# Protected password entered Endpoint: POST protected-password-entered Version: v1 Security: X-Signature ## Header parameters: - `X-Signature` (string, required) Example: "X-Signature: t=1492774577,v1=5257a869..." ## Request fields (application/json): - `version` (string) The version of the event. Example: "1" - `id` (string) The unique identifier for the event. This can be used as an idempotency key. Example: "c478966c-f927-411c-b919-179832d3d50c" - `timestamp` (integer) When the event occurred, formatted as a UNIX timestamp (in seconds). Example: 1698604061 - `category` (string) The category of the event. Enum: "CONTROL" - `description` (string) The description of the event. Note: this is subject to change and should not be used to match on this object. Example: "user@example.com entered their Microsoft 365 password into a different URL, but was blocked" - `object` (string) The object that was created. Enum: "PROTECTED_PASSWORD_ENTERED" - `friendlyName` (string) The friendly name of this object. Note: this is subject to change and should not be used to match on this object. Example: "Protected password entered" - `new` (object) This object represents a protected password entered event, indicating when an employee has typed a known protected password into an unknown domain. - `new.employee` (object) This object represents an employee in your organization. - `new.employee.id` (string) Unique identifier for the employee Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0" - `new.employee.email` (string) Primary email address of the employee Example: "john.hill@example.com" - `new.employee.firstName` (string) First name of the employee Example: "John" - `new.employee.lastName` (string) Last name of the employee Example: "Hill" - `new.employee.department` (string) Department - as provided by connected API integrations Example: "Security Engineering" - `new.employee.location` (string) Location - as provided by connected API integrations Example: "New York" - `new.employee.licensed` (boolean) Whether the employee is licensed on the Push platform Example: true - `new.employee.creationTimestamp` (integer) When this employee was created, formatted as a UNIX timestamp (in seconds) Example: 1698669223 - `new.employee.chatopsEnabled` (boolean) Whether the employee has ChatOps enabledDeprecation notice: this value no longer does anything unless you still have access to the legacy Employee chat topics functionality on your account. It will be removed in the next API version. Example: true - `new.mode` (any) The mode that SSO password protection is in. Enum: "BLOCK", "MONITOR", "WARN", "OFF" - `new.action` (string,null) The action that the user took while on the SSO password protection page. Enum: "DISPLAYED", "IGNORED" - `new.url` (string,null) The URL the user entered the password into Example: "https://evil.com/okta.php" - `new.referrerUrl` (string,null) The URL the user was on before entering the password Example: "https://statics.teams.cdn.office.net/" - `new.email` (string) The email address used to log into the account Example: "john.hill@example.com" - `new.appType` (string) The IdP password that was entered Example: "OKTA" - `new.sourceIpAddress` (string) The IP address of the user logging in. Example: "8.158.25.38" - `new.browser` (any) The browser used by the employee Enum: "CHROME", "FIREFOX", "EDGE", "SAFARI", "OPERA", "BRAVE", "ARC", "ISLAND", "PRISMA_ACCESS", "UNKNOWN" - `new.os` (any) The OS used by the employee Enum: "MACOS", "WINDOWS", "LINUX", "CHROME_OS", "IOS", "ANDROID", "UNKNOWN" - `new.userAgent` (string) The user agent string reported by the browser Example: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299" ## Response 2XX fields