OneLogin Says Integration is Key to Success for Cloud-Based SSO, Identity and Access Management
OneLogin is using the cloud to deliver an enterprise-class solution to manage identities for users accessing on-premise, cloud, SaaS and mobile data or apps. IDN speaks with OneLogin’s CEO Thomas Pedersen about why integration will prove to be a key to success to how a cloud-based federated identity solution can secure apps and data anywhere.
As 2013 begins, a growing number of enterprise customers and MSPs are also looking to the cloud for secure and scalable solutions for SSO, authentication and security.
One example, OneLogin’s cloud-based platform, offers a range of support services that can aggregate security and access features for just about any way a user will access apps or data – on-premise, web, cloud, SaaS or mobile. OneLogin’s service provides identity management, access management, user provisioning, deep directory integration with real-time user sync, out-of-band multi-factor authentication, compliance reporting and even VPN integration.
Aside from security and identity services, OneLogin also provides a fast and useful “federated search” feature that lets users enter a simple search term and get results from all the applications they have privileges for.
Preview OneLogin Cloud-Based SSO, Identity and Access Management
“We recognize the future rests in the cloud. People are being inundated with the number of passwords they have to remember,” OneLogin’s CEO, Thomas Pedersen, told IDN.
“Historically, the hardest part about implementing an identity and access management system was integration. OneLogin is changing all that with the most complete set of pre-integrated cloud applications, open source SAML toolkits, third-party SAML plug-ins, and supported directories and VPNs,” Pedersen added.
OneLogin’s approach to cloud-based IAM (identity and access management) is driven by the idea that successful federation and air-tight security requires thoughtful pre-integration with a range of resources – including directories, SaaS applications, VPNs and more.
The company provides a rapid path to IAM in the cloud with an on-demand solution consisting of single sign-on, password management, multi-factor authentication, directory integration, user provisioning and an application catalog with thousands of pre-integrated applications, Pedersen said.
This integration-based approach to SSO and identity management becomes crucial as more users want access outside the walls of their enterprises, either by tapping into apps or data from mobile devices or by working with apps and data that live in the cloud, he said.
OneLogin’s architecture looks to provide reliable security, ease-of-use and ease-of-management benefits to business and IT stakeholders, Pedersen said. From the cloud, OneLogin’s capabilities
- Let users login once, and access any of their apps from desktops, laptops and all types of mobile devices
- Let IT centralize access control, and enforce password policies across any app, data or mode (web, legacy, cloud, mobile)
- Cut down on password exchanges, as they are only done between browsers and the identity provider (IdP)
- Eliminate the needs for multiple usernames and passwords
Under the covers, OneLogin does a massive amount of integration, and also is based on a flexible architecture that looks to expand those integrations as customers demand, Pedersen said.
As an example, OneLogin supports directories based on Active Directory, LDAP, Workday and Google Apps. Further, OneLogin works with many popular authentication providers, including RSA SecureID, SafeNet, Symantec VIP Access, Yubico, VASCO, FireID and PKI Browser Certificates.
The integration also extends to specific cloud apps, Pedersen added. At present, OneLogin is pre-integrated with more than 2,700 cloud applications. Among them: Asure Software, Coupa, Box, Clarizen, DocuSign, Egnyte, EchoSign, Google Apps, Innotas, LotusLive, NetSuite, Microsoft Office 365, Oracle CRM On-Demand, Parature, Salesforce.com, SuccessFactors, WebEx, Workday, Yammer, ServiceNow, Zscaler and Zendesk.
The company is adding almost 100 new connections per week, Pedersen said. OneLogin is able to rapidly onboard new applications without any programming required.
OneLogin also applies its integration framework to take user provisioning a step further. “We don’t just create the user name for SSO access, but based on special rules we let you control the specific roles and profiles of individual users, user groups, and so on. The automation of all of that, in an integrated way, gives IT very detailed user management and great real-time reporting,” Pedersen said.
AAA Club Uses OneLogin To Ramp Up Cloud, SaaS Adoption
OneLogin’s approach is helping AAA Northern California, Nevada & Utah (AAA NCNU) to speed and simplify adoption of multiple cloud services and achieve simple directory synchronization across multiple on-premise and cloud systems.
In January 2011, AAA NCNU split into two separate entities: an insurance carrier and the auto club. With the split, the auto club was left without an Identity Provider (IdP) that could support SSO across its growing use of cloud and SaaS. AAA NCNU uses Box, Jive, ServiceNow, Workday and Salesforce.com.
After evaluating several options, AAA NCNU execs found OneLogin met several important needs, including real-time directory synchronization, secure application sharing and Workday-driven identity and provisioning, noted AAA NCNU president Paul Gaffney. OneLogin’s ease of use was an added plus, and helped AAA NCNU “improve both IT security and worker productivity in one fell swoop,” Gaffney added in a statement.
OneLogin’s ability to easily integrate with Microsoft Active Directory also proved a key advantage, added OneLogin’s Pedersen.
This OneLogin feature lets AAA NCNU use Workday as its ‘system of record’ for AAA’s application infrastructure. When users are created, updated or deleted in Workday, OneLogin automatically detects these changes and OneLogin’s integration transmits these updates automatically to Microsoft Active Directory, as well as AAA NCNU’s cloud apps, he said.
OneLogin’s attention to integration with identity infrastructures, directories and cloud applications is also attracting the attention of managed service providers.
SAManage, a provider of cloud-based service desk and asset management software, has partnered with OneLogin to offer LDAP/Active Directory integration to end-user customers. The result is that SAManage can more simply provide its customers with one-stop SSO for just about any cloud/SaaS application.
In specific, the SAManage/OneLogin partnership allows enterprises to:
- Synchronize their users from the AD/LDAP into SAManage.
- Enable SSO (via the SAManage self-service portal).
- Let IT admins associate assets with users.
- Let IT track the assignment and ownership of assets.
- Let customers “bulk-load” their user lists from on-premise AD/LDAP into SAManage, directly and securely.
SAManage customers like the approach. “OneLogin’s ability to deliver SSO and tie it to our Active Directory made the move to the cloud a smooth process for us in IT and seamless for our end-users. OneLogin will help us as we plan our cloud strategy,” Ismael Carlo, IT Manager at Fugro Inc., said in a statement. Fugro provides geosciences data services to the oil, gas, mining and construction industries.
The SAManage/OneLogin partnership also helps Carlo and other IT managers at end-user firms more easily migrate from their legacy on-premise service desk products to SAManage. SAManage users can use OneLogin to retrieve the users’ lists from AD/LDAP. OneLogin will automatically create user accounts in SAManage via the SAManage SAML integration and deliver SSO capabilities to SAManage. This lets users sign into the SAManage self-service portal with their existing credentials.
“It is our goal to make the move to the cloud as seamless as possible. Partnering with OneLogin was the right move for us. The real winners in this partnership are the SAManage customers,” Doron Gordon, CEO of SAManage said in a statement.