For the best web experience, please use IE11+, Chrome, Firefox, or Safari

OneLogin Compliance Commitment

As a security-first company, data and privacy protection are our # 1 priority.

SOC 1 Type 2

A SOC 1 Type 2 report is an internal controls report specifically intended to meet the needs of the OneLogin customers’ management and their auditors, as they evaluate the effect of the OneLogin controls on their own internal controls for financial reporting. The OneLogin SOC 1 report examination was performed in accordance with the Statement on Standards for Attestation Engagements (SSAE) No. 16 and the International Standard on Assurance Engagements (ISAE) No. 3402, therefore it can be used by our customers and their auditors both the US and abroad. These reports are issued by independent third party auditors periodically.

What’s the primary purpose of this initiative?

Provide an independent assessment of OneLogin internal controls that are relevant to customers’ internal controls over financial reporting. The assessment includes a description of the controls, the tests performed to assess them, the results of these tests, and an overall opinion on the design and operational effectiveness of the same.

What’s the scope?

OneLogin’s SOC 1 Type 2 Report covers internal controls in the areas of risk management, logical access, change management, data security, and data availability.

How often are you evaluated/audited?

Audits are performed annually and a report covering January through December is issued in February.

Who is the primary audience?

Customers and their auditors.

Is there an ISAE 3402 Report?

The SOC 1 report follows both SSAE 16 and ISAE 3402 standards, so there is no need to issue a separate report.

Responsible Disclosures

We take security seriously at OneLogin. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Report a vulnerability or view our Security Hall of Fame

Are you a Security Researcher?

We are always looking for talented individuals with security experience.