OneLogin Workforce Identity

We use OneLogin by One Identity  to provide SAML authentication and single sign-on for all of our SaaS apps.

OneLogin by One Identity  helps us onboard new users really quickly and get everything up to speed super fast. It has helped free up about half of our time through its automation features.

The directory integration and SCIM provisioning are probably the best features compared to competitors. These are the two things I have found to be most valuable.

There have been some outages over the years. The uptime has not been great recently, with some outages lasting six, seven, or eight hours. Improvement in the stability of the infrastructure would be beneficial.

I have been using OneLogin by One Identity for about three and a half years.

The stability has been an issue, with some outages lasting several hours, which impacts our work.

It's pretty scalable. We know it can handle up to maybe two hundred thousand users, and there's no limit on the number of applications we can integrate. Overall, it is very scalable.

The quality of support is okay. It's not great, but it's not worse than other companies.

Neutral

In other jobs, I've used Okta and Auth0 .

The initial set up was probably easy since the company was using it before I started working here.

I'd rate the solution seven out of ten.

Public Cloud

What do you like best about the product?

Easy to use, all access related to identity in 1 place in a tree like structure, can manage all application access from 1 page

What do you dislike about the product?

The Graphical user interface can be more user friendly, currently it's a little complicated for beginners but as and how you use it, one will get used to it

What problems is the product solving and how is that benefiting you?

Managing access for users on different applications, SOD management, managing roles entitlements, account creation, movers, leavers.
All of the above activities can be automated using One identity,
It not just saves time and manual efforts but also decreases chances of human error

We use OneLogin  to log in to all our different systems. This means I only need to go to the OneLogin  portal to access all my frequently used applications, like our CRM , Greenhouse  for recruiting, Jira  for ticketing, Workday  for HR, Tableau  for data visualization, and even Slack . It's a one-stop shop for everything I need!

The main benefit of OneLogin is its centralized design, offering easy access to everything in one place.

All of our employees use OneLogin daily to log into their applications.

OneLogin offers a centralized platform for managing access across our entire organization, which is crucial for cybersecurity. It provides robust security features that give me peace of mind, knowing that data transfers are highly secure and unauthorized access to our databases is extremely unlikely.

The single pane of glass enables collaborative work between holistic IT and security.

OneLogin has helped our IT team significantly improve their efficiency by creating a centralized platform. This eliminates the need to access information from multiple portals, saving over 50 percent of their time.

OneLogin has improved the user experience when working remotely.

OneLogin has helped increase productivity.  

OneLogin is efficient. The fact that I'm able to just have one go-to place where I can access everything in one area, so that's convenient.

I'd like it to have a customization section that displays the company's offerings, categorized by different topics. Ideally, there would be a user-friendly feature at the top allowing individuals to pick and choose the topics they're interested in, essentially creating a personalized experience.

I have been using OneLogin by One Identity for over four years.

OneLogin has been stable.

The scalability is good, and we're currently migrating our customer relationship management system from Salesforce  to different software. Fortunately, OneLogin hasn't been involved in any data transfer, so I don't anticipate any hiccups or obstacles in that regard.

I rate OneLogin a ten out of ten.

OneLogin does not require maintenance.

With a good IT team, OneLogin works smoothly and it is self-explanatory. 

Private Cloud

We used single sign-on, multifactor authentication, lifecycle management, and connectors.

When we rolled it out, adoption was very quick. We migrated our email and other things to OneLogin, so adoption was very quick. The gateway became OneLogin, so if you wanted to get your email or anything else, you had to go through OneLogin to get it. It was quick and easy once we turned things on. Even the engineer who assisted us was very helpful. Once we turned it on, the users seamlessly started using OneLogin. They were redirected every time from others, and that ensured that there were no loopholes in what we were implementing.

We had a single pane of glass for access management across the organization, but the caveat is that for managing users provisioning and deprovisioning, apps have to support that feature. This single pane of glass was very important because we eliminated ghost accounts that were not being used. We had no idea about them. After implementing OneLogin, when a user left, the deletion used to happen everywhere, so the licensing cost and all those things came down. Audit logs came in one place, so we had all the control. That improved our visibility a lot.

The single pane of glass for access management enabled collaborative work between IT and Security. It simplified a lot of information for Security, and for IT, it simplified their setup process. For example, they would set up automatic provisions for emails, security training, etc. They would then just set up the user on OneLogin, and automatic provisioning would be done for them. When a user left, the user was removed automatically. That cleaned up things for us and improved processes.

OneLogin 100% helped to free up time for our IT team. The main work we did was setting up automatic provisioning. We reduced our time from five to ten minutes in creating a user to doing it in an instance. For example, creating a user and assigning it on OneLogin to a department, such as IT, automatically moved them to groups and email groups on Gmail. That was no longer manual. They were just writing out the information that was given, and in the backend, it got mapped correctly to what was needed. That saved time for us.

OneLogin enabled us to securely manage a growing user base or more applications with a smaller IT staff. After implementing OneLogin, we just had to work on one main platform. We did not fully need administrators for other systems.

We worked in a hybrid environment. Because OneLogin was available everywhere, it improved the user experience when working remotely. It was a secure way to get to applications. They went through the OneLogin system to get to their apps. However, when everything is under a single pane of glass, there is a risk. If one user gets breached, we have a problem there. For example, I am an administrator, and my account can be breached. The mitigation would be setting up MFA. We needed to put such checks and balances.

The single sign-on and the fact that we can integrate everything in one place and control from there were valuable features of this solution. The single sign-on worked very well. Lifecycle management was a big feature for us because we just had to provision in one place for the supported apps and everything else that we needed. It worked well in our case.

One issue was related to the downtime. They have downtime twice a year or once in six months. During the downtime, the SSO page did not come up. When users wanted to get to their email, they were redirected to the OneLogin page, but the page did not come up, and MFA and logins failed. It completely crippled us. In those moments, people did not want to hear about a single pane of glass. We did try to solve it, but it caused issues. Their uptime is 97% or 98%, but most companies prefer 99.9% uptime.

We have had it for about a year.

It is very good when it is up. When it was down, they would give us notice, but sometimes, the platforms would not open, and sometimes the connections would not complete. When we clicked on a connector, it sometimes took a lot of time to get through to the network. Those issues were there.

We started with 500 users and went to 1,500 users with no changes needed. It worked out well in that sense. Our organization has only 1,500 people. It is not too big.

When we were deploying, we had a dedicated engineer, and I used to talk to that person directly. That was very helpful. Once we moved to ticketing, the support was a bit slower. When we had issues, we created a ticket, and there was a lot of back and forth. The times when there was no availability or there was downtime were not acceptable. Those are the main issues for us.

Neutral

We were not using any other solution.

In terms of the deployment model, it is not on-premises, but it connects to Active Directory. In our use case, we did not have Active Directory. Our setup was fully on the cloud. They connected it to our core systems. Our HRMS system and our email system were the main systems we wanted to connect OneLogin with.

The initial setup was very easy. With API keys, we could add the users with one click from the Gmail system. It was very simple for us to get that going. 

It took us a couple of weeks. OneLogin is good if there is a connector, but we did not get enough connectors from them. For example, we did not have a connector for our ERP. When we did not have a connector, we ended up building it because we were a software company. That delayed things for us.

We used OneLogin's implementation services. We had one person for its implementation.

In terms of maintenance, once we set it up, it was good to go. 

It was cheap in the beginning, and then it became very expensive. We were initially charged $2 per user per month, which was fine, but by the second year, they increased it to $5 per user. That became very expensive for us because we had about 1,500 users. At $2 per user, it comes out to be $3,000 a month, which is $36,000 a year. If we move to $5 per user, it comes out to be $7,500 a month. That made its cost so high. That is why we removed the product because the cost was high. Also, it was communicated to them. We did not expect a jump of over 100%. That became an issue, and then we had to go through a lot of negotiations, but in the end, it was not feasible for us.

We tested Okta and JumpCloud. We found OneLogin to be the best because of pricing as well. 

In terms of features, OneLogin was pretty much the same as Okta. Okta was the leading one that we were looking at. One thing that we wanted in OneLogin, but it was there in JumpCloud, was device access. We wanted device access. We wanted to be able to log into machines through OneLogin.

To those evaluating this solution, I would advise making sure that what they need out of the box is there. For example, our ERP's connector was not there, so we lost a lot of time trying to get that done. We had to go back and forth with them.

OneLogin has a feature called mapping. If mappings go wrong, the application can destroy a lot of things. For example, if you have a mapping that allows you to delete users automatically, and you make any change to that, it can go and delete. It can delete users in the live environment, such as Gmail. Because it is automated, it automatically starts removing users. It happened to us because there was no test environment. We did get one, but such things caused a lot of issues.

Overall, I would rate OneLogin a seven out of ten.

Public Cloud

We use it to deliver single sign-on services for both our company employees and our customers.

The main advantage is its ease of use for everyday users. Additionally, it simplifies user access management by offering a centralized platform for overseeing user accounts and third-party applications, which greatly benefits my team.

The adoption rate of OneLogin within our organization is at 100% since it's mandatory for everyone to use. During the rollout phase, there was unanimous approval and no resistance from any team members.

It serves as a vital tool for access management across our organization by offering a centralized platform. While we don't directly manage user accounts within OneLogin, they are synced from our Active Directory. Therefore, OneLogin primarily functions as a single interface for administering applications that utilize it for authentication.

OneLogin has been instrumental in freeing up time for our IT team to focus on other tasks. Previously, when onboarding a new user, we had to manually create accounts in multiple applications. However, with OneLogin, we create the account in our Active Directory, which automatically syncs to OneLogin and creates accounts in other applications. Similarly, when offboarding a user, we disable the account in OneLogin, and access to all other resources is automatically revoked. This streamlined process has significantly reduced the time required to manage user accounts. Previously, manual account creation across various platforms would take at least half an hour, whereas now it's down to just five or ten minutes.

It has empowered us to effectively manage an expanding user base and an increasing number of applications, all with a smaller IT team.

The implementation of OneLogin didn't significantly impact our user experience while working remotely. We adopted OneLogin during the transition to a remote work environment at the onset of the pandemic.

It contributed to cost savings for our organization by streamlining time-sensitive processes and boosting productivity, particularly for our IT staff. While we may not have a precise quantification in terms of monetary value, the time saved allows our team to focus on other tasks. As a relatively small organization, we don't require a dedicated Identity Manager, and OneLogin effectively serves our needs in this regard.

During my evaluation of various products, one standout feature of OneLogin that impressed me was their mobile app for authentication through push notifications. Unlike traditional methods involving rotating codes, the OneLogin app simplifies the process by sending a push notification asking if the login attempt is legitimate. If confirmed, the login proceeds seamlessly.
The primary benefit is its user-friendly interface, making it particularly accessible for non-technical users.

One aspect I particularly appreciate is their exceptional customer support whenever I've needed assistance. Their sales team has also been highly responsive and helpful in connecting me with necessary resources, although we haven't faced any major challenges.

There was a minor outage a few months ago that caused some inconvenience. OneLogin offers a Virtual LDAP feature that we utilize, although it differs slightly from traditional LDAP servers. While it hasn't caused significant issues, improvements in its functionality would likely lead to wider implementation within our organization.

We have been working with it for three years.

In terms of stability, there was a downtime incident that impacted all of OneLogin's customers a few months ago, which was frustrating as it occurred during prime business hours and lasted for a couple of hours. Fortunately, the impact on us wasn't severe because our applications are configured in a way that once users sign in and authenticate through OneLogin, they typically don't need to go through OneLogin on a daily basis to access those apps again. As a result, many of our users may not have even noticed the downtime.

OneLogin has the capability to scale infinitely, although our organization's needs are quite basic. We haven't been utilizing a vast array of features or configuring hundreds of applications with it. Therefore, I don't anticipate encountering any limitations with the services that OneLogin can provide us.

I've found that when I open a support case, I typically receive a response within a few hours, and the support team has consistently provided prompt assistance. Even when investigating issues like examining internal logs for failures, they've been able to help me swiftly. I would rate it ten out of ten.

Positive

The initial setup process is quite straightforward. Any issues I encountered were promptly resolved with the help of the support team.

I managed the deployment independently and had it operational within a day or two, although some configuration and feature familiarization took about a month from starting the trial to getting the quote approved for purchase. In terms of maintenance, whenever an application changes or a new one is added, we configure it within OneLogin. So far, we haven't experienced any issues such as applications failing or directory syncing problems due to configuration changes.

While I wish OneLogin's pricing was more affordable, their licensing model, which is based on per user, is acceptable. We renew it annually.

Before deciding on OneLogin, I evaluated JumpCloud and Okta. However, I found that the features in JumpCloud weren't as developed as those in OneLogin. Additionally, my experience with Okta's sales team was less than satisfactory in terms of configuring a trial and support. In contrast, the sales representatives at OneLogin were highly proactive and went above and beyond to assist us and earn our business.

For new users, I would recommend having someone knowledgeable about their internal directory and authentication systems. It's crucial to ensure that their systems are well-maintained and free from technical debt or complexity. The effectiveness of their OneLogin implementation will ultimately depend on the quality of their internal directory setup. Overall, I would rate it ten out of ten.

Public Cloud

Amazon Web Services (AWS)