Our new LDAP or RADIUS interfaces allow LDAP and RADIUS clients to authenticate users against OneLogin with minimal configuration.

Many applications that don't yet support SAML have to ability to delegate authentication to an LDAP server. But instead of punching multiple holes in your firewall to your internal directory – if you even have one – you can now point that interface to OneLogin instead, which allows users to sign into those applications with their OneLogin credentials.

The same goes for VPN gateways from vendors like Cisco and Juniper, which can authenticate users against a RADIUS server. Instead of deploying your own RADIUS server, you can now point the gateway to OneLogin's RADIUS server interface which you can set up in a matter of minutes. Authenticate users via password of strong authentication factor, such as Yubikey or Symantec VIP Access.

Read more about today's upgrade, which further strengthens OneLogin as the fastest path to identity management in the cloud.

OneLogin announces its Active Directory Connector that enables the authentication of cloud application users against an organization's Active Directory.

While IT benefits from having a single directory integration point, employees can use their Windows credentials to access web applications, hosted in the cloud and behind the firewall. By eliminating the need for employees to remember several usernames, passwords and login URLs, OneLogin increases the adoption of cloud applications and reduces the security risks inherent with the repeated use of weak login credentials.

“Enterprises are keen to reap the benefits of cloud computing, but do not want to abandon their existing IT infrastructure,” explains Thomas Pedersen, CEO at OneLogin. “Our new Active Directory Connector allows them to extend their directories deep into the cloud with no custom development required.”

As enterprises continue to adopt cloud computing, integrating their existing directory with various applications’ proprietary authentication APIs poses both security risks and maintenance headaches. OneLogin’s Active Directory Connector provides a single integration point that enables enterprises to centralize authentication, eliminate passwords and make it easier for employees to access web applications.

OneLogin enables any enterprise to get single sign-on within minutes via Security Assertion Markup Language (SAML). Users can easily and securely connect to SAML enabled applications, such as Salesforce, WebEx, Google Apps, Workday, Yammer, Central Desktop, SugarCRM, KnowledgeTree, SAManage and many others.

View Press Release here. 

As part of our ongoing commitment to providing excellent customer service, we are introducing uptime statistics on our website

www.onelogin.com/uptime

 as well as a Twitter operations account.

twitter.com/oneloginops

Monthly statistics will be updated at the beginning of each month. In the event of downtime, updates will be published at @oneloginops and once the issue has been resolved, details about the issue can be found on our availability page.

We use Pingdom to monitor our service every minute from multiple locations around the world. In the evnet of a downtime alert, we will investigate and post any relevant details. We occasionally get reports that OneLogin is unreachable from certain locations in the world, but since these are isolated network problems and unrelated to OneLogin and our hosting provider Rackspace, they will not be included the statistics. Real downtime where the system is actually unavailable for all our customers will be included in the statistics.

We are going to report two numbers. Total uptime is the total uptime for the month and includes both planned and unplanned downtime. SLA uptime is the uptime we commit to in Service Level Agreements and do not include planned downtime.

Google Gadgets are neat little apps that you can place on your iGoogle home page. Today we're releasing a preview our own own gadget, which embeds your OneLogin dashboard in iGoogle.

This is just a preview and we'd like to get your feedback on how it works for you. For configuration details, look here.

You can now use VeriSign Identity Protection to secure your OneLogin account with a time-based password as a second authentication factor.

VIP Access for Mobile is a mobile application that generates a secure one-time password. When enabled in OneLogin, users must provide a VIP one-time password in addition to user name and password when logging in. The one-time password is only valid for 30 seconds and is a very effective way of ensuring that no one can gain access to your account by just guessing your user name and password. 

VIP Access is available on hundreds of mobile phones including all iPhones, most Android phones, BlackBerry and Windows Mobile. VeriSign Identity Protection is already used by dozens of other sites, such as eBay, PayPal, AOL and Merrill Lynch.

See our VeriSign partner page for more details.

A much requested feature in OneLogin is the ability to assign multiple roles to a user. This means you can break down your roles into smaller and more manageable entities and create layers of privileges. Consider an organization with three departments.

• Everyone uses Google Apps, Confluence
• Sales uses Salesforce and PivotLink
• Customer service uses Zendesk, Get Satisfaction and CoTweet
• Marketing uses Google Analytics, MailChimp and SurveyGizmo

In OneLogin, we can model this scenario using four roles: Employee, Sales, Customer Service and Marketing. By assigning everyone the Employee role as well a department role, we get a much more manageable setup which allows us to add and remove apps at different layers.

• Amanda: Employee, Marketing - Google Apps, Confluence, Google Analytics, MailChimp, SurveyGizmo
• Peter: Employee, Sales - Google Apps, Confluence, Salesforce, PivotLink
• Hannah: Employee, Sales - Google Apps, Confluence, Salesforce, PivotLink
• Mark: Employee, Customer service - Google Apps, Confluence, Zendesk, GetSatisfaction, CoTweet
• Joe: Employee, Customer service - Google Apps, Confluence, Zendesk, GetSatisfaction, CoTweet

You can even have overlapping roles, i.e. a user can have two roles with the same app. OneLogin is smart enough to figure out when to add or remove the login for the user. 

When you some day add an expense reporting application, you can simply add it to the Employee role and everyone will see it on their dashboard. Or you could create a Shipping role with a shared FedEx app for individuals across departments who needs to access your online FedEx account.

Read more about roles here.

Today we released a couple of highly requested features: Branding and LDAP Integration.

OneLogin now allows you change the look & feel to the user interface to match that of your brand. Branding can be an important factor in terms of trust, but it also provides your users with a more consistent user experience. The styling is done by overriding OneLogin's cascading style sheets. You can also provide your own layout for email sent to your employees.

You can read more about the branding functionality here.

OneLogin already had the capability to integrate with Active Directory behind the firewall and now we have added LDAP integration, which can be used on both sides of the firewall. When a user logs into OneLogin, authentication will be delegated to your LDAP server and if the user was not already existing in OneLogin the user will be created on-the-fly.

The LDAP integration works with both Active Directory, OpenLDAP and commercial LDAP products. You can read more about LDAP integration here.

We just released SAML support for Salesforce and Google Apps, which is significant for a number of reasons. Most people haven't heard of SAML and of those who have, a good portion of them feel that it's either too complex and too costly to deal with.

In our implementation we have tried to make SAML as easy to use as possible. You don't have to understand concepts like profiles, assertions or bindings. If you follow the ten-step guides that we have published in our support forums, you will be up and running in minutes.

So why is SAML important anyway? As soon as you take the password out of the security equation, you solve a number of issues. First of all, you don't have to worry about weak passwords in the cloud apps you use. Users are logged in without a password, which greatly simplifies management of users and privileges. And when someone leaves your organization, you can revoke access to their apps centrally.

Application Programming Interfaces (APIs) make it possible to integrate existing applications in new and interesting ways. Today we are releasing the first iteration of OneLogin's RESTful API, which enables customers and integrators to programmatically manage users in OneLogin.

The API is very straightfoward and is fully documented in our support forums.

    http://support.onelogin.com/forums/123045-api/entries

The documentation contains example of how you can experient with the API from command line. API access is available on all paid plans.

We're pleased to finally announce support for Internet Explorer 8. This means that you can now get single sign-on for your web apps on all the major browsers: Internet Explorer 7 and 8, Firefox, Google Chrome and Safari. Of all these browsers, Chrome is hands down the easiest to develop for. Take notice, Microsoft and Apple.

If you haven't already downloaded it, get your extension here.