Cloud-Based OneLogin Simplifies SSO, Identity Management To Speed SaaS Adoption

As companies adopt more cloud-based apps, enterprise IT is looking for a secure and easy way to provision and enforce single sign-on for users. Digital Intelligence Systems is using OneLogin’s cloud-based SSO solution to give 4,000 employees and consultants easy, fast, secure and scalable access to Office 365, Salesforce and other critical SaaS apps.

Tags: Active Directory, cloud security, identity management, LDAP, OneLogin, SAML, SaaS, SSO,

Elias Terman
vp product marketing



“Companies can use OneLogin as a one-stop cloud resource to secure app access from desktops, laptops, tablets and smartphones. ”

As companies adopt more cloud-based apps, enterprise IT is looking for a secure and easy way to provision and enforce single sign-on for users. Digital Intelligence Systems (DISYS), a global staffing firm, used OneLogin’s cloud-based SSO solution to give 4,000 employees and consultants easy, fast, secure and scalable access to Office 365, Salesforce and other critical SaaS apps.

 

Beyond SSO, OneLogin’s cloud-based IAM (identity and access management) also provides multi-factor authentication, directory integration and user provisioning. To accelerate provisioning, OneLogin also offers thousands of pre-packaged integrations with directories, SaaS applications, VPNs and other resources.

 

This attention to re-integration is the key to OneLogin’s ability to make federation and air-tight security easy for many users to achieve from the cloud, according to OneLogin execs.

 

“Historically, the hardest part about implementing an identity and access management system was integration. OneLogin is changing all that with the most complete set of pre-integrated cloud applications, open source SAML toolkits, third-party SAML plug-ins, and supported directories and VPNs,” OneLogin CEO Thomas Pedersen told IDN in an earlier interview. “OneLogin protects enterprise data by securing access, rather than dictating the devices and hardware that are allowed.”

 

“Thanks to this approach, companies can use OneLogin as a one-stop cloud resource to secure app access from desktops, laptops, tablets and smartphones. So we offer some very key technologies to make this easier for users and IT,” Elias Terman, OneLogin’s vice president of product marketing, told IDN.

 

Terman noted these benefits, including:

  • End users can login once, and access any of their multiple apps from desktops, laptops and all types of mobile devices – without remembering multiple usernames and passwords.
  • IT provisioning can quickly provision secured apps to employees and trusted partners
  • IT operations and security professionals can centralize access control, and enforce password policies across any app, data or mode (web, legacy, cloud, mobile). Eliminates the need for IT to manage distributed and mobile user identities.

OneLogin’s pre-integration with Active Directory proved especially valuable to DISYS, said IT infrastructure manager Collin Hachwi.

 

“Our IT team had been working with Active Directory for years, but we found brokering or federating [Acitve Directory] identities to new cloud apps was not a trivial thing to do,” Hachwi told IDN. One barrier was that devs would need to use ADFS (Active Directory Federation Services) to accomplish this integration.

“But because OneLogin is already pre-integrated with thousands of popular cloud apps, we don’t have to build customized connectors. There is no need for manual import or export and that really helped us deliver apps and narrowed down the timeframe [to provision],” he added. OneLogin’s cloud approach also meant DISYS avoided the expense of servers and onsite maintenance.


OneLogin Secures BYOD Access, Simplifies SAML
OneLogin also supports smartphone and tablet access via OneLogin Mobile, a secure container that sits on an iPad or iPhone. “Mobile access is huge for customers,” Terman said. “We estimate more than 30% of users are mobile and even though the majority may have laptops, their primary device is the iPhone.”

 

“Companies like DISYS need to be able to manage the security risks inherent in BYOD while giving their employees the flexibility to work remotely and fast access to the cloud apps they need to do their jobs,” Pedersen added in a statement.

 

In fact, for DISYS, OneLogin Mobile simplified and sped up the whole process of providing mobile users secure access, Hachwi confirmed. After preparation, every DISYS user, including mobile users, got an email saying “ready to go” and each user had his needed configuration, he added.

 

With OneLogin Mobile users can use a simple PIN for access from smartphones or tablets. It supports multi-factor authentication. And, for apps that don’t support SSO, OneLogin Mobile can synchronize passwords so users can sign in with existing credentials, according to OneLogin’s website.

 

Tally up all the OneLogin features and Hachwi reported some impressive results. “With OneLogin, we practically had real-time provisioning of users, regardless of their location or device. We rolled out Office 365 to 4600-plus users across 35 offices in half an hour. It’s that simple,” he said.

 

To help ensure other customer successes, OneLogin is leveraging experience with DISYS and other adopters to develop some get-started best practices.

 

“We have a customer success model,” Terman said. “So, as an example, included in the OneLogin subscription is support for incorporating new SaaS apps into the customers’ app catalogue,” which comes with 3,500 tested pre-integrations. This library includes many popular apps such as Office 365, Asure Software, Coupa, Box, Clarizen, DocuSign, Egnyte, EchoSign, Google Apps, Innotas, LotusLive, NetSuite, Oracle CRM On-Demand, Parature, Salesforce.com, SuccessFactors, WebEx, Workday, Yammer, ServiceNow, Zscaler and Zendesk.

 

OneLogin customers can even create their own connectors, as needed, thanks to OneLogin’s open source SAML toolkits – available for Java, PHP, Python, Ruby and ASP/.NET development frameworks. OneLogin’s SAML toolkit is also popular with SaaS providers looking to quickly and reliably SAML-enable their apps. DropBox, is among the notable users, Terman added.

 

The push to make SAML much easier to adopt also drives OneLogin’s approach, Terman added.

 

Defined by OASIS, SAML is an XML-based standard SSO protocol for web browsers that uses a strong digital signature and can ensure interoperability across identity providers. For end users, SAML replaces the need for passwords with one-click access to apps and SaaS. For all its benefits – even though the SAML standard has been around for more than 10 years – it can still be complex and costly to work with.

 

“Our [DISYS] IT team is small and are tasked with quite a few things and anything we can find . . . to reduce deployment times is something we will really consider,” Hachwi told us. “OneLogin’s simple approach to SAML is giving us confidence to think about shifting from Active Directory altogether, something we just wouldn’t have done before.”

 

OneLogin free trial is available here. http://www.onelogin.com/signup




back