@pasar6987/sf-core-security-identity

Authentication, authorization, and threat detection including login events, OAuth tokens, MFA, session management, credential stuffing detection, and mobile security policies.

Overview

Objects

• ApiAnomalyEventStore — API Anomaly Event Stores - ApiAnomalyEventStore
• AuthConfig — Represents authentication options for My Domain and Experience Cloud site login pages.
• AuthConfigProviders — Represents an authentication provider that’s configured in an organization. AuthConfigProviders is a child of the AuthConfig object.
• AuthProvParamFwdAllowlist — Represents an allowlisted URL parameter that can be forwarded from authentication provider client configuration URLs to the authorization URL. Use this type to add custom functionality to authentication providers. For example, allowlist a ui_locales parameter and use it to send a user's language preference from Salesforce to the third-party provider's login page.
• AuthSession — The AuthSession object represents an individual user session in your organization.
• BrowserPolicyViolation — Represents a violation that occurred within the last seven days related to the Trusted URLs and Trusted URLs for External Redirects allowlists. These violations include blocked resource requests based on your content security policy (CSP) and blocked redirections.
• CredentialStuffingEventStore — Credential Stuffing Event Stores - CredentialStuffingEventStore
• ExternalEncryptionRootKey — Represents metadata about root keys stored in third-party key stores that are used to generate and secure keys that encrypt Salesforce data.
• IdpEventLog — Represents the Identity Provider Event Log. This log records both problems and successes with inbound SAML or OpenID Connect authentication requests from another app provider. It also records outbound SAML responses when Salesforce is acting as an identity provider.
• Insecure External Assets Event Type — Insecure External Assets events contain information about external assets. External assets include images or videos accessed by users over an insecure HTTP protocol. The event lists all your Salesforce pages that contain assets hosted insecurely on third-party sites that users loaded with a Chrome, Firefox, Microsoft Edge, or Safari browser. The INSECURE_URI field contains the URI being used to load the asset insecurely.
• Insufficient Access Event Type — Insufficient Access events contain details about errors relating to insufficient record access, so that you can troubleshoot and resolve access issues for your users.
• Login As Event Type — Login As events contain details about what a Salesforce admin did while logged in as another user.
• Login Event Type — Login events contain details about your org’s user login history.
• LoginAsEventStream — LoginAs Event Streams - LoginAsEventStream
• LoginEvent — The documentation has moved to LoginEvent in the Platform Events Developer Guide.
• LoginEventStream — Login Event Streams - LoginEventStream
• LoginGeo — Represents the geographic location of the user’s IP address for a login event. Due to the nature of geolocation technology, the accuracy of geolocation fields (for example, country, city, postal code) may vary.
• LoginHistory — Represents the login history for all successful and failed login attempts for organizations and enabled portals.
• LoginIp — Represents a validated IP address.
• LoginIpRange — Login IP Range - LoginIpRange
• Logout Event Type — Salesforce standard object
• LogoutEventStream — The documentation has moved to LogoutEventStream in the Platform Events Developer Guide.
• MobSecurityCertPinConfig — Configuration of mobile security certificate pinning on the Salesforce mobile app with Enhanced Mobile Security.
• MobSecurityCertPinEvent — The event of mobile security certificate pinning on the Salesforce mobile app with Enhanced Mobile Security.
• MobileSecurityAssignment — Represents the assignment of mobile security policies to a profile. The policies apply to the Salesforce mobile app with Enhanced Mobile App Security enabled.
• MobileSecurityPolicy — Enables mobile security policies on the Salesforce mobile app with Enhanced Mobile Security.
• MobileSecurityUserMetric — Represents the metrics for users who have Enhanced Mobile Security policies enforced.
• MyDomainDiscoverableLogin — Represents configuration settings when the My Domain login page type is Discovery. Login Discovery provides an identity-first login experience, where the login page contains the identifier field only. Based on the identifier entered, a handler determines how to authenticate the user.
• OauthCustomScopeApp — Represents the name of the connected app to which the custom scope is assigned.
• OauthToken — Represents an OAuth access token for connected app authentication. Use this object to create a user interface for token management.
• OauthTokenExchHandlerApp — Represents the enablement settings for a specific Salesforce connected app or external client app that’s enabled for the token exchange handler. A handler can be enabled for multiple apps.
• OauthTokenExchangeHandler — Represents a token exchange handler. The token exchange handler also consists of an Apex class. During the OAuth 2.0 token exchange flow, the token exchange handler is used to validate tokens from an external identity provider and to map users to Salesforce.
• Permission Update Event Type — Permission update events represent changes to object, field, and user permissions and setup entity access that occur in profiles and permission sets. The event type also tracks if you clone profiles or change whether session activation is required in permission sets or permission set groups.
• PermissionSetEventStore — Permission Set Event Stores - PermissionSetEventStore
• RemoteKeyCalloutEvent — The documentation has moved to RemoteKeyCalloutEvent in the Platform Events Developer Guide.
• SPSamlAttributes — Service Provider SAML Attributes - SPSamlAttributes
• SecurityCustomBaseline — Provides the ability to read, create, and delete user-defined custom security baselines, which define an org’s security standards.
• SessionHijackingEventStore — Session Hijacking Event Stores - SessionHijackingEventStore
• SessionPermSetActivation — The SessionPermSetActivation object represents a permission set assignment activated during an individual user session. When a SessionPermSetActivation object is inserted into a permission set, an activation event fires, allowing the permission settings to apply to the user’s specific session.
• TenantScrAIPrmptInjection — Stores generative AI prompt injection data.
• ThirdPartyAccountLink — Represents the list of external users who authenticated using an authentication provider.
• ThreatDetectionFeedback — Represents feedback provided by a user about a Threat Detection event that occurred in your org. The feedback specifies whether the event was malicious, suspicious, not a threat, or unknown. Each ThreatDetectionFeedback object is associated with one of these Threat Detection storage events: ApiAnomalyEventStore, CredentialStuffingEventStore, ReportAnomalyEventStore, or SessionHijackingEventStore.
• Transaction Security Event Type — Transaction Security events contain details about policy execution. This event type is supported in API version 55.0 and later.
• TwoFactorInfo — Stores a user’s secret for multi-factor operations. Use this object when customizing multi-factor authentication in your organization. (Note that multi-factor authentication was formerly called two-factor authentication.)
• TwoFactorMethodsInfo — Stores information about which identity verification methods a user has registered.
• TwoFactorTempCode — Stores information about a user’s temporary verification code for confirming their identity when logging in.
• VerificationHistory — Represents the past six months of your org users’ attempts to verify their identity.

Install

rawctx snapshot-download @pasar6987/sf-core-security-identity