# `OCSF.Events.Authentication` [🔗](https://github.com/docjerem/ocsf/blob/v0.1.0/lib/ocsf/events/authentication.ex#L1) Builder for OCSF Authentication events (class 3002). Corresponds to the OCSF [Authentication](https://schema.ocsf.io/1.8.0/classes/authentication) class under the Identity & Access Management category (UID 3). Each function maps to an OCSF activity: | Function | Activity ID | OCSF name | |--------------------------|-------------|----------------------| | `logon/1` | 1 | Logon | | `logoff/1` | 2 | Logoff | | `preauth/1` | 6 | Preauth | | `authentication_ticket/1`| 3 | Authentication Ticket| | `account_switch/1` | 7 | Account Switch | > **OCSF compliance note:** `user` is a required field for the > Authentication class. Builders return `{:error, _}` if omitted. See `OCSF.Event`, `OCSF.Activity`, `OCSF.EventCodeFormat`. # `account_switch` ```elixir @spec account_switch(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()} ``` Build an Account Switch event (activity_id 7). # `authentication_ticket` ```elixir @spec authentication_ticket(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()} ``` Build an Authentication Ticket event (activity_id 3). # `logoff` ```elixir @spec logoff(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()} ``` Build a Logoff authentication event (activity_id 2). # `logon` ```elixir @spec logon(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()} ``` Build a Logon authentication event (activity_id 1). ## Options See `OCSF.Event` for all accepted top-level keys. Required: - **`:user`** — map with at least `:uid`. Cast to `%OCSF.User{}`. ## Examples {:ok, event} = OCSF.Events.Authentication.logon( user: %{uid: "u1", org: %{uid: "acme"}}, status: :Success, severity: :Informational ) # `preauth` ```elixir @spec preauth(keyword()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()} ``` Build a Preauth authentication event (activity_id 6). --- *Consult [api-reference.md](api-reference.md) for complete listing*