Interactive login event
There are sufficient additional details about Control Plane login events that they merit their own category. An interactive login event contains the following additional fields. Here, an identity provider is an authentication system outside of the Control Plane that keeps identity information about users, such as Okta.
|identity provider CRN||CRN of the identity provider as known by the control plane||crn:altus:iam:us-west-1:altus:samlProvider:cloudera-sso|
|identity provider session ID||identifier assigned to the login session by the identity provider||TBD|
|identity provider user ID||identifier of the user as stored in the identity email@example.com (for Cloudera SSO, email is used)|
|email address of the user logging firstname.lastname@example.org|
|first name||first (given) name of the user logging in||Spongebob|
|last name||last name (family name / surname) of the user logging in||Squarepants|
|account admin||a Boolean flag indicating if the login is for an administrative user||true|
|groups||names of groups to which the user belongs in their account||TBD|
|source IP address||IP address of the user logging in||192.168.0.1|
|user CRN||CRN of the user logging in||crn:...|
The account admin flag is only available if login succeeds. The user CRN is not known until login is attempted, and the CRN is not always recorded when login fails (for example, if the user's account cannot be determined by the Control Plane). Remaining fields are filled in before the user login attempt, and so should be present in every event.