Identity Tags

Username

identity.principal.name::<username>

For example, to match john@example.com use identity.principal.name::john@example.com.

Identity Provider Group

identity.idp.group::<group>

"'identity.idp.group::<group with space>'"

For example, to match the Analysts IdP group use identity.idp.group::Analysts. To match the Security Team IdP group use "'identity.idp.group::Security Team'". To negate the previous example use "NOT 'identity.idp.group::Security Team'".

This tag is case sensitive.

Satori Group

identity.directory.group::<group ID>

For example, to match a group with ID e36cde67-6048-4ab3-b6f5-22b0aa311f80 use identity.directory.group::e36cde67-6048-4ab3-b6f5-22b0aa311f80.

Snowflake Role

identity.datastore.role::<role>

For example, to match to the ACCOUNTADMIN role use identity.datastore.role::accountadmin.