of attributes related to SCIM protocols used for identity
provisioning and management across cloud-based platforms. It standardizes user
and group provisioning details, enabling identity synchronization and lifecycle
management with compatible Identity Providers (IdPs) and applications. SCIM
is
defined in <a target=''_blank''
href=''https://datatracker.ietf.org/doc/html/rfc7643''>RFC-7634</a>'
notes:
- 'System for Cross-domain Identity Management (SCIM) RFC. —
https://datatracker.ietf.org/doc/html/rfc7643'
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://datatracker.ietf.org/doc/html/rfc7643
aliases:
- SCIM
rank: 1000
alias: scim
owner: Idp
domain_of:
- Idp
range: Scim
sso:
name: sso
description: 'The Single Sign-On (SSO) object provides a structure for normalizing
SSO
attributes, configuration, and/or settings from Identity Providers.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- SSO
rank: 1000
alias: sso
owner: Idp
domain_of:
- Idp
range: Sso
state:
name: state
description: 'The configuration state of the Identity Provider, normalized to
the caption of
the <code>state_id</code> value. In the case of <code>Other</code>, it is
defined by the event source.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- State
rank: 1000
alias: state
owner: Idp
domain_of:
- QueryEvidence
- Scim
- SecurityState
- Analytic
- DigitalSignature
- Idp
- DeviceConfigStateChange
- NetworkConnectionQuery
- SecurityFinding
range: string
state_id:
name: state_id
annotations:
sibling:
tag: sibling
value: state
description: 'The normalized state ID of the Identity Provider to reflect its
configuration
or activation status.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- State ID
rank: 1000
alias: state_id
owner: Idp
domain_of:
- Scim
- SecurityState
- Analytic
- DigitalSignature
- Idp
- DeviceConfigStateChange
- NetworkConnectionQuery
- SecurityFinding
range: IdpStateIdEnum
tenant_uid:
name: tenant_uid
description: The tenant ID associated with the Identity Provider.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Tenant UID
rank: 1000
alias: tenant_uid
owner: Idp
domain_of:
- Token
- Idp
- Metadata
range: string
uid:
name: uid
description: The unique identifier of the Identity Provider.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Idp
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
url_string:
name: url_string
description: The URL for accessing the configuration or metadata of the Identity
Provider.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- URL String
rank: 1000
alias: url_string
owner: Idp
domain_of:
- Scim
- Url
- Idp
- Product
- TransformationInfo
- WebResource
range: UrlT