Mappings: Okta Authentication - sso
Input | Value |
---|---|
Vendor | Okta |
Product | SSO |
Log Format | JSON |
Event ID Regex Pattern | user\.authentication\.sso* |
Output | Value |
---|---|
Vendor | Okta |
Product | Single Sign-On |
Record Type | Authentication |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
application | target.1.alternateId | |
cause | outcome.reason | |
description | displayMessage | |
device_ip | client.ipAddress | |
normalizedAction | None | The static text logon is populated in this schema field. |
sessionId | authenticationContext.externalSessionId | |
severity | severity | |
srcDevice_ip | request.ipChain.1.ip | |
success | outcome.result | This is a lookup field. More info to come in the catalog later... |
user_authDomain | securityContext.domain | |
user_userId | actor.id | |
user_username | user |