When accessing "/users/$id"
The response documents the following fields:
| _id | [...] |
| [...] | |
| userName | [...] |
| firstName | [...] |
| lastName | [...] |
| roleId | [...] |
| active | [...] |
| groups | [...] |
| adgroups | [...] |
| activeDirectory | [...] |
| principalName | [...] |
| objectSid | [...] |
| uSNChanged | [...] |
| dn | [...] |
| preferences | {...} |
| uiSettings | {...} |
| created | [...] |
| lastLogin | [...] |
| lastUpdated | [...] |
| ldapDomainId | [...] |
| pendingExpiration | [...] |
| createdSso | [...] |
I see 'createdSso', but that doesn't seem to indicate which users can log in via what method.
When we're auditing users, we need to know which users have a password that bypasses SSO, These users are high risk, as without a way to audit them, we can't easily discover discover when users have a password configured that allows them to bypass organization SSO.