mirror of
https://github.com/fleetdm/fleet
synced 2026-05-22 00:18:27 +00:00
29 lines
1.3 KiB
YAML
29 lines
1.3 KiB
YAML
name: app_sso_platform
|
|
platforms:
|
|
- darwin
|
|
description: Returns device and login information parsed from the "app-sso platform -s" command ("Platform SSO" extensions).
|
|
examples: |-
|
|
Check Platform SSO configuration by getting the device ID and and user principal name (UPN).
|
|
|
|
```
|
|
SELECT device_id, user_principal_name FROM app_sso_platform WHERE extension_identifier = 'com.microsoft.CompanyPortalMac.ssoextension' AND realm = 'KERBEROS.MICROSOFTONLINE.COM';
|
|
```
|
|
columns:
|
|
- name: extension_identifier
|
|
type: text
|
|
required: true
|
|
description: Extension identifier of the Platform SSO extension (e.g. "com.microsoft.CompanyPortalMac.ssoextension").
|
|
- name: realm
|
|
type: text
|
|
required: true
|
|
description: Realm of the user that logged via Platform SSO (e.g. "KERBEROS.MICROSOFTONLINE.COM").
|
|
- name: device_id
|
|
type: text
|
|
required: false
|
|
description: Device ID extracted from "Device Configuration" -> "deviceSigningCertificate" -> Subject -> CommonName.
|
|
- name: user_principal_name
|
|
type: text
|
|
required: false
|
|
description: User principal name of the user that logged in via Platform SSO.
|
|
notes: This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)).
|
|
evented: false
|