For the best web experience, please use IE11+, Chrome, Firefox, or Safari

OneLogin Compliance Commitment

As a security-first company, data and privacy protection are our # 1 priority.


UK public sector organizations and arm’s length bodies can use the Digital Marketplace to buy cloud-based services. In order to do so, suppliers must agree to and abide by the G-Cloud framework and OneLogin participates in this program.

What’s the primary purpose of this initiative?

Provide OneLogin service data to UK public sector organizations and arm’s length bodies according to G-Cloud framework requirements.

What’s the scope?

The G-Cloud framework requires a supplier declaration which contains standard data elements that enable organizations to evaluate suppliers based on the same criteria. Data elements include information on the support of open standards, onboarding and offboaring, provisioning, data storage, asset protection and resilience, vulnerability management, and incident management, among others.

How often are you evaluated/audited?

Each G-Cloud framework iteration typically lasts for 12 month periods, at which point a new iteration is created and suppliers must submit a new declaration based on that iteration’s requirements.

Who is the primary audience?

UK public sector organizations and arm’s length bodies.

Responsible Disclosures

We take security seriously at OneLogin. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Report a vulnerability or view our Security Hall of Fame

Are you a Security Researcher?

We are always looking for talented individuals with security experience.