clear up that API keys require OneLogin Admin permissions

allcloud-io · Oct 8, 2024 · ffc508c · ffc508c
1 parent c1cd690
commit ffc508c
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -153,7 +153,9 @@ The `--client-id` and `--client-secret` flags are OneLogin API credentials. You
 instructions [here][8] to obtain them. OneLogin requires using static credentials even for
 **attempting authentication**, and for that reason Clisso needs them. Please be sure to select
 **Authentication Only** when generating the credentials. Higher-level permissions aren't used by
-Clisso and will only pose a security risk when stored at a client machine.
+Clisso and will only pose a security risk when stored at a client machine. You might have to open
+a ticket with your OneLogin administrator to obtain these credentials as administrator privileges
+are required.
 
 The `--subdomain` flag is the subdomain of your OneLogin account. You can see it in the URL when
 logging in to OneLogin. For example, if you log in to OneLogin using `mycompany.onelogin.com`, use