Identity Supported Fields

This document shows the fields supported by each provider and operation.

get_group
get_group_members
get_user
query_audit_log
query_groups
query_users

get_group

Field	Microsoft Entra ID	PingOne Identity	Type
activity_id	✅	✅	number
activity_name	✅	✅	string
category_name	✅	✅	string
category_uid	✅	✅	number
class_name	✅	✅	string
class_uid	✅	✅	number
entity.group.desc	✅	✅	string
entity.group.name	✅	✅	string
entity.group.privileges[]	✅	✅	string
entity.group.uid	✅	✅	string
entity.type	✅	✅	string
entity.type_id	✅	✅	number
entity.uid	✅	✅	string
metadata.product.name	✅	✅	string
metadata.product.vendor_name	✅	✅	string
metadata.version	✅	✅	string
severity_id	✅	✅	number
severity_name	✅	✅	string
time	✅	✅	number
type_name	✅	✅	string
type_uid	✅	✅	number

get_group_members

Field	Google Workspace	Type
activity_id	✅	number
activity_name	✅	string
category_name	✅	string
category_uid	✅	number
class_name	✅	string
class_uid	✅	number
entity.type	✅	string
entity.type_id	✅	number
entity.uid	✅	string
entity.user.email_addr	✅	string
entity.user.type	✅	string
entity.user.type_id	✅	number
entity.user.uid	✅	string
entity.user.uid_alt	✅	string
metadata.product.name	✅	string
metadata.product.vendor_name	✅	string
metadata.version	✅	string
severity_id	✅	number
severity_name	✅	string
time	✅	number
type_name	✅	string
type_uid	✅	number

get_user

Field	Google Workspace	Microsoft Entra ID	Okta	PingOne Identity	Type
activity_id	✅	✅	✅	✅	number
activity_name	✅	✅	✅	✅	string
category_name	✅	✅	✅	✅	string
category_uid	✅	✅	✅	✅	number
class_name	✅	✅	✅	✅	string
class_uid	✅	✅	✅	✅	number
entity.type	✅	✅	✅	✅	string
entity.type_id	✅	✅	✅	✅	number
entity.uid	✅	✅	✅	✅	string
entity.user.email_addr	✅	✅	✅	✅	string
entity.user.full_name	✅	✅	✅	✅	string
entity.user.groups[].desc	❌	✅	✅	✅	string
entity.user.groups[].name	❌	✅	✅	✅	string
entity.user.groups[].type	❌	✅	❌	✅	string
entity.user.groups[].uid	❌	✅	✅	✅	string
entity.user.ldap_person.cost_center	❌	❌	✅	✅	string
entity.user.ldap_person.created_time	✅	✅	✅	✅	timestamp
entity.user.ldap_person.employee_uid	❌	✅	✅	✅	string
entity.user.ldap_person.given_name	✅	✅	✅	✅	string
entity.user.ldap_person.job_title	❌	✅	✅	✅	string
entity.user.ldap_person.last_login_time	✅	✅	❌	❌	timestamp
entity.user.ldap_person.manager.email_addr	❌	✅	❌	❌	string
entity.user.ldap_person.manager.full_name	❌	✅	✅	❌	string
entity.user.ldap_person.manager.name	❌	✅	❌	❌	string
entity.user.ldap_person.manager.type	❌	✅	❌	❌	string
entity.user.ldap_person.manager.type_id	❌	✅	❌	❌	number
entity.user.ldap_person.manager.uid	❌	✅	❌	❌	string
entity.user.ldap_person.manager.uid_alt	❌	✅	❌	❌	string
entity.user.ldap_person.modified_time	❌	❌	✅	✅	timestamp
entity.user.ldap_person.surname	✅	✅	✅	✅	string
entity.user.mfa_status	❌	✅	✅	✅	string
entity.user.mfa_status_id	❌	✅	✅	✅	number
entity.user.name	✅	✅	✅	✅	string
entity.user.org.name	❌	✅	✅	❌	string
entity.user.org.ou_name	❌	✅	✅	❌	string
entity.user.privileges[]	❌	✅	✅	✅	string
entity.user.type	✅	✅	✅	✅	string
entity.user.type_id	✅	✅	✅	✅	number
entity.user.uid	✅	✅	✅	✅	string
entity.user.uid_alt	✅	✅	✅	✅	string
entity.user.user_status	✅	✅	✅	✅	string
entity.user.user_status_id	✅	✅	✅	✅	number
metadata.product.name	✅	✅	✅	✅	string
metadata.product.vendor_name	✅	✅	✅	✅	string
metadata.version	✅	✅	✅	✅	string
severity_id	✅	✅	✅	✅	number
severity_name	✅	✅	✅	✅	string
time	✅	✅	✅	✅	number
type_name	✅	✅	✅	✅	string
type_uid	✅	✅	✅	✅	number

query_audit_log

Field	Google Workspace	Microsoft Entra ID	Okta	PingOne Identity	Type
activity_id	✅	✅	✅	✅	number
activity_name	✅	❌	✅	✅	string
actor.idp.name	❌	❌	❌	✅	string
actor.idp.uid	❌	❌	❌	✅	string
actor.user.email_addr	✅	❌	✅	❌	string
actor.user.name	❌	✅	✅	✅	string
actor.user.type	❌	❌	✅	✅	string
actor.user.uid	✅	✅	✅	✅	string
actor.user.uid_alt	❌	❌	✅	❌	string
auth_protocol_id	❌	✅	❌	❌	number
category_name	✅	✅	✅	✅	string
category_uid	✅	✅	✅	✅	number
class_name	✅	✅	✅	✅	string
class_uid	✅	✅	✅	✅	number
count	❌	✅	✅	✅	number
enrichments[].data	❌	✅	❌	❌	string
enrichments[].data.city	❌	✅	✅	❌	string
enrichments[].data.country	❌	❌	✅	❌	string
enrichments[].data.countryOrRegion	❌	✅	❌	❌	string
enrichments[].data.geoCoordinates.altitude	❌	✅	❌	❌	unknown
enrichments[].data.geoCoordinates.latitude	❌	✅	❌	❌	number
enrichments[].data.geoCoordinates.longitude	❌	✅	❌	❌	number
enrichments[].data.geolocation.lat	❌	❌	✅	❌	number
enrichments[].data.geolocation.lon	❌	❌	✅	❌	number
enrichments[].data.postalCode	❌	❌	✅	❌	string
enrichments[].data.state	❌	✅	✅	❌	string
enrichments[].name	❌	✅	✅	✅	string
enrichments[].type	❌	✅	✅	✅	string
enrichments[].value	❌	✅	✅	✅	string
group	✅	❌	❌	❌	unknown
group.name	❌	✅	✅	✅	string
group.type	❌	✅	✅	❌	string
group.uid	❌	✅	✅	❌	string
http_request.url.url_string	❌	❌	✅	❌	string
http_request.user_agent	❌	❌	✅	❌	string
is_mfa	❌	✅	❌	❌	boolean
logon_type_id	❌	✅	❌	❌	number
message	❌	✅	✅	✅	string
metadata.product.name	✅	✅	✅	✅	string
metadata.product.vendor_name	✅	✅	✅	✅	string
metadata.version	✅	✅	✅	✅	string
privileges[]	✅	❌	❌	❌	string
service.name	❌	✅	❌	❌	string
service.uid	❌	✅	❌	❌	string
severity_id	✅	✅	✅	✅	number
src_endpoint.ip	✅	❌	✅	❌	string
src_endpoint.location.city	❌	❌	✅	❌	string
src_endpoint.location.coordinates[]	❌	❌	✅	❌	number
src_endpoint.location.country	❌	❌	✅	❌	string
src_endpoint.uid	❌	❌	✅	❌	string
status	✅	❌	✅	✅	string
status_detail	❌	✅	✅	✅	string
status_id	✅	✅	✅	✅	number
time	✅	✅	✅	✅	number
type_name	✅	❌	✅	✅	string
type_uid	✅	✅	✅	✅	number
user	✅	❌	❌	❌	unknown
user.email_addr	✅	❌	✅	❌	string
user.full_name	❌	✅	❌	❌	string
user.name	✅	✅	✅	✅	string
user.organization.name	❌	✅	❌	❌	string
user.organization.uid	❌	✅	❌	❌	string
user.type	❌	✅	✅	✅	string
user.type_id	❌	✅	❌	✅	number
user.uid	✅	✅	✅	✅	string
user.uid_alt	❌	❌	✅	❌	string
user_result.email_addr	❌	❌	✅	❌	string
user_result.name	❌	❌	✅	❌	string
user_result.type	❌	❌	✅	❌	string
user_result.uid	❌	❌	✅	❌	string
user_result.uid_alt	❌	❌	✅	❌	string
web_resources[].name	❌	❌	✅	❌	string
web_resources[].type	❌	❌	✅	❌	string
web_resources[].uid	❌	❌	✅	❌	string
web_resources[].url_string	❌	❌	✅	❌	string

query_groups

Field	Okta	PingOne Identity	Type
activity_id	✅	✅	number
activity_name	✅	✅	string
category_name	✅	✅	string
category_uid	✅	✅	number
class_name	✅	✅	string
class_uid	✅	✅	number
entity.group.desc	✅	✅	string
entity.group.name	✅	✅	string
entity.group.type	✅	❌	string
entity.group.uid	✅	✅	string
entity.type	✅	✅	string
entity.type_id	✅	✅	number
entity.uid	✅	✅	string
metadata.product.name	✅	✅	string
metadata.product.vendor_name	✅	✅	string
metadata.version	✅	✅	string
severity_id	✅	✅	number
severity_name	✅	✅	string
time	✅	✅	number
type_name	✅	✅	string
type_uid	✅	✅	number

query_users

Field	Google Workspace	Microsoft Entra ID	Okta	PingOne Identity	Type
activity_id	✅	✅	✅	✅	number
activity_name	✅	✅	✅	✅	string
category_name	✅	✅	✅	✅	string
category_uid	✅	✅	✅	✅	number
class_name	✅	✅	✅	✅	string
class_uid	✅	✅	✅	✅	number
entity.type	✅	✅	✅	✅	string
entity.type_id	✅	✅	✅	✅	number
entity.uid	✅	✅	✅	✅	string
entity.user.email_addr	✅	✅	✅	✅	string
entity.user.full_name	✅	✅	✅	✅	string
entity.user.ldap_person.cost_center	❌	❌	✅	❌	string
entity.user.ldap_person.created_time	✅	✅	✅	✅	timestamp
entity.user.ldap_person.employee_uid	❌	✅	✅	❌	string
entity.user.ldap_person.given_name	✅	✅	✅	✅	string
entity.user.ldap_person.job_title	❌	✅	✅	❌	string
entity.user.ldap_person.last_login_time	✅	✅	❌	❌	timestamp
entity.user.ldap_person.manager.full_name	❌	❌	✅	❌	string
entity.user.ldap_person.modified_time	❌	❌	✅	✅	timestamp
entity.user.ldap_person.surname	✅	✅	✅	✅	string
entity.user.mfa_status	❌	❌	❌	✅	string
entity.user.mfa_status_id	❌	❌	❌	✅	number
entity.user.name	✅	✅	✅	✅	string
entity.user.org.name	❌	✅	✅	❌	string
entity.user.org.ou_name	❌	✅	✅	❌	string
entity.user.type	✅	✅	✅	✅	string
entity.user.type_id	✅	✅	✅	✅	number
entity.user.uid	✅	✅	✅	✅	string
entity.user.uid_alt	✅	✅	✅	✅	string
entity.user.user_status	✅	✅	✅	✅	string
entity.user.user_status_id	✅	✅	✅	✅	number
metadata.product.name	✅	✅	✅	✅	string
metadata.product.vendor_name	✅	✅	✅	✅	string
metadata.version	✅	✅	✅	✅	string
severity_id	✅	✅	✅	✅	number
severity_name	✅	✅	✅	✅	string
time	✅	✅	✅	✅	number
type_name	✅	✅	✅	✅	string
type_uid	✅	✅	✅	✅	number

Identity Supported Fields

get_group

get_group_members

get_user

query_audit_log

query_groups

query_users

Was this helpful?