While OneLogin can manage passwords for a large number of users, it puts less emphasis on password management and more on application access and identity management for large businesses. This OneLogin review will break down everything you need to know about this enterprise-level identity management tool.
- OneLogin is designed more for cloud-based identity and access management, including SSO and MFA, than it is for password management.
- Its primary customers are companies with over 50 employees. Customers who own smaller businesses can still sign up, although it’s not cost-effective to do so.
- An email address registered with a valid organization domain is required for access, so consumer email accounts like Gmail aren’t accepted.
Storing passwords securely only describes one part of OneLogin’s full range of capabilities. OneLogin is a cloud-based Identity Access Management (IAM) solution that provides administrators with the tools to manage permissions for every app and employee.
05/23/2022 Facts checked
Rewrote review with updated pricing and features.
Yes, OneLogin is a legitimate identity management software. OneLogin makes it easy to manage access permissions for a large workforce.
OneLogin has password management capabilities, but it’s mainly designed to control user permissions on the active directories of large businesses. We suggest looking elsewhere for a dedicated password manager if access to secure password storage is all you need.
Strengths & Weaknesses
- Built-in SSO & MFA
- AI-driven authentication
- Cheap for large businesses
- Active directory integration
- Few features appropriate for small businesses
- Required minimum number of users
OneLogin supports integration with your company’s existing active directory and enables single sign-on (SSO) for a wide range of productivity applications.
SSO lets your employees securely use your company’s applications and resources by logging them in just once and limiting their access to the exact permission level necessary for their work. It also prevents the manual sharing of passwords and login details among employees for various accounts or platforms.
OneLogin further enhances your security with multi-factor authentication (MFA). There range of secure MFA measures includes one-time passwords, biometric authentication, security questions and more.
Compromised passwords should never happen if you create strong passwords for every user, but MFA does a good job at keeping cybercriminals out of your systems even if an employee’s username and password are stolen.
OneLogin User Provisioning & Identity Management
Each of your employees may have different levels of permission for different applications. This is where OneLogin’s automated user provisioning comes in handy.
The application automatically imports permissions from every app, so admins can use a single interface for setting and adjusting rules for all the accounts. For example, a user may be an administrator on one software application and have limited access on another.
The two package tiers are the Advanced plan and Professional plan, and there are custom plans as well. All prices are per user per month.
The Advanced and Professional plans are marketed toward businesses with at least 50 users. Advanced comes at a price of $4 per user per month and includes SSO, advanced directory and MFA. The Professional plan costs $8 per user per month and adds identity lifecycle management, HR-driven identity and many other advanced features.
With the per-user-per-month pricing model, it’s clear to see that the total cost will vary dramatically based on the size of your business. Small businesses and individual users will end up paying for more users than they actually need with OneLogin, so it’s not an ideal solution for non-enterprise users.
Small Business Plans
Nevertheless, two plans are available for businesses with fewer than 50 employees. One is for technical businesses, or those that already understand modern authentication principles, and the other is for non-technical businesses.
For the latter, OneLogin recommends collaborating with an approved managed service provider who will provide pricing, deployment and management services for your implementation. OneLogin provides a list of recommended third party MSPs including some who provide volume discounted pricing.
However, you have to contact the sales team to get a custom quote, so we can’t say for sure whether or not it’s a good deal.
Ease of Use
OneLogin requires an email address from a valid business domain in order to sign up, as it’s marketed to businesses rather than individual users.
You’ll also need company data when you create your account, such as your work phone number, title and number of employees. Subscribers can use the service free for 30 days and you don’t even have to enter payment information to do so.
After you sign in to your OneLogin account, select an app your workplace uses by entering its name in the search bar. OneLogin doesn’t support all applications, but it supports enough productivity apps to cover the needs for most organizations.
You can then add users once you’ve selected each app. OneLogin provides options for sorting users into groups and establishing roles for each user. From the admin panel, administrators have the ability to set up a business virtual private network (VPN) and monitor user activity.
Aside from the admin panel, administrators can perform most of their daily activities from a web platform. From here you have complete control to add new apps, view apps already in use and create passwords for all of your organization’s software.
OneLogin Mobile Apps
OneLogin also offers two separate applications for iOS and Android. The first mobile app is OneLogin Portal, which gives you access to all the login information you would need to use OneLogin on another platform, like your desktop or the web interface.
The second mobile app, called OneLogin Protect, is OneLogin’s own multi-factor authentication app that you can easily integrate with the software as a whole.
OneLogin is focused more on identity access management than on storing passwords, so it’s missing some of the standard security features present in most password managers, such as a zero-knowledge security model.
Password Manager Capabilities
There are controls for setting username and password requirements like minimum password length and complexity, and MFA measures that support authenticator services like Google Authenticator and YubiKey. You should have no problem keeping your passwords and other credentials secure with this application.
OneLogin protects passwords, usernames and other data with AES-256 encryption, the industry standard encryption protocol for password managers. Encryption is a valuable security tool, but even that isn’t the focus of its security offerings.
Multi-Factor Authentication, SmartFactor Authentication and Vigilance AI
The core of OneLogin’s security capabilities are its proprietary SmartFactor Authentication and Vigilance AI solutions. OneLogin uses machine learning and artificial intelligence to develop an understanding of the normal behavioral patterns of your users and enforces security challenges accordingly.
Powered by Vigilance AI, SmartFactor Authentication is a context-based security tool that takes into account factors such as the number of users on your directory, which applications they use, their geography, their device type, time of login and so on.
Machine Learning Capabilities
When Vigilance AI builds a profile of normal user behavior, it will automatically adjust authentication requirements for each user based on deviations from routine patterns.
For example, if an employee accesses an app they use daily from their usual computer and from their usual geographic location, Vigilance AI will simplify the authentication requirements to speed up login time.
If Vigilance AI detects anomalous behavior — such as an employee accessing a resource from an unusual device at an unusual time of day — the AI will enforce more strict authentication challenges, like MFA or biometric authentication. This dynamic use of AI-based security is an ideal method of balancing security with accessibility.
Because the AI acts on its own, there is always the possibility that it might be too strict or too lenient in its risk assessment for each user action. Administrators can view all activity from the event log and make changes to the AI’s behavior accordingly.
OneLogin’s primary support resource is its knowledgebase. Every aspect of the OneLogin software is thoroughly documented in this database, which makes it clear that OneLogin wants direct contact to be the last resort for its users.
The knowledgebase is easy to navigate and full of technical whitepapers, step-by-step configuration guides, troubleshooting guides and plenty of other information.
You can submit requests to the technical support team, the sales team and the customer service team in the event the knowledgebase fails you. The process will lead you through a customer support form in which you select a topic relevant to your request and describe the issue you’re having.
If you prefer a more direct line of communication with customer support, you can get in touch by calling one of their hotlines. They have two customer support hotlines for the United States, one for the United States and Canada, and a line for all other countries. All lines are in operation between 5 A.M. and 5 P.M. PST between Monday through Friday.
Large businesses would benefit tremendously from OneLogin’s dynamic security implementations. With MFA, SSO and an artificial intelligence–driven authentication mechanism, OneLogin is a worthy tool for maximizing productivity and minimizing cyber threats.
Small businesses and individual users won’t get as much out of OneLogin and would still have to pay as much as a large company would.
Although OneLogin includes password management as part of its package, it’s primarily an authentication solution with a greater emphasis on SSO and MFA. Check out our list of our favorite password managers for a OneLogin alternative if all you need is simple password security.
What do you think of OneLogin? Does it do enough to protect your company’s systems without interfering with your work, or is it too cumbersome for your daily operations? Let us know what you think in the comments section, and as always, thank you for reading.