OneLogin SSO Key
Service Name: OneLogin
Service Description: OneLogin is an Identity and Access Management (IAM) solution that provides Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user provisioning capabilities to secure and streamline access to applications and resources.
Service Address: https://www.onelogin.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the OneLogin account level through security policies.
Secret Access Scope: OneLogin API keys grant programmatic access to the OneLogin API, allowing management of users, roles, apps, and other OneLogin resources.
Secret Revokement URL: https://admin.onelogin.com/api-credentials
Secret Example: 12345678901234567890123456789012345678901234567890
Suspicious Activity Investigation Instructions:
- Review OneLogin event logs for unusual authentication attempts or API calls.
- Check for unexpected user provisioning or deprovisioning activities.
- Monitor for unauthorized application access or configuration changes.
- Review IP addresses that have accessed the API for suspicious locations.
- Check for unusual volumes of API requests that could indicate automated attacks.
Mitigation Instructions:
- Log in to your OneLogin admin portal at https://admin.onelogin.com/.
- Navigate to Developers > API Credentials.
- Locate the compromised API key and click Revoke.
- Generate a new API key if needed.
- Review and update API access policies and permissions.
- Consider implementing IP restrictions for API access if not already in place.
- Enable notifications for API usage to detect potential misuse.
- Review all recent changes made via the API to identify and revert any unauthorized modifications.