Skip to content

Security Event Token

This SCIM server is configured to emit Security Event Tokens (SET). A SET is a JSON Web Token (JWT) that represents a security event in a standardized format. It is defined in RFC8417.

A SET contains information about the security event, such as the event type, timestamp, subject, and additional context. It is used for auditing, monitoring, and analyzing security-related activities within a system.

Specifically for SCIM, the SCIM Profile for Security Event Tokens defines how SET tokens in a SCIM environment should be structured.

Retrieve Events

To retrieve events, you can make a GET request to the /events endpoint. This will return a list of recent security events. This endpoints implements (parts of) RFC8936: Poll-Based Security Event Token (SET) Delivery Using HTTP.

The request can include the following parameters:

  • ack: A list of event identifiers

  • maxEvents: This is the maximum number of events that the server will return in a single response.

  • shouldReturnImmediately: This is a boolean value that determines whether the server should return immediately if there are no events to retrieve. This server only supports true.

Ackknowledge Events

After processing the SETs, the SET Recipient acknowledges received SETs and can poll for more.