Configure OneLogin for Arctic Wolf Active Response

With the Active Response service, Arctic Wolf® can perform identity-based response actions in your network using OneLogin.

OneLogin supports these response actions:
  • Disable/Enable a user
  • Close user connections
  • Force a password reset

For more information, see Response action descriptions.

Note:

Configure this integration with your primary identity provider in a cloud-based environment. Arctic Wolf does not support hybrid or on-premises environments for identity-based response actions.

These resources are required:

  • A OneLogin account with administrator or account owner permissions.
  • Contact your CST to validate the Active Response integration. Have an account or environment ready that Arctic Wolf can use to validate the desired response actions without causing interruptions.

Create credentials for OneLogin Active Response

For more information, see Working with API Credentials.
  1. Sign in to the OneLogin admin portal.
  2. Navigate to Developers > API Credentials.
  3. Click New Credential.
  4. In the Create new API credential dialog, enter a name for the credential.
    For example, Arctic Wolf Active Response.
  5. Select Manage users.
  6. Click Save.
  7. Copy the Client ID and the Client Secret values to a safe, encrypted location.
    You will provide these values to Arctic Wolf later.

Provide OneLogin Active Response credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Integrations.
  3. On the Active Response tab, click New Active Response Integration +.
  4. Click OneLogin.
  5. On the New Active Response Integration page, configure these settings:
    • Integration Name — Enter a unique and descriptive name for the integration, including the tenant name. For example, tenant_name OneLogin Active Response Integration.
    • Base URL — Enter the base URL of your OneLogin domain. For example, https://tenant_name.onelogin.com.
    • Client ID — Enter the client ID that you generated in Create credentials for OneLogin Active Response.
    • Client Secret — Enter the client secret that you generated in Create credentials for OneLogin Active Response.
  6. Click Save Integration.