The OneLogin Event Webhook allows you to stream OneLogin event data to any SIEM (Security Information and Event Management) solution that accepts data in a JSON format, such as Sumo Logic, ELK, or Splunk. This integration allows you to monitor activities, alert on threats, and execute event-based identity related workflows across your OneLogin and SIEM environments.
Prerequisites
Before beginning this configuration, consult your SIEM solution to verify the format it expects for event data and any custom headers it may require.
This feature requires a OneLogin subscription that includes Single Sign-On. Speak with your account representative for more information.
In your OneLogin admin portal, go to Developers > Webhooks. Under New Webhook, choose Event Webhook for Log Management.
Note: If you configure more than five webhooks, you may experience latency problems during high traffic periods.
Name
|
Enter a unique name for the webhook.
|
Format
|
Select the format expected by your SIEM solution.
|
Listener URL
|
Enter the SIEM endpoint that will receive the event data from OneLogin.
|
Custom Headers
|
Enter any custom headers required by your SIEM stack for receiving event data, using the format name:value and separating multiple headers with line breaks if necessary.
|
The new webhook now appears in your Event Broadcasters. Select it from this list to edit its configuration or to enable or disable the webhook.
The OneLogin Event Webhook streams the event data every 10 seconds or in 10 event bundles, as necessary. |