For the best web experience, please use IE11+, Chrome, Firefox, or Safari

OneLogin Compliance Commitment

As a security-first company, data and privacy protection are our # 1 priority.

SOC 2 Type 2

A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. These reports are issued by independent third party auditors covering the principles of Security, Availability, Confidentiality, and Privacy.

What’s the primary purpose of this initiative?

Provides an independent assessment of OneLogin’s security and privacy control environment. The assessment includes a description of the controls, the tests performed to assess them, the results of these tests, and an overall opinion on the design and operational effectiveness of the same.

What’s the scope?

OneLogin’s SOC 2 Type 2 Report covers the AICPA’s Trust Services Principles and Criteria for Security, Availability, Confidentiality, and Privacy. The report also includes a mapping of the controls tested to ISO/IEC 27001:2013 Annex A / ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2014, HIPAA security requirements, and FFIEC’s examination guidelines for GLBA Information Security.

How often are you evaluated/audited?

Audits are performed annually and a report covering January through December is issued in February.

Who is the primary audience?

Customers and relevant third parties with a business need.

Responsible Disclosures

We take security seriously at OneLogin. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Report a vulnerability or view our Security Hall of Fame

Are you a Security Researcher?

We are always looking for talented individuals with security experience.