Document toolboxDocument toolbox

OneLogin collector

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
7 min read
[ 1 Service description ] [ 2 Data source description ] [ 3 Setup ] [ 4 Run the collector ] [ 5 Disclaimer ]

Service description

OneLogin is a cloud-based identity and access management provider that designs, develops, and sells a unified access management platform to enterprise-level businesses and organizations.

Data source description

The collector process the OneLogin API responses and send them to the Devo platform, which will categorize all the information received on tables in your Devo domain.

The OneLogin Resource API allows users to retrieve account activities for the event resource:

Resource type

Definition

Devo data table

Resource type

Definition

Devo data table

Events

Use this API to return all the events

auth.onelogin.events

For more info about the OneLogin Resource API, visit the OneLogin API Reference.

Setup

Getting OneLogin credentials

To call any of the OneLogin resource APIs, you must provide an OAuth 2.0 bearer access token in the Authorization header.

To get an OAuth 2.0 bearer access token, you must call the Generate Tokens API using an API credential pair (client ID and client secret).

Creating an API credential pair

  1. Access OneLogin as an account owner or administrator.

  2. Go to Developers →  API Credentials.

  3. On the API Access page, click New Credential. Give your credential pair a meaningful name. This name will be very important if you ever need to re-access or delete the credentials. In this example, we’ve named the credentials using the name of the developer and app that will be using the credentials.

  4. Select a scope for the credentials. In this case, we will select Read all, which gives the credential pair the ability to generate an access token that can perform GET calls for all available API resources.

  5. Click Save. Copy your client secret and client ID to use when making the Generate Access Token API call that will provide the access token you need to make calls to API resources. Keep these credentials secure and take care to not inadvertently embed them in shared code.

  6. Click Done. The API Access page updates to reflect the creation of the API credential pair.

Viewing an API credential pair

  1. Access OneLogin as an account owner or administrator.

  2. Go to Settings → API.

  3. On the API Access page, click the row that corresponds to your credential pair. The credentials display.

Generate tokens

Generate an access token and refresh token that you can use to call the resource APIs.

This API endpoint returns a response that includes status, which is not standard for OAuth 2.0 and does not work with out-of-the-box OAuth 2.0 clients. It is recommended to use the Generate Tokens v2 API for new development.

For an overview of the authorization flow, see Authorizing Resource API Calls.

Note that once generated, an access token is valid for 10 hours.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Disclaimer

An access token has a rate limit of 5,000 calls per hour. If an access token surpasses this limit, API calls will return an error. After the hour has passed, the count will be reset to a full 5,000 available calls.

Call the Get Rate Limit API to view current rate limits for an access token. Alternatively, you can find rate limit values in the response header for a resource API call.