Skip to content

OneLogin SSO Key

Service Name: OneLogin

Service Description: OneLogin is an Identity and Access Management (IAM) solution that provides Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user provisioning capabilities to secure and streamline access to applications and resources.

Service Address: https://www.onelogin.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the OneLogin account level through security policies.

Secret Access Scope: OneLogin API keys grant programmatic access to the OneLogin API, allowing management of users, roles, apps, and other OneLogin resources.

Secret Revokement URL: https://admin.onelogin.com/api-credentials

Secret Example: 12345678901234567890123456789012345678901234567890

Suspicious Activity Investigation Instructions:

  • Review OneLogin event logs for unusual authentication attempts or API calls.
  • Check for unexpected user provisioning or deprovisioning activities.
  • Monitor for unauthorized application access or configuration changes.
  • Review IP addresses that have accessed the API for suspicious locations.
  • Check for unusual volumes of API requests that could indicate automated attacks.

Mitigation Instructions:

  • Log in to your OneLogin admin portal at https://admin.onelogin.com/.
  • Navigate to Developers > API Credentials.
  • Locate the compromised API key and click Revoke.
  • Generate a new API key if needed.
  • Review and update API access policies and permissions.
  • Consider implementing IP restrictions for API access if not already in place.
  • Enable notifications for API usage to detect potential misuse.
  • Review all recent changes made via the API to identify and revert any unauthorized modifications.