- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
OneLogin Cloud Connector
OneLogin is a cloud-based identity and access management solution that provides single sign on (SSO) identity platform to enable enterprises to secure applications for their users on all devices. For more information see the OneLogin documentation.
Prerequisites to Configure the OneLogin Connector
Before you configure the OneLogin connector you must complete the following prerequisites:
Ensure the https://*.onelogin.com service is open for communication with the Exabeam Cloud Connector platform.
Note the region to which the OneLogin account belongs. For example, EU or US.
Create an API credential specifically for Exabeam cloud connector configuration.
Obtain the values for client ID and client secret.
Create an API Credential
OneLogin APIs are authenticated via client ID and client secret. You must create an API credential and obtain the values for client ID and client secret to use while configuring the OneLogin connector.
To create an application credential:
Log in to the OneLogin developer console as an administrator.
Navigate to Developers > API Credentials.
On the API Access page, click New Credential.
In the Create New API Credential area, in the Name box, specify a name for the API credential, then select the credential scope Read All.
Click Save.
Copy the values for Client ID and Client Secret to use for authorizing the API calls. Use these values, represented by a string of letters and numbers, to configure the OneLogin cloud connector. For more information, see the OneLogin Documentation.
Configure the OneLogin Cloud Connector
OneLogin is a cloud-based identity and access management solution that provides single sign on (SSO) identity platform to enable enterprises to secure applications for their users on all devices. For more information see the OneLogin documentation.
The following table displays audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered | Event Types | Event Included |
|---|---|---|---|
Authentication | Login to OneLogin failed or succeeded, user authentication via API failed or succeeded, user failed remote authentication, Mac login success or failed, user logged-out from OneLogin, user logged-out from app, user authenticated by RADIUS, social sign-in, user login failed via assertion proxy | Represents authentication related events to OneLogin app or its protected apps | |
Active Directory | Ad connector started, stopped, configuration reloaded | Represents events related to the Active Directory connector | |
Directory Connector and VLDAP | Directory connector enabled or disabled, directory export started or finished, VLDAP bind failed, VLDAP enabled or disabled or updated | Represents events related to the directory connector | |
Directory Management | Directory added or deleted or modified, directory group updated | Represents events related to directory management | |
Integrated Application | Integrated app added or removed or updated | Represents events related to integrated applications | |
Directory Users Management | User deleted or created in directory, user invited, user locked, user suspended or reactivated in directory, user field added or removed, self-registration requested for user, user unlocked in the directory | Represents events related to user management in OneLogin directories | |
App Users Management | User deleted or created in app, user suspended or reactivated in app, user linked in app, user updated in app | Represents events related to user management in OneLogin apps | |
Roles Management | Added role to a user, role management granted or revoked, role removed from a user | Represents events related to security setting updates | |
Security Settings | Trusted idp removed, certification expiration notice, certification created, RADIUS configuration updated, desktop SSO enabled or disabled, VPN enabled or disabled | ||
SAML | SAML assertion consumer service failed | ||
Passwords | Set password with salt, set password with clear text, failed to set password with salt | Represents event related to password changes and management |
To configure the OneLogin connector to import data into the Exabeam Cloud Connector platform:
Complete the Prerequisites to Configure the OneLogin Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select OneLogin from the list.
In the Accounts section, enter the required information. Required fields are indicated with a red bar.
Tenant – Select a tenant to attach to the connector if you are using a multi-tenant edition of Exabeam. Otherwise, select default.
Account Name – Specify a name for the OneLogin connector. For example, OneLogin SSO.
Description – Describe the OneLogin connector (optional). For example, OneLogin identity and access management service.
Region – Select the region for the connector. Make sure that the region for the OneLogin account and the region you select for the connector is the same.
Client-ID – Enter the value for client ID that you obtained while completing prerequisites.
Client-Secret – Enter the value for client secret that you obtained while completing prerequisites.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.