For the best web experience, please use IE11+, Chrome, Firefox, or Safari

OneLogin Compliance Commitment

As a security-first company, data and privacy protection are our # 1 priority.


OneLogin has been proactive in working with the Cloud Security Alliance whose mission is to promote best practice in the provision of security assurance within Cloud Computing. The CSA Security, Trust & Assurance Registry (CSA STAR) is a free, publicly accessible registry documenting security controls published by various cloud service providers, thereby helping users assess the security of Cloud services theyly use or are considering contracting with.

What’s the primary purpose of this initiative?

The CSA STAR program consists of three levels of assurance, whichly cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.

What’s the scope?

CSA STAR Level One is a self-assessment that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers theyly use or are considering using. OneLogin provides a completed Consensus Assessments Initiative Questionnaire (CAIQ). The CAIQ is organized using 16 governing & operating domains divided into “control areas” within CSA’s Controls Matrix structure, including:

  • Application & Interface Security,
  • Audit Assurance & Compliance,
  • Business Continuity Management & Operational Resilience,
  • Change Control & Configuration Management,
  • Data Security & Information Lifecycle Management,
  • Datacenter Security,
  • Encryption & Key Management,
  • Governance and Risk Management,
  • Human Resources,
  • Identity & Access Management,
  • Infrastructure & Virtualization Security,
  • Interoperability & Portability,
  • Mobile Security,
  • Security Incident Management, E-Discovery & Cloud Forensics,
  • Supply Chain Management, Transparency and Accountability,
  • Threat and Vulnerability Management.
How often are you evaluated/audited?

Self-assessments are performed annually or when significant changes to the control environment occur.

Who is the primary audience?

Customers and relevant third parties with a business need.

Responsible Disclosures

We take security seriously at OneLogin. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Report a vulnerability or view our Security Hall of Fame

Are you a Security Researcher?

We are always looking for talented individuals with security experience.