I’ve learned a few things over the years, about technology, people, companies and customers. When choosing my next adventure, I was set on four things: (#1) joining a company that has product-market fit (#2) joining a great team, (#3) going somewhere I can add a ton of value, and (#4) building something important. Some thoughts on these:

OneLogin SSO Solution Makes It Easier for Innotas Customers to Manage and Secure User Access

San Francisco, CA – November 5, 2012 – Innotas, a leading cloud-based collaboration platform company, today announced that its SocialBridge® solution now offers integration with OneLogin, the leading innovator in identity and management solutions in the cloud. This integration provides SocialBridge users with easier access to the company’s enterprise collaboration platform while giving IT administrators a single point of control for managing users securely and efficiently across business tools.

Several of our customers have asked whether Microsoft’s recent report on single sign-on flaws should make them worry about single sign-on in general.

Microsoft’s research paper focuses on the single sign-on protocols Facebook Connect, OpenID and Google ID. These are all social single sign-on systems whose primary objective is to provide convenience to the user rather than very strong security. As an example, when Facebook Connect was first announced, it was positioned as an easy way for third party sites to tap into Facebook’s social graph. Once you are signed into Facebook, sites like Yelp can use your active Facebook session to extract your name and photo as well as make it easy to post your own reviews on your Facebook wall.

You’re not alone – everyone suffers from password fatigue. Your pain is likely different, however, based on your role within the organization. With the increased adoption of cloud applications in enterprise, employees tire from having to create and remember several secure passwords, IT bares the administrative burden of disparate systems, and senior management owns the risks of a security breach.

Let’s first explore the responsibilities of senior management. A password-related security breach, seen all too often from leading organizations, generates unflattering media attention that both the CEO and CIO must respond to. Being in a position to publicly admit faulty security measures is never pleasant nor desirable for organizations that aspire to longevity.

Even tech-savvy employees can fall prey to an email phishing scam. To help organizations gauge the risk of employees entering their login credentials on a fake landing page, OneLogin launched an online test that emulates a typical phishing attack.

Here’s how it works: At OneLogin Phishing Test, the test admin enters the email addresses of employees who should receive the emulated phishing scam – the email message will ask employees to confirm access to the company’s Google Apps account. If employees enter their credentials on the fake landing page, they will not be aware that they has fallen prey to an emulate phishing test. They will simply be redirected to the real Google Apps page where they can enter their credentials as they normally would.

Although employees don’t know that they have been phished, the Test Admin receives an email alert and is provided with a dedicated results page where they can monitor results.

Why use the test? The test does not capture or record any of the login information provided by employees who fall prey – it only records that action was taken. It’s an easy and safe way to measure an organization’s level of risk and helps determine what changes need to be made internally to prevent suffering the embarassement of a real security breach.

How do your employees fare? Start your emulated phishing test to find out.

As part of our ongoing commitment to providing excellent customer service, we are introducing uptime statistics on our website

www.onelogin.com/uptime

 as well as a Twitter operations account.

twitter.com/oneloginops

Monthly statistics will be updated at the beginning of each month. In the event of downtime, updates will be published at @oneloginops and once the issue has been resolved, details about the issue can be found on our availability page.

We use Pingdom to monitor our service every minute from multiple locations around the world. In the evnet of a downtime alert, we will investigate and post any relevant details. We occasionally get reports that OneLogin is unreachable from certain locations in the world, but since these are isolated network problems and unrelated to OneLogin and our hosting provider Rackspace, they will not be included the statistics. Real downtime where the system is actually unavailable for all our customers will be included in the statistics.

We are going to report two numbers. Total uptime is the total uptime for the month and includes both planned and unplanned downtime. SLA uptime is the uptime we commit to in Service Level Agreements and do not include planned downtime.

OneLogin and KnowledgeTree, a cloud-based document management solution, are hosting a joint webinar on Wednesday, November 17 at 2 p.m. EST, 11 a.m. PST. Register today to learn how to “Protect Documents in the Cloud with Secure Single Sign-On”.

    https://www2.gotomeeting.com/register/328605570

Our presenters, Thomas Pedersen, CEO of OneLogin and Evan Person, director of Product for KnowledgeTree will cover the following: 

• Protect your KnowledgeTree documents and other cloud data – by preventing phishing, enforcing password policies, and adding additional authentication factors.
• Increase productivity – by making all users’ apps accessible with one click from OneLogin’s dashboard or your own intranet. 
• Drive adoption of your organization’s cloud apps – because when it’s easier for users to access their applications, usage automatically goes up. 
• Manage and control credentials – synchronize users with your existing directory, and allow instant provisioning or de-provisioning of multiple passwords. 

KnowledgeTree recently announced its implementation of OneLogin’s free, open-source SAML Toolkit to provide web-based single sign-on. (press release)

Last night OneLogin had the opportunity to present at Open Angel Forum in Los Angeles alongside some other start-ups. I can say without blushing that OneLogin won hands down in the B2B category.

I can’t give Jason Calacanis enough credit for putting together the Open Angel Forum. This is the perfect venue for start-ups who want to get in front of angel investors. Jason and team (Tyler Crowley & Jason Krute) deserve kudos for a well arranged event.

Also, the kobe burgers served were delicious. And the bayonet? I am sure Jason will blog about that story himself that at some point.

Most people think of single sign-on as something large enterprises need for security. And it certainly has been so in the past, but with offerings like OneLogin, single sign-on is accessible to anyone. I recently heard someone at a small software start-up say:

   “we don’t have a large enough team to make a single sign-on program worthwhile“

That has been the conventional thinking in the past. But the cloud changes everything. People work remotely, teams are more autonomous and it’s easy and risk-free to sign up for new apps that help you get your work done. Our customers often use in the range of 15-25 different apps and software development shops even more. 

For the smaller business the incentive for using single sign-on is not the size of the organization, but the complexity of their software landscape. At the last count, we used 24 different apps and we know already that we’ll be adding 3 or 4 more soon. The ability for us to quickly access applications saves us valuable time. 

Application Programming Interfaces (APIs) make it possible to integrate existing applications in new and interesting ways. Today we are releasing the first iteration of OneLogin’s RESTful API, which enables customers and integrators to programmatically manage users in OneLogin.

The API is very straightfoward and is fully documented in our support forums.

    http://support.onelogin.com/forums/123045-api/entries

The documentation contains example of how you can experient with the API from command line. API access is available on all paid plans.