Adaptive Authentication

Identify and respond to high‑risk logins

Detect High-Risk Logins to Trigger the Right Security Action

OneLogin Adaptive Authentication uses machine learning to determine whether to prompt users for multi-factor authentication (MFA). It uses a broad set of inputs, including networks, devices, geography, and time, to build a user profile to score the risk of new login attempts. Login attempts with elevated risk scores get prompted for multi-factor authentication, either from OneLogin Protect or a third-party authentication provider.

Dive In to Learn More

Read our product datasheet for more information about OneLogin Adaptive Authentication


How Adaptive Authentication Works

OneLogin Adaptive Authentication uses machine learning, which analyzes a broad range of inputs, to calculate risk scores and determine the most appropriate security action.



  • • Blacklisted country
  • • New country or city


  • • New device
  • • Type of OS
  • • New or infrequently used OS
  • • New or infrequently used browser


  • • Unusual time of day
  • • Unusual user movement
  • • Access from two distinct locations





Machine Learning Rules!

Static rules do not provide the optimal balance between usability and security. For example, being on the corporate Wi-Fi does not necessarily mean that a user login is safe. Conversely, a remote worker at their home office can be perfectly trusted as confidence is built about the user’s location and behavior on that device. OneLogin’s machine learning tracks user behavior over locations and devices and builds a behavior profile against which authentication decisions can be risk scored in real time and used to trigger multi-factor authentication.

"OneLogin has strengthened its adaptive authentication capabilities by incorporating user behavior analytics."

Garrett Bekker
Principal Analyst, Information Security at 451 Research

Usability Drives Security

With password breaches on the rise, multi-factor authentication has become the norm to secure access to data. However, users often find one-time password solutions a nuisance because they are hard to use. OneLogin Protect removes friction from multi-factor authentication by letting users simply respond to a push notification on their smartphone or Apple Watch during the login process. OneLogin Protect is available on the Apple and Android app stores, and works for BYOD and company-owned devices.

SMS Authentication

For users without smartphones, one-time passwords sent over SMS can provide an additional authentication factor. It can be used as an additional layer of security for self-service password reset: instead of contacting the corporate helpdesk, users can use a one-time password sent to their phone to authenticate identity and reset their password via OneLogin's web interface.

Security Questions

As a non-technical alternative to SMS and email, security questions can be used as an additional authentication factor for sign-in and password reset. OneLogin comes with dozens of standard questions that are available in all 20+ languages supported.

Plays Nicely with Others

Already using a two-factor authentication provider? OneLogin Adaptive Authentication integrates with a number of third-party authentication providers:

Dive In to Learn More

Visit our support for detailed information about OneLogin Adaptive Authentication


Secure all your apps, users, and devices