Market Overview

Enhancements to OneLogin's Unified Access Management Platform Advance MFA Adoption in the Enterprise


Advanced Authentication Capabilities Put to the Test at Black Hat
Cybersecurity Event

the industry leader in Unified Access Management, today announced
platform enhancements that significantly advance Multi-Factor
Authentication (MFA) adoption in the enterprise with a new login
experience and the release of OneLogin Protect 4.0 authenticator. These
advancements provide increased security and customization for both
administrators and end users while delighting customers with a great
user experience.

In the face of growing cyber security threats today, enterprise IT
environments are becoming increasingly complex and costly to manage.
These challenges require identity and access solutions that manage both
cloud-based and on-premise applications. OneLogin's new login experience
and OneLogin Protect 4.0 reduce complexity while delivering
best-in-class security features to more than 2,000 enterprises globally
who secure their applications with OneLogin.

"Everyone knows that MFA is the most effective way to protect against
weak passwords, but cost and usability are all too often the biggest
barriers to enterprise adoption," said Thomas Pedersen, Chief Technology
Officer and Founder of OneLogin. "The enhancements we have implemented
strengthen security and allow organizations to deploy MFA tailored to
their needs."

Unveiling OneLogin's New Login Experience

OneLogin has completely re-architected its user authentication flow into
a modular and extensible service. The redesign provides a seamless
experience for desktop and smartphone users while delivering
strengthened security controls for account administrators.

New features in the login experience include:

  • Multi-step authentication: Instead of prompting the user for
    username and password at the same time, each piece of information is
    now captured on a separate page. This allows for more dynamic
    authentication flows that break the process down into simple and more
    flexible steps, improving the login experience and reducing failed
    login attempts.
  • One-click activation: The new login screen is optimized for
    mobile touchscreen displays with a new two-factor authentication setup
    wizard. This makes it much easier for users to register an
    authentication factor, even if they only have a mobile device. In
    addition, users can activate the OneLogin Protect authenticator in
    one-click, eliminating a series of setup steps that most other vendors
  • Additional security measures: The new login flow includes
    mandatory second-factor registration and the ability to force
    authentication. This requires users to re-authenticate before being
    allowed access to a sensitive app.

OneLogin Protect 4.0 Authenticator Release Streamlines Security

OneLogin Protect 4.0 authenticator simplifies the customer experience by
eliminating the need for multiple one-time passcode (OTP) authenticators
on iOS or Android mobile devices, reducing costs for organizations and
cutting management time. The latest release of Protect makes OneLogin's
solution one of the most secure authenticators available while enhancing
usability, adding third-party support and reducing costs for enterprises.

OneLogin Protect improves usability and the overall customer experience
in the following ways:

  • Cost Reduction: Protect is a soft token, which results in
    significant savings as compared to traditional hard tokens. The
    solution provides enterprise-grade OTPs for both OneLogin and
    third-party cloud services, reducing the number of distinct
    authenticators that each user needs to manage on their devices and
    eliminating the need for multiple access vendors.
  • Push Notifications: With Protect, users receive push
    notifications that they simply click to accept, rather than being
    required to manually enter a code for authentication. This saves time
    and enhances the user experience.
  • Risk Scoring: By leveraging OneLogin's adaptive authentication
    in conjunction with Protect, users will be asked for MFA only when the
    risk is deemed to be high. For example, the MFA will be requested in
    situations such as signing in from a new browser or country for the
    first time or originating from a suspicious IP address.

For more information about OneLogin's new 4.0 Protect Authenticator,
please visit our

Putting OneLogin's Security to the Test at Black Hat

In keeping with OneLogin's security-first mission, the company is
hosting a Bug Bounty Bash in Las Vegas on Tuesday, August 7th,
coinciding with Black Hat and DEF CON. Hackers will be flying in from
around the world to try and identify security flaws in OneLogin's
systems. Each valid vulnerability submitted to OneLogin will receive a
bounty, which will be eligible for donation. All hackers have agreed to
donate at least 50 percent of their proceeds to non-profit partners that
promote diversity in information security, like the International
Consortium of Minority Cybersecurity Professionals (ICMCP)
and Queercon.

"At OneLogin, data and privacy are our number one priority. The OneLogin
security team strives to keep our systems safe and secure amid evolving
global threats," said Justin Calmus, Chief Security Officer at OneLogin.
"Part of what makes us the world-class team that we are today is that we
embrace a hacker mindset. We're diligent in seeking out and eliminating
vulnerabilities in our systems before there is a problem. I'm looking
forward to seeing what my hacker friends will find, and even more
excited to be able to advance the diversity revolution with our
non-profit partners."

"It's exciting to take part in OneLogin's Bug Bounty Bash supporting
diversity in cybersecurity," said Aric K. Perminter, President of ICMCP.
"Together, we as a community can enact change for underrepresented women
and minorities in this fast-growing field, and what better place to
capture the attention of the industry than in Vegas this week."

"We are thrilled to be partnering with OneLogin on this important
initiative," said Jason Painter, President of Queercon. "As the largest
social network of LGBTQ hackers from around the world, we welcome the
opportunity to partner with companies like OneLogin to bring attention
to and advance diversity in the cybersecurity field. On behalf of
Queercon, I want to thank everyone for participating in OneLogin's Bug
Bounty Bash and supporting diversity in the InfoSec community."

OneLogin's Bug Bounty Bash will be awarding a big check to non-profit
partners the morning of August 8th, 2018 in Las Vegas. To
learn more about these developments and speak with OneLogin directly,
visit the OneLogin booth #1625 at Black Hat.

About OneLogin, Inc.

OneLogin, the leader in Unified Access Management, connects people with
technology through a simple and secure login, empowering organizations
to access the world™. The OneLogin Unified Access Management (UAM)
platform is the key to unlocking the apps, devices, and data that drive
productivity and facilitate collaboration. OneLogin serves businesses
and partners across a multitude of industries, with over 2,000 customers
worldwide. We are headquartered in San Francisco, California. For more
information, visit www.onelogin.comBlogFacebookTwitter,
or LinkedIn.

View Comments and Join the Discussion!