SSO event payload

Edit online

The following IBM® Verify application usage event attributes are available when generating reports.

Application usage SSO event attributes

The following table lists the additional attributes that are contained in the V2 SSO events.

Table 1. SSO event attributes
Name Data type Description
data.applicationid String Identifier of application that was targeted by event
data.count String Number of times event has occurred
data.devicetype String Browser user agent
data.host String Hostname of the microservice instance that generated the event
data.origin String IP address of system that caused event to be generated
data.realm String

Identity source of user. Examples:

Cloud Directory: CloudIdentityRealm,

IBMid: www.ibm.com

SAML Enterprise: AzureRealm

LDAP pass-through: www.cloudsecurity.com

OIDC: www.yahoo.com
data.result String Success or failure
data.subtype String Identity source type used for authentication: Cloud Directory, OIDC, SAML, ibmldap, Maasconnect
data.userid String Verify user ID that caused event to be generated.
data.username String Unique identifier for logging in to Verify. It can be the same as the email address of the user.
application_info.name

application_info.type

 String Augmented by Event service by using data.applicationid
geoip.city_name

geoio.continent_name

geoip.country_iso_code

geoip.country_name

geoip.location

geoip.region_name

 String Augmented by Event service by using data.origin
data.deviceid

data.mdmiscompliant

data.mdmismanaged

data.billingid

 String Android or IPhone device

true or false

true or false
data.providerid

data.samlassertion

 String Identifies the SAML partner
data.client_id

data.client_name

data.client_type

data.grant_type

data.grant_id

data.redirecturl

data.response_type

data.scope

 String The unique public identifier that is assigned to the client application, which is the OpenID Connect relying party.

Example

The following code is a sample payload. Use the Events APIs to get the actual attributes. See https://docs.verify.ibm.com/verify/reference/getallevents and https://docs.verify.ibm.com/verify/docs/pulling-event-data.

{
    "geoip": {
      "continent_name": "North America",
      "as_org": "ATT-INTERNET4",
      "city_name": "Austin",
      "country_iso_code": "USA",
      "ip": "1111:1111:a111:1111:a111:aa1:1aaa:111",
      "country_name": "United States",
      "region_name": "Texas",
      "location": {
        "lon": "-97.7467",
        "lat": "30.2627"
      },
      "asn": 7018
    },
    "data": {
      "result": "success",
      "subtype": "saml",
      "providerid": "box.net",
      "origin": "1111:1111:a111:1111:a111:aa1:1aaa:111",
      "realm": "cloudIdentityRealm",
       "samlassertion": "<asssertion_value>",
      "applicationid": "2222222222222222222",
      "userid": "333B3B33BB",
      "applicationtype": "Box",
      "devicetype": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0",
      "username": "username",
      "applicationname": "SMGAdaptiveAccessBox"
    },
    "year": 2023,
    "event_type": "sso",
    "month": 7,
    "indexed_at": 1689692204024,
    "tenantid": "3cc33c3-3c33-3c33-c3c3-33c33ccc3c3",
    "tenantname": "name.ite1.idng.ibmcloudsecurity.com",
    "correlationid": "CORR_ID-DD44d44d44-444d-44d4-d444-444dd4444fd4",
    "servicename": "saml_runtime",
    "id": "5e55e5e5-e555-555-555-5e55e5e5e55e",
    "time": 1689692192869,
    "day": 18
  }