OneLogin, Inc. is a cloud-based identity and access management (IAM) provider focused on selling to businesses and other organizations. The company's goals are to use IAM to secure user access to applications and devices, reduce IT time on user onboarding and offboarding, and increase end user productivity through single sign-on (SSO).
OneLogin's Open Source SAML Toolkits are now used by over 300 app vendors and over 70 SaaS vendors to make their apps more secure. OneLogin integrates with multiple cloud applications, most recently Namely, Workplace by Facebook and RemedyForce.
Video OneLogin
History
OneLogin was founded in 2009 in San Francisco by Thomas and Christian Pedersen. The brothers were involved with the on-demand help desk application, Zendesk, before launching OneLogin. Through their interactions with Zendesk customers, the founders realized that companies were encountering security and productivity challenges moving into the cloud. This is where the idea came to build an identity and access management solution that was secure and easy to use. OneLogin officially launched in 2010. Since then, the company has garnered the trust of security conscious organizations worldwide. In August 2017, OneLogin appointed Brad Brooks as chief executive officer.
Maps OneLogin
Products
OneLogin's product line-up includes the following:
- Single Sign-On
- Cloud Directory
- User Provisioning
- Multi-factor Authentication (MFA)
- Adaptive Authentication
- Mobile Identity Management
- Virtual LDAP
- Cloud RADIUS
- Desktop Authentication
- Web Access Management (WAM)
Customers
OneLogin customers use the company's service to manage millions of user identities in dozens of countries. The company serves customers from a range of industries including technology, education, retail, financial services, manufacturing, media, health and life sciences, and services. Some representative customers of OneLogin include Steelcase, Pinterest, Dell Services, San Jose Unified School District, Practice Fusion, Acuris, Fairfax Media, Sonnen, Kreditech, Berklee College of Music, and Berwin Leighton Paisner.
Integrations and Partnerships
The OneLogin API provides endpoints for SAML, OpenID Connect, SCIM, and OAuth. There are also SAML Toolkits for Java, Python, Ruby, and PHP, made available on the company's public GitHub repositories. These toolkits are actively developed by dozens of contributors. These SAML toolkits have been downloaded more than three million times.
OneLogin provides single sign-on for cloud applications including Microsoft Office 365, Google G Suite, Salesforce.com, Amazon Web Services, ServiceNow, and Workplace by Facebook. Users may sign in to its single sign-on service using their credentials from Google, Facebook, LinkedIn, and Twitter. The company's offerings also integrate with the following directories: Active Directory, ADFS, LDAP, Google G Suite Directory, Workday, Ultimate Software UltiPro, and Namely. OneLogin sends data to Security Information and Event Management (SIEM) systems, including Splunk, Sumo Logic, and ELK/Elastic.
OneLogin Protect, a mobile application for multi-factor authentication, runs on iOS and Android devices. OneLogin integrates with third-party MFA providers Duo Security, Google Authenticator, RSA SecurID, Symantec VIP Access, Yubico Yubikey, Gemalto SafeNet, Swivel Pinsafe, VASCO DIGIPASS and IDENTIKEY, and FireID Security. OneLogin Desktop Authentication runs on Windows and Mac computers.
OneLogin SSO Browser Extensions run on Google Chrome, Microsoft Edge and Internet Explorer, Safari, and Firefox. OneLogin integrates with RADIUS to authenticate into network appliances including WiFi access points and VPN servers, including those from Cisco Meraki and Juniper. OneLogin Web Access Management integrates with Apache, Microsoft IIS, and Tomcat. OneLogin integrates with cloud access security brokers (CASBs) Cisco Cloudlock, Skyhigh, and Bitglass.
In September 2016, OneLogin announced a partnership with Deutsche Telekom's T-Systems to resell OneLogin within the European Union (EU).
Funding
OneLogin is backed by the venture firms Charles River Ventures, The Social Capital, and Scale Venture Partners. Its venture funding includes:
- $4.7M Series A in June 2010
- $13M Series B in October 2013
- $25M Series C in December 2014
Acquisitions
In December 2015, OneLogin acquired San Diego-based Cafésoft, a provider of on-premise Web Access Management (WAM) software. The technology enables OneLogin to extend Single Sign-on to applications running on-premises.
In June 2016, OneLogin acquired Santa Clara, California-based Portadi, a cloud-based password management tool. The technology enables OneLogin to automatically populate customer's OneLogin single sign-on portals with applications as employees manually sign into them.
In November 2016, OneLogin acquired London-based Sphere Secure Workspace, a software vendor with container technology that runs on mobile devices.
In June 2017, OneLogin acquired Auckland, New Zealand-based ThisData, a developer-focused cloud security company specializing in account takeover detection. The technology has been used to enable OneLogin's adaptive authentication solution, which uses machine learning to intelligently score the risk of each login attempt, and challenges users making high-risk logins to use an additional authentication factor.
Awards and Recognition
In May 2015, Forrester Research ranked OneLogin as the top vendor in the Forrester Wave for Cloud Identity & Access Management.
In December 2015, OneLogin was named a "Best Place to Work" by Glassdoor.
In January 2016, OneLogin was ranked 28th on Deloitte's Technology Fast 500, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America.
In March 2016, OneLogin was named to the "Fast 50" privately held Internet security, networking, and storage companies by JMP Securities LLC.
OneLogin has been named a "Top Workplace" by the Bay Area News Group and the Great Place to Work series.
In July 2017, Gartner Peer Insights ranked OneLogin #1 among Access Management providers. The company has been mentioned in USA Today, TechCrunch, The Wall Street Journal, Forbes, Bloomberg, Marketwatch, The Atlantic, and Fortune.
Certifications
OneLogin maintains the following certifications:
- SOC 2 Type 2
- SOC 1 Type 2
- ISO 27017:2015
- ISO 27018:2014
- ISO 20001:2013
- Skyhigh Enterprise-Ready
- CSA STAR
- TRUSTe Certified Privacy
- U.S. Privacy Shield
- EU Model Contract Clauses
OneLogin has published the scope of its compliance with:
- HIPAA
- FFIEC / GLBA
- NIST Cybersecurity Framework
- FERPA
- G-Cloud
- GDPR
Availability
OneLogin reports on the current and historic availability of its service at onelogin.com/trust, with backup availability status pages at onelogin.status.io and onelogineu.status.io. OneLogin runs in multiple Amazon Web Services (AWS) datacenters in the US, as well as in AWS Dublin and AWS Frankfurt.
OneLogin remained available and performant during the October 2016 attack on Dyn, a major provider of DNS services, which brought down many websites, including Spotify, Twitter, Reddit, and The New York Times, in part by using redundant DNS providers.
Security
OneLogin regularly performs penetration tests and network scans, anti-phishing programs, and runs a bug bounty program and vulnerability disclosure program.
OneLogin Security Breach, August 2016
In August 2016, OneLogin reported that "an unauthorised user gained access to one of our standalone systems, which we use for log storage and analytics.". The single user accessed the service for a month or more, and may have been able to see Secure Notes unencrypted. To remediate, OneLogin fixed the cleartext logging bug, locked down access to the log management system, and reset passwords.
OneLogin Security Breach, May 2017
On May 31, 2017, OneLogin detected and stopped unauthorized access in their US data region. According to a OneLogin blog post on the breach, "a threat actor used one of our AWS keys to gain access to our AWS platform via an API from an intermediate host with another, smaller service provider in the US."
OneLogin staff detected the intrusion in seven hours. This seven hour Time to Detection (TTD) was faster than Cisco's estimated industry average of 100-200 days to detect a breach and FireEye's 146 days to detect a breach, and slightly faster than Cisco's best median TTD of nine hours to discover security issues.
OneLogin staff shut down the affected instances as well as the compromised AWS keys within several minutes to stop the intrusion and confirmed there were no other active threats. This was significantly faster than the industry average of 100-120 days to remediate existing vulnerabilities.
The company has since improved its monitoring of AWS API endpoint signals, strengthened AWS key management, enhanced infrastructure and application encryption, expanded threat hunting activities and created additional in-app risk mitigation tools.
See also
- List of single sign-on implementations
References
External links
- Official website
Source of article : Wikipedia