Enhancements to OneLogin’s Unified Access Management Platform Advance MFA Adoption in the Enterprise

August 1st, 2018

Advanced Authentication Capabilities Put to the Test at Black Hat Cybersecurity Event

SAN FRANCISCO, Calif., August 1, 2018OneLogin, the industry leader in Unified Access Management, today announced platform enhancements that significantly advance Multi-Factor Authentication (MFA) adoption in the enterprise with a new login experience and the release of OneLogin Protect 4.0. These advancements provide increased security and customization for both administrators and end users while delighting customers with a great user experience.

In the face of growing cyber security threats today, enterprise IT environments are becoming increasingly complex and costly to manage. These challenges require identity and access solutions that manage both cloud-based and on-premise applications. OneLogin’s new login experience and OneLogin Protect 4.0 reduce complexity while delivering best-in-class security features to the more than 2,000 enterprises globally who secure their applications with OneLogin.

“Everyone knows that MFA is the most effective way to protect against weak passwords, but cost and usability are all too often the biggest barriers to enterprise adoption,” said Thomas Pedersen, Chief Technology Officer and Founder of OneLogin. “The enhancements we have implemented strengthen security and allow organizations to deploy MFA tailored to their needs.”

Unveiling OneLogin’s New Login Experience

OneLogin has completely re-architected its user authentication flow into a modular and extensible service. The redesign provides a seamless experience for desktop and smartphone users while delivering strengthened security controls for account administrators.

New features in the login experience include.

  • Multi-step authentication: Instead of prompting the user for username and password at the same time, each piece of information is now captured on a separate page. This allows for more dynamic authentication flows that break the process down into simple and more flexible steps, improving the login experience and reducing failed login attempts.
  • One-click activation: The new login screen is optimized for mobile touchscreen displays with a new two-factor authentication setup wizard. This makes it much easier for users to register an authentication factor, even if they only have a mobile device. In addition, users can activate the OneLogin Protect in one-click, eliminating a series of setup steps that most other vendors require.
  • Additional security measures: The new login flow includes mandatory second-factor registration and the ability to force authentication. This requires users to re-authenticate before being allowed access to a sensitive app.

OneLogin Protect 4.0 Release Streamlines Security

OneLogin Protect 4.0 simplifies the customer experience by eliminating the need for multiple one-time passcode (OTP) authenticators on iOS or Android mobile devices, reducing costs for organizations and cutting management time. The latest release of OneLogin Protect makes it one of the most secure authenticators available while enhancing usability, adding third-party support and reducing costs for enterprises.

OneLogin Protect improves usability and the overall customer experience in the following ways:

  • Cost Reduction: OneLogin Protect is a soft token, which results in significant savings as compared to traditional hard tokens. The solution provides enterprise-grade OTPs for both OneLogin and third-party cloud services, reducing the number of distinct authenticators that each user needs to manage on their devices and eliminating the need for multiple access vendors.
  • Push Notifications: With OneLogin Protect, users receive push notifications that they simply click to accept, rather than being required to manually enter a code for authentication. This saves time and enhances the user experience.
  • Risk Scoring: By leveraging OneLogin’s adaptive authentication in conjunction with Protect, users will be asked for MFA only when the risk is deemed to be high. For example, the MFA will be requested in situations such as signing in from a new browser or country for the first time or originating from a suspicious IP address.
  • For more information about OneLogin Protect, please visit our blog.

Putting OneLogin’s Security to the Test at Black Hat

In keeping with OneLogin’s security-first mission, the company is hosting a Bug Bounty Bash in Las Vegas on Tuesday, August 7th, coinciding with Black Hat and DEF CON. Hackers will be flying in from around the world to try to identify security flaws in OneLogin’s systems. Each valid vulnerability submitted to OneLogin will receive a bounty, which will be eligible for donation. All hackers have agreed to donate at least 50 percent of their proceeds to non-profit partners that promote diversity in information security, like the International Consortium of Minority Cybersecurity Professionals (ICMCP) and Queercon.

“At OneLogin, data and privacy are our number one priority. The OneLogin security team strives to keep our systems safe and secure amid evolving global threats,” said Justin Calmus, Chief Security Officer at OneLogin. “Part of what makes us the world-class team that we are today is that we embrace a hacker mindset. We’re diligent in seeking out and eliminating vulnerabilities in our systems before there is a problem. I’m looking forward to seeing what my hacker friends will find, and even more excited to be able to advance the diversity revolution with our non-profit partners.”

“It’s exciting to take part in OneLogin’s Bug Bounty Bash supporting diversity in cybersecurity,” said Aric K. Perminter, President of ICMCP. “Together, we as a community can enact change for underrepresented women and minorities in this fast-growing field, and what better place to capture the attention of the industry than in Vegas this week.”

“We are thrilled to be partnering with OneLogin on this important initiative,” said Jason Painter, President of Queercon. “As the largest social network of LGBTQ hackers from around the world, we welcome the opportunity to partner with companies like OneLogin to bring attention to and advance diversity in the cybersecurity field. On behalf of Queercon, I want to thank everyone for participating in OneLogin’s Bug Bounty Bash and supporting diversity in the InfoSec community.”

OneLogin’s Bug Bounty Bash will be awarding a big check to non-profit partners the morning of August 8th, 2018 in Las Vegas. To learn more about these developments and speak with OneLogin directly, visit the OneLogin booth #1625 at Black Hat.

About OneLogin, Inc.

OneLogin, the leader in Unified Access Management, connects people with technology through a simple and secure login, empowering organizations to access the world™. The OneLogin Unified Access Management (UAM) platform is the key to unlocking the apps, devices, and data that drive productivity and facilitate collaboration. OneLogin serves businesses and partners across a multitude of industries, with over 2,000 customers worldwide. We are headquartered in San Francisco, California. For more information, visit www.onelogin.com, Blog, Facebook, Twitter, or LinkedIn.

Secure All Your Apps, Users, and Devices