OneLogin

Required fields are in bold.

OneLogin.Events

OneLogin provides single sign-on and identity management for organizations. For schema information see https://developers.onelogin.com/api-docs/1/events/webhooks‚Äč

Panther Enterprise Only

Column

Type

Description

uuid

string

The Universion Unique Identifier for this message generated by OneLogin.

account_id

bigint

Account that triggered the event.

event_timestamp

timestamp

Time and date at which the event was created. This value is autogenerated by OneLogin.

error_description

string

Provisioning error details, if applicable.

login_name

string

The name of the login user

app_name

string

Name of the app involved in the event, if applicable.

authentication_factor_description

string

More details about the authentication factor used.

certificate_name

string

The name of the certificate that was included in the request.

certificate_id

string

The ID of the certificate that was included in the request.

assumed_by_superadmin_or_reseller

boolean

Indicates that the operation was performed by superadmin or reseller.

directory_name

string

The directory name.

actor_user_id

bigint

ID of the user whose action triggered the event.

user_name

string

Name of the user that was acted upon to trigger the event.

mapping_id

bigint

The ID of the mapping included in the operation.

radius_config_id

bigint

The ID of the Radius configuration included in the operation.

risk_score

bigint

The higher thiss number, the higher the risk.

otp_device_id

bigint

ID of a device involved in the event.

imported_user_id

bigint

The ID of the imported user.

resolution

string

The resolution.

directory_id

bigint

The directory ID.

authentication_factor_id

bigint

The ID of the authentication factor used.

risk_cookie_id

string

The ID of the risk cookie.

app_id

bigint

ID of the app involved in the event, if applicable.

custom_message

string

More details about the event.

browser_fingerprint

string

The fingerprint of the browser.

otp_device_name

string

Name of a device involved in the event.

actor_user_name

string

First and last name of the user whose action triggered the event.

actor_system

string

Acting system that triggered the event when the actor is not a user.

user_field_name

string

The name of the custom user field.

user_field_id

string

The ID of the custom user field.

assuming_acting_user_id

bigint

ID of the user who assumed the role of the acting user to trigger the event, if applicable.

api_credential_name

string

The name of the API credential used.

imported_user_name

string

The name of the imported user.

note_title

string

The title of the note.

trusted_idp_name

string

The name of the trusted IDP.

policy_id

bigint

ID of the policy involved in the event.

role_name

string

Name of a role involved in the event.

resolved_by_user_id

bigint

The ID of the user that resolved the issue.

group_id

bigint

ID of a group involved in the event.

client_id

string

Client ID used to generate the access token that made the API call that generated the event.

ipaddr

string

IP address of the machine used to trigger the event.

notes

string

More details about the event.

event_type_id

bigint

Type of event triggered.

user_id

bigint

ID of the user that was acted upon to trigger the event.

risk_reasons

[string]

This is not an exhaustive list of the reasons for the risk score and should only be used as a guide

proxy_agent_name

string

The name of the proxy agent.

policy_type

string

The type of the policy.

role_id

bigint

ID of a role involved in the event.

user_agent

string

The user agent from which the request was invoke

privilege_name

string

The name of the privilege.

group_name

string

Name of a group involved in the event.

entity

string

The entity involved in this request.

resource_type_id

bigint

ID of the resource (user, role, group, and so forth) associated with the event.

mapping_name

string

The name of the mapping.

task_name

string

The name of the task.

authentication_factor_type

bigint

The type of the authentication type.

radius_config_name

string

The name of the Radius configuration used.

policy_name

string

Name of the policy involved in the event.

privilege_id

bigint

The id of the privilege.

directory_sync_run_id

bigint

Directory sync run ID.

operation_name

string

The name of the operation

p_log_type

string

Panther added field with type of log

p_row_id

string

Panther added field with unique id (within table)

p_event_time

timestamp

Panther added standardize event time (UTC)

p_parse_time

timestamp

Panther added standardize log parse time (UTC)

p_any_ip_addresses

[string]

Panther added field with collection of ip addresses associated with the row

p_any_domain_names

[string]

Panther added field with collection of domain names associated with the row

p_any_sha1_hashes

[string]

Panther added field with collection of SHA1 hashes associated with the row

p_any_md5_hashes

[string]

Panther added field with collection of MD5 hashes associated with the row

p_any_sha256_hashes

[string]

Panther added field with collection of SHA256 hashes of any algorithm associated with the row