Quick Links

Integrating with OneLogin

Overview

Blumira integrates with OneLogin to ingest data that is available to analyze in Report Builder and provides centralized visibility alongside your other integrated data sources. This integration is currently an ingest-only connector, meaning no findings will generate for these data, and it fulfills compliance requirements for many organizations.

Once configured, Blumira’s integration with OneLogin will stream event logs so you can analyze events that occur within your organization's OneLogin, from individual user actions to administrative operations, provisioning, and MFA device registration.

Before you begin

Before you begin, you must gather your API Key from OneLogin and scope the credential with read access so Blumira can pull Event Logs from OneLogin.

To gather your API Key and grant access, do the following:

  1. Log in to OneLogin as an Administrator or Account Owner.
  2. Navigate to Developers > API Credentials.
  3. On the API Access page, click New Credential
  4. In the Create new API Credential window do the following:
    1. In the Name box, type a name to identify the service that will be using the credential, such as “Blumira SIEM.”
    2. In the list of scope options, select Read All.
    3. Click Save.
    4. Copy the client secret and client ID to use in the Blumira Cloud Connector.
    5. Click Done.

Configuring the Blumira Cloud Connector

To configure the Blumira Cloud Connector and begin logging, do the following:

  1. In Blumira, navigate to Ingestion > Cloud Connectors.
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, select the connector you want to add.
  4. In Cloud Connector Name, type a name that will help you identify the integration.
  5. In the remaining fields, enter the credentials you gathered in the previous steps.
  6. Click Connect.