OneLogin Review

OneLogin's automated identity management software increases network security and reduces low-level IT help desk support requests. Its entry-level price point also lets you add sign-on (SSO) and multi-factor authentication (MFA) technology without breaking the bank.

You employ multiple types of security to protect your physical inventory and must do the same for your business's enterprise network and data.

Every login screen on each device connected to your network is a potential intrusion point for hackers, and you can't rely on employee-generated passwords such as 1234567 or password to keep your digital assets safe.

OneLogin is a leading identity management software provider. We'll take a close look at its features, pricing, strengths, and weaknesses, so you can decide if it's the right fit for your small business.

Who is OneLogin for?

Founded in 2010, OneLogin supplies cloud-based identity and access management (IAM) solutions, including single sign-on (SSO) and multi-factor authentication (MFA) for endpoint security. It also provides a unified access management platform for enterprise-level businesses and organizations.

More than 2,500 companies, including Airbus, Tesco, and Zoes Kitchen, use OneLogin, but its pricing schedule makes it affordable for smaller companies.

OneLogin's features

OneLogin security has separate product suites for workforce and customer identity management. In this review, we'll focus on its workforce applications, which include:

• SSO
• MFA
• SmartFactor Authentication
• Identity life cycle management
• Remote Authentication Dial-In User Service (RADIUS)
• Virtual Lightweight Directory Access Protocol (VLDAP)

Let's begin with a closer look at OneLogin's SSO and MFA and their reporting features.

Single sign-on (SSO)

SSO allows users to log in once to the OneLogin interface and directly access third-party applications such as Gmail, Slack, and Salesforce in the cloud or behind a company firewall.

Users save time because they are not required to log into multiple accounts every day, and network security is increased because you can customize password policies with required length, complexity, and session timeouts.

Account admins have multiple options when adding and configuring apps from OneLogin's catalog:

• Manage all applications from a single page
• Instantly deploy apps across your company
• Give users access to apps either individually or through defined roles
• Delegate app-specific admin permissions

Once your user portal is set up and populated with apps, employees can access them after logging in.

The OneLogin SSO portal makes it easy to access connected apps. Image source: Author

You can choose from more than 6,000 pre-integrated applications, but if you use one that's not in its catalog, the OneLogin custom connector feature adds it to your user portal.

Multi-factor authentication (MFA)

All passwords can be cracked; it's only a matter of computational power and time. MFA addresses this issue by requiring more identification factors such as answering a security question, sending a one-time password (OTP) to your phone, or using a fingerprint.

OneLogin MFA protects against multiple attack types:

• Brute force
• Credential stuffing
• Keyloggers
• Man-in-the-middle
• Phishing and spear phishing

Even if attackers have login credentials, secondary authentication factors prevent them from accessing your company's network and data.

MFA provides a critical layer of protection for your network. Image source: Author

The free OneLogin Protect app for iOS and Android devices provides seamless MFA, including OTPs.

Reports

Your network's security is critical, and IAM reports provide valuable information, especially if you have a network security operations center to help prevent cyberattacks.

OneLogin's centralized records for user management and login activity let you examine users, apps, and events using its standard reports or ones you've customized.

OneLogin has four report types:

• Users: Last logins, authentication factors, and group details
• Apps: Settings, role memberships, and users
• Events: Failed sign-ins, user creation, and access policy data
• Logins: User logins for applications, including usernames and password strength

Another useful feature at OneLogin's website is its network status information, which is updated daily. The screenshot below is for U.S. network performance, but you can see the same information for Europe, too.

OneLogin's network status calendar is comprehensive and easy to read. Image source: Author

OneLogin is known for the security of its network, which has remained operational during wide-scale distributed denial of service attacks, and for discovering intrusions within hours instead of the more common time frame of weeks or months.

OneLogin's ease of use

As your company grows, information technology (IT) techs inevitably spend more time on creating new passwords, resetting passwords, and solving related issues.

OneLogin's password management automation results in fewer password-related help desk tickets, which leads to improved employee productivity and increased IT department efficiency.

The biggest issue on the IT side was third-party apps not being updated as soon as their vendors changed configurations, but with more than 6,000 apps in the OneLogin catalog, this is not unexpected.

Users like OneLogin's clean SSO interface and the ability to access multiple company-wide applications. Adding apps and logins via the web browser extension is also handy.

The best IAM software should be invisible, allowing users to securely access the applications they need without any undue thought about how they got there. The majority of OneLogin users report that this is their experience.

The biggest complaint most users report is repeatedly logging in after sessions time out. However, this illustrates a different issue -- the too common lack of communication between IT departments and users.

As per the screenshot below, your company's account administrators, not OneLogin, choose the session timeout settings, which include a no timeout option.

OneLogin lets you set session timeout parameters. Image source: Author

All IAM software impacts the user experience -- added authentication factors, the need for mobile apps to receive OTPs -- and nobody wants more hoops to jump through to do their job. Educating users about how and why your company is using OneLogin is critical to achieve company-wide buy-in.

OneLogin's pricing

OneLogin's pricing has three plans:

• Starter: $2/month per user (minimum 25 users) -- Includes unlimited app integrations, desktop SSO, application programming interface (API) access, encryption policy, Active Directory (AD), single language support, and standard reports.
• Enterprise: $4/month per user (minimum 10 users) -- Adds MFA, custom app connectors, security policies, multiple language support, cloud search, and virtual private network (VPN) integration.
• Unlimited: $8/month per user (minimum 5 users) -- Adds directory and user provisioning, custom fields, HR integrations (Workday, UltiPro, Namely, BambooHR), and on/offboarding checklists.

Quarterly subscriptions get a 5% discount, and annual subscriptions get 10%. A 30-day free trial of the Enterprise plan is available. The OnePlus support package comes with all plans; OnePrime and OneVIP cost extra.

OneLogin's support

OneLogin offers three support packages:

• OnePlus: Includes 12x5 phone and online support, access to technical documentation, and discounted training.
• OnePrime: Adds 24x5 phone and online support, dedicated support and escalations teams, and a quarterly deployment overview. For accounts with a minimum $50,000/year subscription, it adds a named customer success manager.
• OneVIP: Adds 24/7/365 priority phone and online support, an annual technical health check, and a dedicated enterprise customer success manager.

OnePlus support is included with all plans. OnePrime and OneVIP cost extra, but no pricing information is available at OneLogin's website.

Online support options include:

• Knowledge base
• Community-based support
• Live and on-demand webinars
• Solution briefs and data sheets
• Security Assertion Markup Language (SAML) toolkits

The OneLogin blog provides the newest information on topics, including products and technology, security and compliance, and other company news.

Benefits of OneLogin

While SSO and MFA are the backbone of OneLogin's IAM software, extra benefits come from related add-ons and features. We'll take a look at three of them below: the Portal mobile app, browser extensions, and SmartFactor authentication.

Portal app

When you and your employees are on the go, use OneLogin's free Portal app for iOS and Android devices to log into your account and access your apps.

The OneLogin Portal app features include:

• Securing the app with biometric facial recognition or fingerprint
• Toggling between grid and list views of your company-assigned and personal apps
• Updating your password from the profile page and using other profile management tools

The Portal app mirrors OneLogin's desktop functionality. Image source: Author

The app was recently redesigned and now automatically fills form-based application logins.

Browser extensions

While the OneLogin desktop portal is easy to use, your employees may not want to return to it during the day to access different applications. They won't have to when they use the OneLogin extensions for Chrome, Safari, Internet Explorer, Firefox, and Edge browsers.

Some apps require you to use the browser extension because their integration is via form-filling.

The browser extension's functionality includes:

• A drop-down list of a user's SSO apps
• Option to use OneLogin's login when a user goes to an application's login page
• Automatic updates when the browser opens

The extension also has an Add App dialog box that appears when it detects a login page for an app not in your OneLogin portal.

The OneLogin Chrome extension lets you add apps as you're on the web. Image source: Author

The browser extension is safe to use on any computer because it doesn't save passwords locally on a user's computer.

SmartFactor authentication

Standard MFA tools use inflexible rules for logins, but these can diminish the user experience if applied too rigidly.

For example, I worked at a college where every time I logged into its email system -- even if I was using the desktop computer in my campus office -- I had to enter a OTP sent to my phone. It wasn't the end of the world, but it was an ongoing hassle.

OneLogin's SmartFactor Authentication uses an artificial intelligence (AI) risk engine that calculates a risk score to determine the best adaptive authentication security factors to apply to each login.

OneLogin's SmartFactor Authentication calculates the appropriate level of security for login attempts. Image source: Author

SmartFactor Authentication factors include:

• Location
• Device
• User behavior

If my old college had used adaptive authentication, someone attempting to log into my school email account outside of the U.S. or from an unrecognized device would have triggered MFA, but I could have logged in from my campus office with only my password.

Increase your network security with SSO and MFA technology

OneLogin has the same standard features -- SSO, MFA, mobile apps, and browser extensions -- as other major IAM players, so it's not breaking any new ground. The biggest draw is the Starter plan's pricing: a total of $50/month for 25 users.

If you're new to this technology, you can get your feet wet and figure out how it works without a burdensome financial commitment.

How OneLogin Compares