OneLogin

OneLogin is an application that manages authentication for your users on your network. You can connect OneLogin to InsightIDR in order to better track successful and failed login attempts on your assets.

To get started using OneLogin and InsightIDR:

  1. Configure a OneLogin API Credential
  2. Configure OneLogin as an Event Source

Configure a OneLogin API Credential

In your OneLogin application, you must create an API credential that allows InsightIDR read-only access to OneLogin authentication events. You can read more about OneLogin API credentials here: https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials

To configure this API credential:

  1. Log in to your OneLogin application.
  2. Select Developers > API Credentials.
  1. Click the Create New Credential button.
  2. Name your credential and choose the Read All radio button.
  1. Click the Save button.

OneLogin will then produce a Client ID and Client Secret. Copy both of these for later use in InsightIDR.

Configure the OneLogin Event Source

  1. From your dashboard, select Data Collection on the left hand menu.
  2. When the “Data Collection” page appears, click the Setup Event Source dropdown and choose Add Event Source.
  3. From the “Security Data” section, click the Cloud Services icon. The “Add Event Source” panel appears.
  4. Choose your collector and event source. You can also name your event source if you want.
  5. Optionally choose to send unfiltered logs.
  6. Paste the ClientID you copied earlier from OneLogin.
  7. Paste the Client Secret you copied earlier as the password.
  8. Choose the OneLogin region for your account
  9. Enter the polling rate in the “Refresh Rate” field.
  10. Configure your default domain or optionally create a new domain.
  11. Click the Save button.