Monitor your IdP for suspicious activity.

Request a DemoRead the Docs

Monitor OneLogin logs to gain complete visibility into your IdP activity with Panther’s OneLogin integration.

OneLogin provides single sign-on and identity management for organizations. Panther can collect, normalize, and monitor OneLogin logs to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a serverless data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for OneLogin with Panther include:

  • Monitor admin actions, failed and successful logins, and user activities to your applications
  • Ensure data is not being improperly shared or accessed
  • Track and monitor third-party app authorizations to more tightly enforce data access policies

How it Works

The integration is simple and fast:

  • Configure your OneLogin account to send data to S3 via Amazon EventBridge
  • Panther will parse, normalize, and analyze your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer
  • Sit back and monitor your activity!

Learn more about Panther's supported log schema for OneLogin.