For the best web experience, please use IE11+, Chrome, Firefox, or Safari
OneLogin + One Identity delivering IAM together. Learn more

Identity Federation and SSO for SaaS Applications

Support Secure, Cross-company, Cross-domain Access with One Set of Credentials

Challenge

IT is pressured to provide easy access to an exploding number of cloud applications as quickly as possible to meet business needs while keeping company data secure. But rolling out app access securely, especially when having to deal with older assets such as LDAP servers or Active Directory forests behind a corporate firewall, is slow, costly, and frustrating.

Solution

Solution

Industry analyst Gartner reports that a growing number of companies are choosing to use identity and access management as a service (IDaaS) to provide federation capabilities rather than on-premises federation solutions, and the use of federation IDaaS is becoming more common especially for single sign-on (SSO) to SaaS application use cases.

Federated Identity Management

OneLogin supports a federated identity management architecture that creates an additional tier connecting between SaaS applications to existing corporate directories such as Active Directory or LDAP. This federation tier logs in users into SaaS applications by passing the application a secure token such that user credentials are never passed directly in case one gatekeeper gets compromised.

Large App Catalog

This solution works well for the vast majority of popular applications such as Salesforce and Marketo, as well as custom or third-party application that supports a standard protocol like SAML or OpenID. In addition, OneLogin offers free open source SAML extensions for applications which do not yet support identity federation.

Benefits

With OneLogin, the federation of identity seamlessly enables the portability of identity information across otherwise autonomous security domains so employees can easily get into internal or external applications, while both partners and customers can securely access company data or systems, without the need for redundant user administration.

OneLogin comes with additional benefits such as an app catalog with pre-integrated applications for faster integration, Single Sign-On with Multi-Factor Authentication, and role-based access control policies.

Key benefits of identity federation include:

Increased Security
Reduced Cost
Unified Control
  • Identity federation leverages standard, secure protocols as SAML, OpenID and OAuth, such that only active users in the corporate directory are allowed access to apps based on policy, while unnecessary per-app passwords are eliminated.
  • Requesting identity assertions from a partner domain rather than maintaining directories of the partner's employees reduces the risk of inappropriate access.
  • Single Sign-On (SSO) to authenticate the user once, and then use that identity information across multiple systems including external websites significantly reduces risk.
  • Multi-Factor Authentication (MFA) adds additional security, especially for remote application access.

University of Mary Hardin-Baylor

Trying to spin up ADFS and the directory sync tool, it's just mind-numbingly painful. But with the OneLogin one-click install, we were in and out, and done with the implementation in just a matter of minutes.

MATT IRVINE Director of Media Services

Interactive Intelligence

We have created SAML connectors for our ordering, discounting, licensing, and support ticketing systems, and SharePoint-based portals for our partners and customers using OneLogin’s SAML Toolkits. They are external-facing systems that we secure with OneLogin, so our partners can use single sign-on for those applications, as well as for Salesforce, ServiceNow, Concur and Workday.

NIRAV SHAH Director of Information Systems

Secure All Your Apps, Users, and Devices

Background Information

With OneLogin, the federation of identity seamlessly enables the portability of identity information across otherwise autonomous security domains so employees can easily get into external applications, while both partners and customers can securely access company data or systems, without the need for redundant user administration.

OneLogin supports a federated identity management architecture that creates an authentication tier in the middle of multiple authorization infrastructures, where user credentials are never passed around directly in case one gatekeeper gets compromised. The federated tier lets developers write apps that communicate by using a common set of APIs rather than having to master the APIs of the services behind them, significantly streamlining authentication and authorization in a highly secure fashion.

OneLogin’s cloud-based Identity and Access Management (IAM) solution enables you to connect multiple external directories with up to hundreds of thousands of users to thousands of cloud and on-premise applications. You can set up a new account, connect multiple corporate directories and add several key applications within as little an hour.