CLOUD CONNECTOR

OneLogin

OneLogin is a cloud-based identity and access management provider that designs and develops a unified access management system platform for enterprise-level businesses and organizations.

Securonix integrates with the OneLogin API for the identification of identity and access threat events and insider threat events, detection of unusual account behavior and signs of account compromise, and context enrichment for threat chains.

Events API Services/Modules Major/Sample Event Types Related Threats Details
Authentication Login to OneLogin Failed/Succeeded, User Authentication via API Failed/Succeeded, User Failed Remote Authentication, Mac Login Success/Failed, User Logged Out From OneLogin, User Logged Out From App, User Authenticated by RADIUS, Social Sign-In, User Failed Login Account Compromise, Unusual Account Behavior/Geolocation, Privilege Escalation, Brute Force Authentication to OneLogin or associated apps
Active Directory Active Directory Connector Started/Stopped, Configuration Reloaded, Connector Broken, Connector Provisioning Error Account Compromise, Insider Threat Active Directory Connector events
App User Management App User Deleted/Created, App User Suspended/Reactivated, App User Linked Privilege Escalation, Account Compromise, Insider Threat OneLogin App user management events
Directory Connector & VLDAP Directory Connector Enabled/Disabled, Directory Export Started/Finished, VLDAP Bind Failed, VLDAP Enabled/Disabled/Updated, etc. Account Compromise, Insider Threat Directory Connector and VLDAP events
Directory Management Directory Added/Deleted/Modified, Directory Group Updated Account Compromise, Insider Threat Directory Management events
Applications App Added/Removed/Updated to OneLogin/User Account Compromise, Insider Threat Application events
Directory Users Management User Associated/Disassociated, User Deleted/Created, User Invited, User Locked/Unlocked, User Suspended/Reactivated, User Field Added/Removed, Self-Registration Requested for User Account Compromise, Unusual Account Behavior/Geolocation, Privilege Escalation, Brute Force Directory user management events
Roles Management Added User Role, Role Management Granted/Revoked, User Role Removed Account Compromise, Unusual Account Behavior/Geolocation, Privilege Escalation, Brute Force, Insider Threat Role management events
Security Settings Trusted IdP Removed, Certification Expiration Notice, Certification Created, RADIUS Configuration Updated, Desktop SSO Enabled/Disabled, VPN Enabled/Disabled Account Compromise, Insider Threat Security setting modification events
SAML SAML ACS (Assertion Consumer Service) Failure Account Compromise, Insider Threat SAML events
Passwords Set Password, Request Password, Failed to Set Password, Smart Password Update Success/Failure Account Compromise, Insider Threat Password management events
Sandbox Sandbox Sync, Sandbox Update/Create Delete Success/Failure Account Compromise, Insider Threat Sandbox events