Single Sign-On (SSO) for Active Directory

One-click Access to All Apps on top of Active Directory Infrastructure

Reduce Integration Costs & Complexity

When combined with OneLogin, Active Directory takes on powerful new capabilities to control real-time access to SaaS, web, desktop, and mobile applications– and there’s no need to embark on a complex Active Directory integration project for each new app. From single domain environments to complex directory infrastructures, OneLogin makes it easy to extend Active Directory to the Cloud.

One Secure SSO Portal for All Apps

With OneLogin's single sign-on portal users only have to enter one set of credentials to access to their web apps in the cloud and behind the firewall – via desktops, smartphones and tablets. This greatly increases productivity while keeping data secure. OneLogin's policy-driven password security and multi-factor authentication ensure that only authorized users get access to sensitive data. You can implement more demanding password policies such as required length, complexity and restrictions on password reuse, as well as session timeout and password reset self-service policy to heighten protection without impeding your users.

User Provisioning to Eliminate Manual Work and Increase Compliance

OneLogin performs real-time user provisioning/deprovisioning with entitlements into a growing list of SaaS applications, such as Salesforce, DocuSign and Box. Users are imported into SaaS applications, based on Active Directory attribute mappings and business rules that you define in OneLogin, eliminating manual work and protecting the organization from unwarranted access by departed employees.

Real-time Active Directory integration is useful when people join an organization, or gain responsibilities, but absolutely critical when they leave or lose responsibilities. With OneLogin, you can instantly disable app access for leavers in real time by removing them from Active Directory, and there’s no need to check back later.

OneLogin provides flexibility around Active Directory Groups while also adding in Roles as an additional administrative capability. For example, you can use any attribute in Active Directory as an indicator for assigning roles (groups of applications), group memberships (policies), as well as perform bulk operations (like activating users).

Learn more – Managings Users in OneLogin »

Real-Time Architecture Keeps Everything in Sync

OneLogin’s Active Directory single sign-on integration deploys in minutes. It scales to support dozens of domains, tens of thousands of OUs (Organizational Units), and millions of users and security groups. The OneLogin Active Directory Connector (ADC) installs as a simple Windows service that subscribes to change notifications instead of scanning the full directory. Updates appear in milliseconds and there’s no need for a dedicated server. Furthermore, OneLogin supports multiple ADC instances for failover, traffic load-balancing, and multi-domain sync.

While others claim “real-time”, OneLogin offers true real-time bi-directional synchronization and authentication across Active Directory domains, trees and forests. A faster sync means increased security and greater peace of mind.

Learn more – See how Steelcase Synchronizes four Active Directory instances across the globe in real-time »

Integrated Windows Authentication for Fast SaaS Access

OneLogin leverages Microsoft’s Integrated Windows Authentication to authenticate users to OneLogin when they are logged in to their office computer. When employees are on the corporate network and signed in with their Windows credentials, they can use Desktop SSO (from a PC or Mac) to get one-click access to their web applications. There’s no need for additional usernames or passwords, just like on-prem apps. To minimize network complexity, the same OneLogin ADC also enables Desktop SSO.

Unify Multiple Directories

Most applications are only able to integrate with one directory per customer, but OneLogin overcomes this limitation. OneLogin can import users from several Active Directory domains in conjunction with other directories such as LDAP-based directories like OpenDirectory, or SaaS directories like Google Apps and Workday. OneLogin can combine mixed directory types and present them as a unified meta-directory to other applications for federation via SAML.

For example, you might have employees in Active Directory, customers in LDAP, and contractors in OneLogin. Use OneLogin to present them as a unified directory to your company’s web applications.

Self-Service Password Reset

OneLogin’s self-service password reset functionality synchronizes password changes across Active Directory, the OneLogin portal, as well those web applications secured with OneLogin. When a user’s password expires in Active Directory, they will be prompted to change their password the next time they log into OneLogin.

Users can also proactively change their Active Directory password through OneLogin by selecting Change Password in their OneLogin portal. When a user changes their password through their portal, OneLogin will keep the password synchronized with AD and any cloud applications where password provisioning is active.

Learn More – Self-Service Password Reset in the Cloud »

Extending Active Directory On-Premise and To The Cloud: Wifi, VPN, Custom Applications

OneLogin offers not only a cloud directory but a full identity platform for various integrations in the enterprise. OneLogin offers cloud RADIUS and LDAP interfaces for secure integrations to appliances such as Wifi and VPN, a Web Access Management solution for legacy applications , and an API for automating tasks and integrating custom applications. Contact us for more informations and a customized demo.

Secure all your apps, users, and devices