How our new login experience is enhancing both security and usability

As a customer-focused organization, we are continually looking for ways to make it simpler for our customers to use our products. And one of the most important steps in our users’ experience is, of course, how they log in to access their apps.

With OneLogin, users are introduced to the next generation of end-user authentication experience. Users benefit from a unified sign-in experience optimized for both desktop and mobile devices, while account administrators have confidence in strong security controls.

Quick and secure app access from any device

According to Gartner, the typical mid-sized company uses a staggering 600 to 1,000 SaaS apps. OneLogin single sign-on has helped to mitigate the complexity of this application overload for years. But we wanted to reduce user friction even further, and provide users with secure app access without entering a password at all – when appropriate, of course.

To reduce this unnecessary friction, we have updated the login sequence. Instead of seeing both the username and password on a single page, the end user will now be prompted with a series of steps — one for their username, one for a password, one for a second factor, and sometimes one for terms and conditions as determined by an account administrator.

Multi-step login

Multi-step login

What the user sees.

This new login sequence provides an intuitive single task UI for users, while also preparing OneLogin for future authentication flows where entering a password may not be needed.

It also works perfectly with OneLogin Desktop, a small software client that installs a digital certificate on your macOS or Windows system and turns the computer into a trusted device. When our system recognizes the certificate, the user is immediately authenticated and can proceed directly to the OneLogin Portal without needing to enter any other credentials.

The result is a better user experience that doesn’t compromise app data security.

A mobile-friendly login experience

As of May 2020, the total number of internet users is more than 4 Billion world wide. Roughly half of that internet usage is through mobile phones. In countries like the United States, 78% of the population access the internet through their mobile device. Despite the increasing prevalence of mobile device use, getting work done on a mobile phone or tablet can still be a frustrating task.

That’s why it was so vital to us that the login flow is also optimized for mobile users, regardless of where they are or what type of device they use.

User-friendly mobile device login screen

The new multi-step login flow is optimized for both Android and iOS devices. In addition, when you are traveling internationally or don’t have access to high-speed 4G LTE mobile data, you can still login quickly and easily on mobile. To achieve this, we’ve skipped the process of loading your company’s background image on mobile so you can get to your login dialog faster.

The result is that mobile-first companies can avoid the frustration of logging in on a handheld device, and easily get to the apps they need to be productive.

Robust admin policies for enhanced security

Finally, giving admins the tools to enforce a robust set of policies was a top customer request. For example, admins can control whether or not multi-factor authentication (MFA) is required for users, as well as what types of MFA tools are acceptable.

Admin screen

Admins can specify which applications contain sensitive corporate data, and specifically require users to re-authenticate before accessing that app.

In addition, thanks to OneLogin’s SmartFactor Authentication™️, once the user submits a username, OneLogin can decide what the next appropriate authentication step should be based on the user policy, app policy, and data from the Vigilance AI™️.

The risk engine constantly adapts to the user’s sign-in behavior based on various factors like network, geographic location, device fingerprint, and time of access to calculate a risk score for every login attempt.

If a user always logs in from the same network and location, with the same device, at the same time, for example, the risk score will likely be low. In this case, they may not need to be prompted with a password request at all. But if something seems off — for instance, if an account is trying to log in from a new location or device — the user may be prompted with a request for a password and one-time password (OTP).

As a result, end users enjoy a minimal path of resistance to access their apps, while admins can rest assured that corporate data stays secure.

Available now

Sign up for a demo to see how friction-free signing in to your OneLogin portal can be!

Feel free to contact us with any questions!

About the Author

Dusan Vitek

Dusan Vitek is Director of Product Management at OneLogin. He co-founded the identity and access management startup, Portadi, which was acquired by OneLogin in June 2016. Prior to Portadi, he had spent 15+ years in the Internet security industry. Dusan loves technology products, and enjoys building the companies that offer simple solutions to complex problems.

Related Articles