# Events Fetches events data from a OneLogin account. **Sync Type: Incremental** ### Requirements - Before you connect Monad to OneLogin, you need client credentials. - Instructions [Here](https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials). - Get your OneLogin Subdomain, and is of the format domain.onelogin.com, which is also a part of the URL you would access your account with. - In most cases, your subdomain name is simply your company name. However, you can also extract the subdomain from your url. ## Details Monad uses the `since` query parameters on the [API](https://developers.onelogin.com/api-docs/1/events/get-events) to determine what events to display. This field is updated every time a request to get events is successful with the time of the latest event generated. If this was the first time requesting for events, a full sync of the data is performed. ## Configuration The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below. #### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | Subdomain | string | Yes | Your organization's specific OneLogin domain. Typically is of the format domain.onelogin.com. | | API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See [API Rate Limiting](../../../guides/rate-limiting) for the field format, limits, and how to choose a value. | #### Secrets | Secret | Type | Required | Description | |---------|------|----------|-------------| | Client ID | string | Yes | ClientID to authenticate with the OneLogin API. | | Client Secret | string | Yes | ClientSecret to authenticate with the OneLogin API. | ## Custom Schema Handling If the source data doesn't align with any of the [OpenSecurityControlFramework (OSCF) schemas](https://schema.ocsf.io/), you can create a custom transformation using our JQ transform pipeline. For example: ```jq { metadata: { schema_version: "1.0.0", custom_framework: "my_framework" }, controls: .[] } ``` For more information on JQ and how to write your own JQ transformations see the JQ docs [here](https://jqlang.github.io/jq/). If you believe this data source should be included in the standard OSCF schema set, please reach out to our team at [support@monad.com](mailto:support@monad.com). We're always looking to expand our coverage of security control frameworks based on community needs. ### Related Articles - [https://developers.onelogin.com/api-docs/1/events/get-events](https://developers.onelogin.com/api-docs/1/events/get-events) ## Sample Record ```json { "id": "856400526", "created_at": "2025-08-11T23:46:46.09295Z", "account_id": "74110", "user_id": "28417278", "event_type_id": "36", "notes": "Password reset", "ipaddr": "166.70.95.196", "actor_user_id": "6622779", "assuming_acting_user_id": "{{ randomInt 1000000 9999999 }}", "role_id": "{{ randomInt 1 100 }}", "app_id": null, "group_id": null, "otp_device_id": "{{ randomInt 1 10000 }}", "policy_id": null, "actor_system": "Mobile", "custom_message": "Custom event message", "role_name": "Manager", "app_name": "Mobile App", "group_name": "IT Department", "actor_user_name": "Sarah Miller", "user_name": "Tom Johnson", "policy_name": "Default Policy", "otp_device_name": null, "operation_name": "profile_update", "directory_sync_run_id": null, "directory_id": null, "resolution": null, "client_id": null, "resource_type_id": "{{ randomInt 1 50 }}", "error_description": "Authentication failed", "proxy_ip": null, "risk_score": "{{ randomInt 0 100 }}", "risk_reasons": null, "risk_cookie_id": "{{ uuid }}", "browser_fingerprint": null } ```