As a customer-focused organization, we are continually looking for new ways to make it simpler for our customers to use our products. And one of the most important steps in our users’ experience is, of course, how they login to access their apps.
As per our recent press release, we are introducing our customers to the next generation of our end-user authentication experience. Users will now benefit from a unified sign-in experience optimized for both desktop and mobile devices, while account administrators can have confidence in strong security controls.
Quick and secure app access from any device
According to Gartner, the typical mid-sized company uses a staggering 600 to 1,000 SaaS apps. OneLogin single sign-on has helped to mitigate the complexity of this application overload for years. But we wanted to reduce user friction even further, and provide users with secure app access without entering a password at all - when appropriate, of course.
Prior to this update, when a user logged into their OneLogin account, they were prompted to enter their username and password on the same login screen, which could also include a prompt for a second factor.
The next step after entering a username is usually a password. Other times it might be a single SMS OTP, or even a sequence of OTP’s, followed by SMS, followed by a password, etc.
But having both the username and password fields on a single page means that the user is always required to fill out both fields, even when the password may not be needed.
To reduce this unnecessary friction, we have updated the login sequence. Instead of seeing both the username and password on a single page, the end user will now be prompted with a series of steps — one for their username, one for a password, one for a second factor, and sometimes one for terms and conditions as determined by an account administrator.
What the user sees.
This new login sequence provides an intuitive single task UI for users, while also preparing OneLogin for future authentication flows where entering a password may not be needed.
It also works perfectly with OneLogin Desktop, a small software client that installs a digital certificate on your macOS or Windows system and turns the computer into a trusted device. When our system recognizes the certificate, the user is immediately authenticated and can proceed directly to the OneLogin Portal without needing to enter any other credentials.
The result is a better user experience that doesn’t compromise app data security.
A mobile-friendly login experience
As of Q3 2018, mobile web traffic made up just over half of all web traffic worldwide, compared to roughly 30% in 2015. But despite the increasing prevalence of mobile device use, getting work done on a mobile phone or tablet can still be a frustrating task.
That’s why it was so vital to us that the new login flow is also optimized for mobile users, regardless of where they are or what type of device they use.
The new multi-step login flow is optimized for both Android and iOS devices. In addition, when you are traveling internationally or don’t have access to high-speed 4G LTE mobile data, you can still login quickly and easily on mobile. To achieve this, we’ve skipped the process of loading your company’s background image on mobile so you can get to your login dialog faster.
The result is that mobile-first companies can avoid the frustration of logging in on a handheld device, and easily get to the apps they need to be productive.
Robust admin policies for enhanced security
Finally, giving admins the tools to enforce a robust set of policies was a top customer request. For example, admins can control whether or not MFA is required for users, as well as what types of MFA tools are acceptable.
Admins can specify which applications contain sensitive corporate data, and specifically require users to re-authenticate before accessing that app.
In addition, thanks to OneLogin’s Adaptive Authentication, once the user submits a username, OneLogin can decide what the next appropriate authentication step should be based on the user policy, app policy, and data from the OneLogin Risk Engine.
The risk engine constantly adapts to the user’s sign-in behavior based on various factors like network, geographic location, device fingerprint, and time of access to calculate a risk score for every login attempt.
If a user always logs in from the same network and location, with the same device, at the same time, for example, the risk score will likely be low. In this case, they may not need to be prompted with a password request at all. But if something seems off — for instance, if an account is trying to log in from a new location or device — the user may be prompted with a request for a password and OTP.
As a result, end users enjoy a minimal path of resistance to access their apps, while admins can rest assured that corporate data stays secure.
This latest generation of our login experience is now available. New customers will receive these updates automatically, while current customers can contact their customer success manager to adopt these changes.
Feel free to contact us with any questions!