Interactive login event

There are sufficient additional details about Control Plane login events that they merit their own category. An interactive login event contains the following additional fields. Here, an identity provider is an authentication system outside of the Control Plane that keeps identity information about users, such as Okta.

Field name Description Example
identity provider CRN CRN of the identity provider as known by the control plane crn:altus:iam:us-west-1:altus:samlProvider:cloudera-sso
identity provider session ID identifier assigned to the login session by the identity provider TBD
identity provider user ID identifier of the user as stored in the identity provider (for Cloudera SSO, email is used)
email email address of the user logging in
first name first (given) name of the user logging in Spongebob
last name last name (family name / surname) of the user logging in Squarepants
account admin a Boolean flag indicating if the login is for an administrative user true
groups names of groups to which the user belongs in their account TBD
source IP address IP address of the user logging in
user CRN CRN of the user logging in crn:...

The account admin flag is only available if login succeeds. The user CRN is not known until login is attempted, and the CRN is not always recorded when login fails (for example, if the user's account cannot be determined by the Control Plane). Remaining fields are filled in before the user login attempt, and so should be present in every event.