For the best web experience, please use IE11+, Chrome, Firefox, or Safari

OneLogin Compliance Commitment

As a security-first company, data and privacy protection are our # 1 priority.

SOC 3

A SOC 3 report is a general use report of the SOC 2 reports which covers how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. These reports are issued by independent third party auditors covering the principles of Security, Availability, Confidentiality, and Privacy.

What’s the primary purpose of this initiative?

Provides an independent assessment of OneLogin’s security and privacy control environment. The assessment is designed to meet the needs of users who require assurance about the controls at a service organization.

What’s the scope?

The OneLogin’s SOC 3 scope is the same as our SOC 2 Type which covers the AICPA’s Trust Services Principles and Criteria for Security, Availability, Confidentiality, and Privacy.

How often are you evaluated/audited?

Audits are performed annually along with the SOC 2 Report and a report covering January through December is issued in February.

Who is the primary audience?

Customers and relevant third parties with a business need.

Responsible Disclosures

We take security seriously at OneLogin. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Report a vulnerability or view our Security Hall of Fame

Are you a Security Researcher?

We are always looking for talented individuals with security experience.