You employ multiple types of security to protect your physical inventory and must do the same for your business’s enterprise network and data.
Every login screen on each device connected to your network is a potential intrusion point for hackers, and you can’t rely on employee-generated passwords such as 1234567 or password to keep your digital assets safe.
OneLogin is a leading identity management software provider. We’ll take a close look at its features, pricing, strengths, and weaknesses, so you can decide if it’s the right fit for your small business.
Who is OneLogin for?
Founded in 2010, OneLogin supplies cloud-based identity and access management (IAM) solutions, including single sign-on (SSO) and multi-factor authentication (MFA) for endpoint security. It also provides a unified access management platform for enterprise-level businesses and organizations.
More than 2,500 companies, including Airbus, Tesco, and Zoes Kitchen, use OneLogin, but its pricing schedule makes it affordable for smaller companies.
OneLogin security has separate product suites for workforce and customer identity management. In this review, we’ll focus on its workforce applications, which include:
- SmartFactor Authentication
- Identity life cycle management
- Remote Authentication Dial-In User Service (RADIUS)
- Virtual Lightweight Directory Access Protocol (VLDAP)
Let’s begin with a closer look at OneLogin’s SSO and MFA and their reporting features.
Single sign-on (SSO)
SSO allows users to log in once to the OneLogin interface and directly access third-party applications such as Gmail, Slack, and Salesforce in the cloud or behind a company firewall.
Users save time because they are not required to log into multiple accounts every day, and network security is increased because you can customize password policies with required length, complexity, and session timeouts.
Account admins have multiple options when adding and configuring apps from OneLogin’s catalog:
- Manage all applications from a single page
- Instantly deploy apps across your company
- Give users access to apps either individually or through defined roles
- Delegate app-specific admin permissions
Once your user portal is set up and populated with apps, employees can access them after logging in.
You can choose from more than 6,000 pre-integrated applications, but if you use one that’s not in its catalog, the OneLogin custom connector feature adds it to your user portal.
Multi-factor authentication (MFA)
All passwords can be cracked; it’s only a matter of computational power and time. MFA addresses this issue by requiring more identification factors such as answering a security question, sending a one-time password (OTP) to your phone, or using a fingerprint.
OneLogin MFA protects against:
- Brute force
- Credential stuffing
- Phishing and spear phishing
Even if attackers have login credentials, secondary authentication factors prevent them from accessing your company’s network and data.
The free OneLogin Protect app for iOS and Android devices provides seamless MFA, including OTPs.
Your network’s security is critical, and IAM reports provide valuable information, especially if you have a network security operations center to help prevent cyberattacks.
OneLogin’s centralized records for user management and login activity let you examine users, apps, and events using its standard reports or ones you’ve customized.
OneLogin has four report types:
- Users: Last logins, authentication factors, and group details
- Apps: Settings, role memberships, and users
- Events: Failed sign-ins, user creation, and access policy data
- Logins: User logins for applications, including usernames and password strength
Another useful feature at OneLogin’s website is its network status information, which is updated daily. The screenshot below is for U.S. network performance, but you can see the same information for Europe, too.
OneLogin is known for the security of its network, which has remained operational during wide-scale distributed denial of service attacks, and for discovering intrusions within hours instead of the more common time frame of weeks or months.
OneLogin’s ease of use
As your company grows, information technology (IT) techs inevitably spend more time on creating new passwords, resetting passwords, and solving related issues.
OneLogin’s password management automation results in fewer password-related help desk tickets, which leads to improved employee productivity and increased IT department efficiency.
The biggest issue on the IT side was third-party apps not being updated as soon as their vendors changed configurations, but with more than 6,000 apps in the OneLogin catalog, this is not unexpected.
Users like OneLogin’s clean SSO interface and the ability to access multiple company-wide applications. Adding apps and logins via the web browser extension is also handy.
The best IAM software should be invisible, allowing users to securely access the applications they need without any undue thought about how they got there. The majority of OneLogin users report that this is their experience.
The biggest complaint most users report is repeatedly logging in after sessions time out. However, this illustrates a different issue — the too common lack of communication between IT departments and users.
As per the screenshot below, your company’s account administrators, not OneLogin, choose the session timeout settings, which include a no timeout option.
All IAM software impacts the user experience — added authentication factors, the need for mobile apps to receive OTPs — and nobody wants more hoops to jump through to do their job. Educating users about how and why your company is using OneLogin is critical to achieve company-wide buy-in.
OneLogin’s pricing has three plans:
- Starter: $2/month per user (minimum 25 users) — Includes unlimited app integrations, desktop SSO, application programming interface (API) access, encryption policy, Active Directory (AD), single language support, and standard reports.
- Enterprise: $4/month per user (minimum 10 users) — Adds MFA, custom app connectors, security policies, multiple language support, cloud search, and virtual private network (VPN) integration.
- Unlimited: $8/month per user (minimum 5 users) — Adds directory and user provisioning, custom fields, HR integrations (Workday, UltiPro, Namely, BambooHR), and on/offboarding checklists.
Quarterly subscriptions get a 5% discount, and annual subscriptions get 10%. A 30-day free trial of the Enterprise plan is available. The OnePlus support package comes with all plans; OnePrime and OneVIP cost extra.
OneLogin offers three support packages:
- OnePlus: Includes 12×5 phone and online support, access to technical documentation, and discounted training.
- OnePrime: Adds 24×5 phone and online support, dedicated support and escalations teams, and a quarterly deployment overview. For accounts with a minimum $50,000/year subscription, it adds a named customer success manager.
- OneVIP: Adds 24/7/365 priority phone and online support, an annual technical health check, and a dedicated enterprise customer success manager.
OnePlus support is included with all plans. OnePrime and OneVIP cost extra, but no pricing information is available at OneLogin’s website.
Online support options include:
- Knowledge base
- Community-based support
- Live and on-demand webinars
- Solution briefs and data sheets
- Security Assertion Markup Language (SAML) toolkits
The OneLogin blog provides the newest information on topics, including products and technology, security and compliance, and other company news.
Benefits of OneLogin
While SSO and MFA are the backbone of OneLogin’s IAM software, extra benefits come from related add-ons and features. We’ll take a look at three of them below: the Portal mobile app, browser extensions, and SmartFactor authentication.
When you and your employees are on the go, use OneLogin’s free Portal app for iOS and Android devices to log into your account and access your apps.
The OneLogin Portal app features include:
- Securing the app with biometric facial recognition or fingerprint
- Toggling between grid and list views of your company-assigned and personal apps
- Updating your password from the profile page and using other profile management tools
The app was recently redesigned and now automatically fills form-based application logins.
While the OneLogin desktop portal is easy to use, your employees may not want to return to it during the day to access different applications. They won’t have to when they use the OneLogin extensions for Chrome, Safari, Internet Explorer, Firefox, and Edge browsers.
Some apps require you to use the browser extension because their integration is via form-filling.
The browser extension’s functionality includes:
- A drop-down list of a user’s SSO apps
- Option to use OneLogin’s login when a user goes to an application’s login page
- Automatic updates when the browser opens
The extension also has an Add App dialog box that appears when it detects a login page for an app not in your OneLogin portal.
The browser extension is safe to use on any computer because it doesn’t save passwords locally on a user’s computer.
Standard MFA tools use inflexible rules for logins, but these can diminish the user experience if applied too rigidly.
For example, I worked at a college where every time I logged into its email system — even if I was using the desktop computer in my campus office — I had to enter a OTP sent to my phone. It wasn’t the end of the world, but it was an ongoing hassle.
OneLogin’s SmartFactor Authentication uses an artificial intelligence (AI) risk engine that calculates a risk score to determine the best adaptive authentication security factors to apply to each login.
- User behavior
If my old college had used adaptive authentication, someone attempting to log into my school email account outside of the U.S. or from an unrecognized device would have triggered MFA, but I could have logged in from my campus office with only my password.
Increase your network security with SSO and MFA technology
OneLogin has the same standard features — SSO, MFA, mobile apps, and browser extensions — as other major IAM players, so it’s not breaking any new ground. The biggest draw is the Starter plan’s pricing: a total of $50/month for 25 users.
If you’re new to this technology, you can get your feet wet and figure out how it works without a burdensome financial commitment.
View more information: https://www.fool.com/the-blueprint/onelogin-review/