For the best web experience, please use IE11+, Chrome, Firefox, or Safari
OneLogin Logo

Let users in, lock intruders out

Frictionless for users, ruthless on threats

Attackers no longer “break” in. Instead, they log in using an existing user’s credentials. Account takeovers access environments and create opportunities for threat actors to move laterally. OneLogin helps defend your organization from account takeovers and lateral movement by enabling you to let users in, and lock intruders out.

Protecting user accounts, securing application access and locking intruders out

Powered by machine learning, OneLogin’s Vigilance AITM analyzes a broad range of inputs such as location, device and user behavior to calculate a risk score and determine the most appropriate security action to take for each login attempt. Depending on the detected level of risk, the authentication factors are adjusted to grant access to users, and lock out intruders.
Protecting user accounts, securing application access and locking intruders out
Less hassle for trusted users

Less hassle for trusted users

When Vigilance AI determines user behavior to be typical, it will lower authentication requirements to make logins easier for your users. For instance, when an employee frequently works from home, on the same device, from the same network, a password may be sufficient, rather than a full multi-factor authentication (MFA) challenge.
Lock out risks, let the right users in

Lock out risks, let the right users in

When anomalous or risky activity is detected, a user may be required to authenticate using factors other than text-based passwords, including MFA, certificates and biometric data. OneLogin also empowers users to configure custom authentication flows and embrace the next generation of authentication technology.
Configure your authentication flows

Configure your authentication flows

OneLogin lets you define authentication flows based on user policy to defend against brute force attacks, reduce account lockout and enable frictionless logins for low-risk users.

  1. Enable passwordless authentication for users on a trusted device
  2. Check the user’s ID and device first and then, based on the risk score, prompt for an additional factor only if needed
  3. Use OneLogin Protect to remove friction by letting users simply respond to an MFA push notification on their mobile device.

Get started now

Secure all your apps, users, and devices