OneLogin Workforce Identity

I work in a consultancy company where I provide OneLogin  services to my local customers. I also sell the product licenses to customers, so we act as an intermediary between One Identity and the customer. Additionally, we provide professional services to configure OneLogin . My clients use OneLogin for identity management, which is all related to identity and access management.

The best features of OneLogin are probably the multi-region capabilities because for multinational companies that have offices around the world in different countries with different languages, OneLogin has native capabilities to help integrate all of that. Most of the competitors do not have that much functionality.

Another feature we use a lot and really like about OneLogin is the automations part because the API is really complete. Everything you can do in OneLogin, you can also do through the API. This helps a lot to automate things and any topic. The API in general and some of the automation configurations that OneLogin has are among the things that we use most.

Regarding areas for improvement in OneLogin, the customization of the login experience needs attention. The integrations for life cycle management, particularly all the provisioning capabilities regarding joiner-mover-leaver processes when you integrate an application with OneLogin, needs improvement. You can integrate the security and authentication parts really well, but regarding provisioning and life cycle management, there is room for improvement.

When I compare OneLogin with other solutions or vendors, I see that OneLogin struggles a bit with big companies that have totally different use cases. For example, if a big company has more context for their users where users have different access contexts and access behaviors, you cannot define these low-level policies or segregate security levels effectively. That is the main reason why I think big companies sometimes go for other access management products in the market instead of OneLogin because you cannot customize a lot and you cannot segregate security policies.

The user identity synchronization fits most use cases, but sometimes regarding life cycle management and identity synchronization, it cannot cover complex use cases. It covers the basics and is okay for most use cases, but if you need an advanced use case or something more complex, you struggle a bit there.

I have been using OneLogin since more or less 2021.

OneLogin is pretty much 100% stable. As it is a SaaS solution, it provides service all the time with no issues.

Regarding scalability, the answer is positive. As it is a SaaS solution, it rates as a 10 because you can scale pretty much everything based on the licenses.

I would rate the technical support as a three. It has improved a bit in the past. I rate it three because it is a mix of things. The knowledge level is an issue because we are specialized on the product and not a customer, so when we have an issue or a doubt, it is complex and support usually cannot help with that. We need to contact our channel engineers, but the support cannot usually help with our kind of topics. The response times are usually not the best as well. However, perhaps that is because we are a partner and not a customer, so for a customer it might be acceptable because they do not handle such complex topics. For us, it is not enough and I would like better support.

The deployment is easy and that is also one of the good things about OneLogin because it is easy to deploy and get value quickly. However, it has a drawback because it lacks customization options, so you cannot develop something specific. The good part is that the deployment and integration are usually straightforward and pretty easy.

I am mainly comparing OneLogin to Okta, but also a bit of Ping Identity and Entra ID lately as well, because we also work with those solutions as partners, and those are the main competitors.

We usually try to recommend to our customers which different access typologies they have, and based on that, we recommend implementing policies that check the risk in real time, the context of the user, the behavior, and based on that, we apply MFA policies.

The sign-in and authentication process is simple in the way that it is a very intuitive login experience, but the main problem is that we cannot customize a lot, so we cannot provide a 100% seamless experience. Sometimes we cannot customize to adapt to the customer use case, for example, so I am not 100% happy about that.

The impact of the integration of phishing-resistant device trust on the authentication process is good because it adds a really good security layer. You can evaluate a lot of the context of the user login and you can integrate with security devices such as YubiKeys and hardware tokens. Therefore, you are adding a really good security layer for any authentication in any application.

I use the single sign-on feature and I would say it is easy to integrate because it has a really high catalog of predefined connectors. This is good and really easy to use.

I have used the adaptive login flows with Vigilance AI for some basic use cases. When we had the requirement to adapt the login process or customize the login experience, we need to use this to customize it. The main problem is that you sometimes cannot customize as much as desired, but we use that and it covers most use cases, although I would like it to be a bit more flexible.

The HR identity management plays a good role in streamlining identity handling for employees because it covers the joiner-mover-leaver flows in a company. We usually integrate that use case with the human resource tool, so we automate the process where a new employee joining in the human resource tool allows OneLogin to get that identity and propagate it. The basic use case is covered and is good enough. This is not a governance solution, so you cannot expect more, but it covers the identity synchronization with human resources.

The advice I would give others looking to implement OneLogin is that before trying to integrate and deploy OneLogin or any access management solution, you need to train your internal teams extensively and make them aware of what is coming and what this solution is about. You need all the teams in your company to be aware of why OneLogin is being implemented and what that means because once you start integrating applications and having people access and log into the product, you need to make them agile. I will focus on internal communications and internal trainings more than the technical part.

My overall rating for OneLogin is an 8.

OneLogin 's use case in my organization is for the entire infrastructure because it was very outdated, not secure, and it was built Windows heavy despite us being a Mac environment. I decided to go completely cloud-based instead. I rebuilt the whole school infrastructure into being fully cloud-based and software as a service most of the time, so we don't have any on-premise infrastructure for anything. OneLogin  was one tool that I compared to two other tools, and it did everything I needed to do. It made our life much easier to switch to completely cloud-based authentication and everything.

In my opinion, the best features of OneLogin are mainly utilizing SSO  connectors and SAML integrations. From that perspective, it already had pre-built a bunch of connectors that I find useful even for education, which is not always the case. On top of that, we can create our custom ones. As soon as we started involving quite a few open-source systems, we could still ensure the security over OneLogin SSO .

Regarding the connectors, we have our SIS connector, which is our student information system. We have our payroll system connected to it. We have our library system connected to it. We have Google Workspace , Microsoft accounts, pretty much anything. We connected our custom ticketing system, which is open source but customized. The same we did for our knowledge base and our documentation tool, which is also open source. We also use it with our MDM  connected for authentication purposes. It's very good on that front.

The areas of OneLogin that have room for improvement include that AI is not for me. There are tools where AI does not belong, in my opinion, and this is one of them. I don't see any benefits of having AI touching this, especially with tons of private data involved. What would be the reason? Perhaps for a security and risk score basis, I would understand for this portion of the system, but other than that, there is no place for AI for normal basic operability of the system. The same applies to reporting. The reporting is the same from day one since we got the system. The UI is the same. It's very much a 2018 UI. The reporting and UI could be up to date, but it's not the core part of the system, so I don't really care how it looks as long as it functions well, and it does.

I can't really say for certain now if they fixed this or not, but I know when I was using their platform's desktop connector to give me functionality what we have now with the platform SSO and with the JumpConnect on our laptops, it did not work on day one and created me quite a lot of headache. From that standpoint, I don't know if they fixed that and have day one support for Mac. If not, I don't think that's a product that should be released for Mac because you can't do patching and postpone the patching just because they still haven't figured out their tool. It's bad practice in my opinion, but I don't know since it's been a while since I used that, so I don't know if they have day one support for new macOS systems or not.

I have been using OneLogin since 2019.

I would rate the stability of OneLogin as a nine out of ten. I don't have really many issues, and when there is something, at least the communication from them is very proper about any bugs or something that's happening. We don't have any downtimes that I can remember. I think the last downtime we had was also during COVID when everyone went online.

I would rate the scalability of OneLogin as a nine out of ten. It's very scalable. If I need more users tomorrow, I have more users tomorrow. That's not a problem.

I don't know how the technical support that OneLogin provides is now. The last time I used their support was four years ago, so I don't really have that much recent experience with their support. The last time I had experience with them, I would give them a seven. It was fine. I've definitely had much better support, and I've definitely experienced far worse support than that.

The deployment of OneLogin was fairly seamless. The documentation at the time was pretty good for this. I found some documentation that's pretty outdated, but that's between Meraki and OneLogin to sort out. Other than that, the documentation for basic setup and for connectors is very clear. People don't have to be super high-end techies to go in and manage to do it themselves. If someone can read, they can pretty easily follow the instructions.

The return on investment I have seen with OneLogin would go close to eighty percent if we combine time and money and everything, because it let us get rid of the servers, which was a quite high-cost item on our budget. The same, we don't have to spend time going through seven or eight different systems and create all the accounts for people. Now we just have one account and that's it, and even that is now automated. If people do their job correctly within HR and create correctly a record within our student information system, we've already tied it together over APIs. We made a different thing, a directory, and then OneLogin, and it works great. It saves us a lot.

The advice I would give others looking to implement OneLogin is that there are a lot of tools out there. If this is something where the basic package fits for people or they need all those extra bells and whistles, then absolutely, because for us, it does exactly what it needs to do. It's a marriage at this point. If we want to switch, switching the system would be a far bigger headache than just keeping it as is. People should choose very carefully. Compare two or three systems, do a proof of concept, and choose what they need. I can say OneLogin is pretty good. For the money within the base package, there are no complaints. It does everything. They focus on keeping it stable, which is good. I would rate this product an eight out of ten overall.