Adaptive Authentication

Identify and respond to high‑risk logins

Detect High-Risk Logins to Trigger the Right Security Action

OneLogin Adaptive Authentication uses machine learning to determine whether to prompt users for multi-factor authentication (MFA). It uses a broad set of inputs, including networks, devices, geography, and time, to build a user profile to score the risk of new login attempts. Login attempts with elevated risk scores get prompted for multi-factor authentication, either from OneLogin Protect or a third-party authentication provider.

How Adaptive Authentication Works

OneLogin Adaptive Authentication uses machine learning, which analyzes a broad range of inputs, to calculate risk scores and determine the most appropriate security action.

NETWORK REPUTATION

GEOGRAPHIC LOCATION

  • • Blacklisted country
  • • New country or city

DEVICE FINGERPRINTING

  • • New device
  • • Type of OS
  • • New or infrequently used OS
  • • New or infrequently used browser

TIME ANOMALIES

  • • Unusual time of day
  • • Unusual user movement
  • • Access from two distinct locations

RISK SCORE

ONE-TIME PASSWORD

SECURITY QUESTIONS

GRANT ACCESS

Machine Learning Rules!

Static rules do not provide the optimal balance between usability and security. For example, being on the corporate Wi-Fi does not necessarily mean that a user login is safe. Conversely, a remote worker at their home office can be perfectly trusted as confidence is built about the user’s location and behavior on that device. OneLogin’s machine learning tracks user behavior over locations and devices and builds a behavior profile against which authentication decisions can be risk scored in real time and used to trigger multi-factor authentication.

"OneLogin has strengthened its adaptive authentication capabilities by incorporating user behavior analytics."

Garrett Bekker
Principal Analyst, Information Security at 451 Research

"I ♥ OneLogin because it allows me to enforce two-factor authentication on pretty much any application."

Matt Thorne
Head of IT, Pinterest

Usability Drives Security

With password breaches on the rise, multi-factor authentication has become the norm to secure access to data. However, users often find one-time password solutions a nuisance because they are hard to use. OneLogin Protect removes friction from multi-factor authentication by letting users simply respond to a push notification on their smartphone or Apple Watch during the login process. OneLogin Protect is available on the Apple and Android app stores, and works for BYOD and company-owned devices.

SMS Authentication

For users without smartphones, one-time passwords sent over SMS can provide an additional authentication factor. It can be used as an additional layer of security for self-service password reset: instead of contacting the corporate helpdesk, users can use a one-time password sent to their phone to authenticate identity and reset their password via OneLogin's web interface.

Security Questions

As a non-technical alternative to SMS and email, security questions can be used as an additional authentication factor for sign-in and password reset. OneLogin comes with dozens of standard questions that are available in all 20+ languages supported.

Plays Nicely with Others

Already using a two-factor authentication provider? OneLogin Adaptive Authentication integrates with a number of third-party authentication providers:

Dive In to Learn More

Visit our support for detailed information about OneLogin Adaptive Authentication

READ DOCUMENTATION

Secure All Your Apps, Users, and Devices