OneLogin
Version
This integration utilizes the OneLogin REST API v2.
Base URL
The base URL used for all OneLogin API endpoints contains the Subdomain:https://api.subdomain.onelogin.com/api/2
Authentication & Authorization
The DataGrail OneLogin integration connects using OAuth 2.0 with the following credentials: Client ID and Client Secret.
Scopes
The OneLogin integration requires specific scopes that must be granted in order to function for a given capability.
| Scope | System Detection |
|---|---|
Live Data Map:['Read all'] | ✅ |
Endpoints Utilized
DataGrail uses the following endpoints to authorize and test the connection:
| Method | Endpoint | Purpose | Docs |
|---|---|---|---|
| GET | /apps | Validate credentials | |
| GET | https://subdomain.onelogin.com/auth/oauth2/v2/token | Get and refresh access token |
Limits
Limits in OneLogin are calculated using the leaky
bucket algorithm. All requests that are made after rate limits have been
exceeded are throttled and an HTTP 429 Too Many Requests error is returned.
Requests succeed again after enough requests have emptied out of the bucket.
- DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.
- DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).
Capabilities
System Detection
DataGrail provides continuous system detection, delivering a real-time inventory of your data assets.Data Interactions
DataGrail's System Detection process runs once daily and performs the following actions:
- Retrieve the list of all Apps to build a list of applications.
- List of users that are assigned to each of detected applications (by application ID).
Endpoints Utilized
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.