OneLogin is a cloud-based identity and access management (IAM) provider. This integration allows you to ship logs from your OneLogin account to your Layerlog account.

Before you begin, you’ll need:

  • An active account with OneLogin
  • An actie account with Layerlog
Login to your OneLogin account

Log in to your OneLogin account as admin.

Open the New broadcaster dialog

Navigate to Developers > Webhooks > New broadcaster.

Fill out the New broadcaster dialog

New-broadcaster

  • In the Title field, enter logzio.

  • In the Format field, select SIEM (NDJSON).

  • In the Listener URL field, enter https://<<LISTENER-HOST>>:8071/?token=<<LOG-SHIPPING-TOKEN>>&type=onelogin. Replace <<LISTENER-HOST>> with the host for your region. For example, listener.layerlog.com if your account is hosted on AWS US East, or listener-nl.layerlog.com if hosted on Azure West Europe. Your Layerlog log shipping token directs the data securely to your Layerlog Log Management account. The default token is auto-populated in the examples when you’re logged into the Layerlog app as an Admin. Manage your tokens.

Save changes

When everything is filled out, click Save.

Check Layerlog for your logs

Give your logs some time to get from your system to ours, and then open Kibana. You can search for type:onelogin to filter for your OneLogin logs.

If you still don’t see your logs, see log shipping troubleshooting.