Overview

OneLogin is an identity and access management (IAM) solution designed to provide secure and streamlined access to cloud and on-premises applications. Established in 2009 and acquired by One Identity, the platform focuses on simplifying identity management for enterprises by offering core services such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and automated user provisioning. These capabilities aim to enhance security posture, improve operational efficiency, and provide a consistent user experience across an organization's digital ecosystem.

The platform is engineered to address challenges associated with managing multiple user directories, disparate application logins, and evolving security threats. OneLogin integrates with various enterprise directories, including Active Directory and LDAP, and supports a range of authentication protocols such as SAML 2.0, OpenID Connect, and WS-Federation. This broad compatibility allows organizations to centralize identity governance and apply consistent access policies across their entire application portfolio, from SaaS applications like Salesforce and Microsoft 365 to custom internal applications.

OneLogin is suited for organizations looking to enforce strong authentication policies, automate user lifecycle processes, and provide secure remote access. Its identity lifecycle management features automate the provisioning and de-provisioning of users, which can reduce manual administrative tasks and enhance security by ensuring timely access revocation. For developers, OneLogin provides a comprehensive API and SDKs in multiple languages, including Python, Node.js, and Java, enabling custom integrations and extensions of the platform's capabilities. This supports scenarios where custom applications need to integrate directly with OneLogin for authentication and authorization. The platform's developer documentation includes API references and guides to facilitate these integrations.

The emphasis on secure cloud application access and centralized user management positions OneLogin as a tool for improving compliance and reducing identity-related risks. Its compliance certifications, including SOC 2 Type II, GDPR, and ISO 27001, indicate its adherence to security and privacy standards, which can be a factor for organizations operating in regulated industries. The platform's ability to integrate with various security and IT systems, such as SIEM tools and HR systems, further extends its utility in an enterprise environment.

Key features

  • Single Sign-On (SSO): Provides users with one-click access to all their applications after a single authentication, reducing password fatigue and improving productivity. Supports SAML 2.0, OpenID Connect, and WS-Federation protocols.
  • Multi-Factor Authentication (MFA): Adds an extra layer of security by requiring users to verify their identity using multiple factors, such as push notifications, biometrics, or security keys.
  • Identity Lifecycle Management: Automates user provisioning, de-provisioning, and updates across integrated applications and directories, streamlining onboarding and offboarding processes.
  • Secure Remote Access: Enables secure access for remote and hybrid workforces to internal applications and resources, often integrating with VPNs and network access controls.
  • Advanced Directory Integration: Connects with existing enterprise directories like Active Directory, LDAP, and HR systems to synchronize user data and enforce centralized identity policies.
  • Adaptive Authentication: Uses contextual information, such as device, location, and network, to assess risk and dynamically adjust authentication requirements.
  • User and Application Analytics: Provides dashboards and reports on user activity, application usage, and security events, helping administrators monitor access and identify potential threats.
  • API and SDK Support: Offers a RESTful API and SDKs for Python, Node.js, Ruby, Java, PHP, Go, and C#, allowing developers to integrate OneLogin's identity services into custom applications and workflows.

Pricing

OneLogin offers tiered pricing plans structured around user count and feature sets. All plans are billed annually. A free trial is available for evaluation purposes.

Plan Name Key Features Annual Price (per user/month)
Starter SSO to 3 apps, basic MFA, directory integration, user provisioning. $4
Enterprise SSO to unlimited apps, advanced MFA, adaptive authentication, full directory integration, advanced reporting. Contact for Quote
Unlimited All Enterprise features plus secure remote access, advanced security policies, dedicated support. Contact for Quote

For detailed pricing information and current plan specifics, refer to the OneLogin pricing page.

Common integrations

Alternatives

  • Okta: A cloud-based identity and access management service offering SSO, MFA, API access management, and identity governance.
  • Auth0: A platform for developers to add authentication and authorization to their applications, supporting various use cases from consumer to enterprise.
  • Microsoft Entra ID: Microsoft's cloud-based identity and access management service, providing SSO, MFA, and conditional access for Microsoft cloud services and third-party applications.

Getting started

To interact with OneLogin's API, you typically need to obtain API credentials (Client ID and Client Secret) and an access token. The following Python example demonstrates how to obtain an OAuth 2.0 access token using the requests library, which is a common pattern for API authentication. Replace the placeholder values with your actual OneLogin API credentials.


import requests
import json

# Replace with your OneLogin API credentials and region
CLIENT_ID = "YOUR_ONELOGIN_CLIENT_ID"
CLIENT_SECRET = "YOUR_ONELOGIN_CLIENT_SECRET"
REGION = "us"

# Construct the token URL based on your region
TOKEN_URL = f"https://api.{REGION}.onelogin.com/auth/oauth/v2/token"

headers = {
    "Content-Type": "application/json",
    "Authorization": f"client_id:{CLIENT_ID}, client_secret:{CLIENT_SECRET}"
}

payload = {
    "grant_type": "client_credentials"
}

try:
    response = requests.post(TOKEN_URL, headers=headers, data=json.dumps(payload))
    response.raise_for_status() # Raise an HTTPError for bad responses (4xx or 5xx)

    token_data = response.json()
    access_token = token_data.get("access_token")
    expires_in = token_data.get("expires_in")

    if access_token:
        print(f"Successfully obtained access token: {access_token[:20]}...")
        print(f"Token expires in: {expires_in} seconds")
        
        # Example: Use the access token to make an authenticated API call
        # USERS_API_URL = f"https://api.{REGION}.onelogin.com/api/2/users"
        # auth_headers = {
        #     "Authorization": f"Bearer {access_token}"
        # }
        # users_response = requests.get(USERS_API_URL, headers=auth_headers)
        # users_response.raise_for_status()
        # print("Users data:", users_response.json())

    else:
        print("Failed to retrieve access token.")
        print("Response:", token_data)

except requests.exceptions.HTTPError as http_err:
    print(f"HTTP error occurred: {http_err}")
    print("Response content:", response.text)
except requests.exceptions.ConnectionError as conn_err:
    print(f"Connection error occurred: {conn_err}")
except requests.exceptions.Timeout as timeout_err:
    print(f"Timeout error occurred: {timeout_err}")
except requests.exceptions.RequestException as req_err:
    print(f"An unexpected error occurred: {req_err}")

This code snippet initializes a request to OneLogin's OAuth 2.0 token endpoint to retrieve an access token. Once obtained, this token can be used in the Authorization: Bearer <token> header for subsequent authenticated API calls to manage users, applications, and other OneLogin resources. For detailed API methods and further SDK examples, consult the OneLogin API Reference.