From 0792d1f20e24b37ce2876dfe0db77e0aec9041da Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Tue, 9 Sep 2025 17:04:52 +0530 Subject: [PATCH 1/6] Update onelogin.md --- docs/integrations/saml/onelogin.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/docs/integrations/saml/onelogin.md b/docs/integrations/saml/onelogin.md index 99bc621ce3..56eb7920d8 100644 --- a/docs/integrations/saml/onelogin.md +++ b/docs/integrations/saml/onelogin.md @@ -17,9 +17,9 @@ The app provides insights into account activity and user behavior, including tot This app includes [built-in monitors](#onelogin-alerts). For details on creating custom monitors, refer to [Create monitors for OneLogin app](#create-monitors-for-onelogin-app). ::: -## Prerequisites +## Setting up the collection -### Configure an event broadcaster for event logs +**Prerequisites** :::note To use this feature, you'll need to enable access to your OneLogin logs and ingest them into Sumo Logic. @@ -27,13 +27,15 @@ To use this feature, you'll need to enable access to your OneLogin logs and inge Once you begin uploading data, your daily data usage will increase. It's a good idea to check the **Account** page in Sumo Logic to make sure that you have enough quota to accommodate additional data in your account. If you need additional quota you can [upgrade your account](/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account) at any time. -* **OneLogin Enterprise** or **Unlimited** plan subscription. -* **Configure an Event Broadcaster** - * Add a Sumo Logic [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) to your Sumo Logic Org. - * Configure an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics) for your OneLogin data. Make sure to set the **Source Category** when configuring the OneLogin source. For example, onelogin. - * From OneLogin, configure a broadcaster that points to this endpoint using the instructions in the [OneLogin documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=43f95543db109700d5505eea4b961959). You must use SIEM (NDJSON) format. Use the Sumo Logic HTTP Source URL as the Listener URL, and custom header is not needed. -* **Configure the C2C source for users' logs** - * Follow the instructions for setting up [Cloud-to-Cloud Integration for OneLogin App](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/onelogin-source/) to create the source and use the same source category while installing the app. +### Configure an event broadcaster for event logs + +* Add a Sumo Logic [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) to your Sumo Logic Org. +* Configure an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics) for your OneLogin data. Make sure to set the **Source Category** when configuring the OneLogin source. For example, onelogin. +* From OneLogin, configure a broadcaster that points to this endpoint using the instructions in the [OneLogin documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=43f95543db109700d5505eea4b961959). You must use SIEM (NDJSON) format. Use the Sumo Logic HTTP Source URL as the Listener URL, and custom header is not needed. + +### Configure the C2C source for users' logs + +Follow the instructions for setting up [Cloud-to-Cloud Integration for OneLogin App](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/onelogin-source/) to create the source and use the same source category while installing the app. ## Log types From d6cbf502de9b5b397e0e606c4a4fb9bde63ff022 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Wed, 10 Sep 2025 10:17:30 +0530 Subject: [PATCH 2/6] Update docs/integrations/saml/onelogin.md Co-authored-by: John Pipkin (Sumo Logic) --- docs/integrations/saml/onelogin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saml/onelogin.md b/docs/integrations/saml/onelogin.md index 56eb7920d8..099c3f7a18 100644 --- a/docs/integrations/saml/onelogin.md +++ b/docs/integrations/saml/onelogin.md @@ -30,7 +30,7 @@ Once you begin uploading data, your daily data usage will increase. It's a good ### Configure an event broadcaster for event logs * Add a Sumo Logic [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) to your Sumo Logic Org. -* Configure an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics) for your OneLogin data. Make sure to set the **Source Category** when configuring the OneLogin source. For example, onelogin. +* Configure an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics) for your OneLogin data. Make sure to set the **Source Category** when configuring the OneLogin source. For example, `onelogin`. * From OneLogin, configure a broadcaster that points to this endpoint using the instructions in the [OneLogin documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=43f95543db109700d5505eea4b961959). You must use SIEM (NDJSON) format. Use the Sumo Logic HTTP Source URL as the Listener URL, and custom header is not needed. ### Configure the C2C source for users' logs From 1829c304db1a3d3692a3e9213262d3e4646bb1b6 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Wed, 10 Sep 2025 10:18:04 +0530 Subject: [PATCH 3/6] Update onelogin.md --- docs/integrations/saml/onelogin.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/integrations/saml/onelogin.md b/docs/integrations/saml/onelogin.md index 099c3f7a18..1ff33d07b3 100644 --- a/docs/integrations/saml/onelogin.md +++ b/docs/integrations/saml/onelogin.md @@ -19,8 +19,6 @@ This app includes [built-in monitors](#onelogin-alerts). For details on creating ## Setting up the collection -**Prerequisites** - :::note To use this feature, you'll need to enable access to your OneLogin logs and ingest them into Sumo Logic. ::: @@ -211,4 +209,4 @@ import AppUpdate from '../../reuse/apps/app-update.md'; import AppUninstall from '../../reuse/apps/app-uninstall.md'; - \ No newline at end of file + From 0dfdfbd620390fbfc435309c3517ae0ee113724d Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Wed, 10 Sep 2025 12:18:04 +0530 Subject: [PATCH 4/6] Update docs/integrations/saml/onelogin.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saml/onelogin.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/integrations/saml/onelogin.md b/docs/integrations/saml/onelogin.md index 1ff33d07b3..675d676831 100644 --- a/docs/integrations/saml/onelogin.md +++ b/docs/integrations/saml/onelogin.md @@ -29,7 +29,11 @@ Once you begin uploading data, your daily data usage will increase. It's a good * Add a Sumo Logic [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) to your Sumo Logic Org. * Configure an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics) for your OneLogin data. Make sure to set the **Source Category** when configuring the OneLogin source. For example, `onelogin`. -* From OneLogin, configure a broadcaster that points to this endpoint using the instructions in the [OneLogin documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=43f95543db109700d5505eea4b961959). You must use SIEM (NDJSON) format. Use the Sumo Logic HTTP Source URL as the Listener URL, and custom header is not needed. +* From OneLogin platform, configure a broadcaster that points to this endpoint. For instructions, refer to the [OneLogin documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=43f95543db109700d5505eea4b961959). + - Use the Sumo Logic HTTP Source URL as the Listener URL, and custom header is not required. +:::info +Make sure you use the SIEM (NDJSON) format. +::: ### Configure the C2C source for users' logs From 11235af52fc391ef26b4afa8deab46923bc49f65 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Wed, 10 Sep 2025 12:18:14 +0530 Subject: [PATCH 5/6] Update docs/integrations/saml/onelogin.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saml/onelogin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saml/onelogin.md b/docs/integrations/saml/onelogin.md index 675d676831..d3693c0f9d 100644 --- a/docs/integrations/saml/onelogin.md +++ b/docs/integrations/saml/onelogin.md @@ -37,7 +37,7 @@ Make sure you use the SIEM (NDJSON) format. ### Configure the C2C source for users' logs -Follow the instructions for setting up [Cloud-to-Cloud Integration for OneLogin App](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/onelogin-source/) to create the source and use the same source category while installing the app. +Use the [Cloud-to-Cloud Integration for OneLogin](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/onelogin-source/) to create the source and use the same source category while installing the app. ## Log types From eb1ba13c92d62a979aafc52f850b72d7c16d11da Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Wed, 10 Sep 2025 12:41:42 +0530 Subject: [PATCH 6/6] Update onelogin.md --- docs/integrations/saml/onelogin.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/integrations/saml/onelogin.md b/docs/integrations/saml/onelogin.md index d3693c0f9d..bb41adf4c3 100644 --- a/docs/integrations/saml/onelogin.md +++ b/docs/integrations/saml/onelogin.md @@ -23,16 +23,16 @@ This app includes [built-in monitors](#onelogin-alerts). For details on creating To use this feature, you'll need to enable access to your OneLogin logs and ingest them into Sumo Logic. ::: -Once you begin uploading data, your daily data usage will increase. It's a good idea to check the **Account** page in Sumo Logic to make sure that you have enough quota to accommodate additional data in your account. If you need additional quota you can [upgrade your account](/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account) at any time. +Once you begin uploading data, your daily data usage will increase. It's a good idea to check the **Account** page in Sumo Logic to ensure that you have enough quota to accommodate additional data in your account. If you need additional quota, you can [upgrade your account](/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account) at any time. ### Configure an event broadcaster for event logs -* Add a Sumo Logic [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) to your Sumo Logic Org. -* Configure an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics) for your OneLogin data. Make sure to set the **Source Category** when configuring the OneLogin source. For example, `onelogin`. -* From OneLogin platform, configure a broadcaster that points to this endpoint. For instructions, refer to the [OneLogin documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=43f95543db109700d5505eea4b961959). - - Use the Sumo Logic HTTP Source URL as the Listener URL, and custom header is not required. +1. Add a Sumo Logic [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) to your Sumo Logic Org. +1. Configure an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics) for your OneLogin data. Ensure to set the **Source Category** when configuring the OneLogin source. For example, `onelogin`. +1. From the OneLogin platform, configure a broadcaster that points to this endpoint. For instructions, refer to the [OneLogin documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=43f95543db109700d5505eea4b961959). + - Use the Sumo Logic HTTP Source URL as the Listener URL, and a custom header is not required. :::info -Make sure you use the SIEM (NDJSON) format. +Ensure you use the SIEM (NDJSON) format. ::: ### Configure the C2C source for users' logs