Skip to main content

OneLogin getting started guide

Sharon Burton
  • Updated

 

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Step 1: Enable console access

Having read-only access to the interface of your technology allows Expel to dig deeper during incident investigations. Our device health team uses this access to investigate potential health issues with your tech.

Create a new user in OneLogin for Expel

  1. In the OneLogin console, select Administration.

    image5.png

  2. Select Users and then New User.

    image10.png

  3. Fill in the following fields:

    image11.png

    • First name: Expel

    • Last name: SOC

    • Email: soc+<Your_Organization_Name>@expel.io 

    • Username: same as email

    • Password: Set by user

    • Company: Expel

    • The other fields may be left blank.

  4. Click Save User.

  5. Notify your EM or CSE that the registration email has been sent.

Step 2: Generate API Credentials

To integrate the technology with Expel, we need to create secure credentials to the API. Depending on the permissions allowed in Step 1, Expel may be able to generate API credentials. If you're unsure, reach out to your Expel customer success engineer, or email customerhealth@expel.io.

  1. Sign into your OneLogin as a user with Admin privileges.

  2. Navigate to Administration.

    image3.png

  3. Navigate to Developers > API Credentials.

    image1.png

  4. Select New Credential.

    image4.png

  5. Give the credential a name (such as ExpelAPI) and select Read All and click Save.

    image9.png

  6. Save a copy of the Client ID and Client Secret.

    image7.png

Step 3: Configure the technology in Expel Workbench

Now that we have the correct access configured and noted the credentials, we can integrate your tech with Expel.

  1. Login to https://workbench.expel.io.

  2. Navigate to Settings > Security Devices.

  3. At the top right of the page, select Add New Device.

  4. Search for and select OneLogin (direct).

    image8.png

  5. Select Expel Cloud Service for the SIEM.

  6. Give the device a Name and Location.

  7. Fill in fields for Client Secret and Client ID with credentials generated in Step 2.

  8. Specify the Region of the OneLogin device (US, EU).

  9. Click Save.

After a few minutes, refresh the Security Devices page and you see your device status reporting as Healthy, or if there is an issue, you see details of what the issue may be.

To check if alerts are coming through, navigate to Alerts on the console page. Click the icon in the upper right to switch to grid view, then check the list for device alerts.

Related articles

Comments

0 comments

Article is closed for comments.