Overview
Blumira’s modern SIEM platform integrates with OneLogin to ingest data so it may be displayed in the report builder. This integration is currently an ingest-only connector, and fulfills compliance requirements for many organizations.
Once configured, Blumira’s integration with OneLogin will stream event logs so companies can monitor everything that happens within your organization's OneLogin, from individual user actions to administrative operations, provisioning, and MFA device registration.
Before you begin
Before you begin, you must gather your API Key from OneLogin and scope the credential with read access so Blumira can pull Event Logs from OneLogin.
To gather your API Key and grant access, do the following:
- Log in to OneLogin as an Administrator or Account Owner.
- Navigate to Developers > API Credentials.
- On the API Access page, click New Credential
- In the Create new API Credential window do the following:
- In the Name box, type a name to identify the service that will be using the credential, such as “Blumira SIEM.”
- In the list of scope options, select Read All.
- Click Save.
- Copy the client secret and client id to use in the Blumira Cloud Connector.
- Click Done.
Configuring the Blumira Cloud Connector
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure the Blumira Cloud Connector:
- In the Blumira app, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector you want to add.
- In the Cloud Connector Name box, type a name to help identify the specific integration.
- Enter the credentials that you collected in the previous steps.
- Click Connect.