As you begin to prepare for the eventual return to the workplace, we are continually working on enhancing the OneLogin platform to help you support a hybrid work environment now and in the future.
Our Spring ‘21 Release highlights new features and functionality that include improving the authentication experience for end-users as well as providing greater customization and security controls for administrators and developers. These new feature capabilities span three key areas:
Read on to find out more!
What are we announcing?
Security & Experience
To prepare for a return to the workplace in the very near future, it is important to ensure the multi-factor authentication process is seamless for end-users whether they are working from home one day, working part-time from the office, or are on the-go. The following updates greatly enhance the level of security controls available to admins and the ability to customize different aspects of the authentication experience.
- Self Service Account Unlock: Enable end-users to unlock their account without having to reset their password. Submitting an authentication factor instead of requiring a password change greatly improves the usability and convenience of accessing the apps your users need when they are locked out of their account.
- New Options for MFA SMS: Not only can you now specify the OTP timeout and OTP format–either numeric or alphanumeric–but you can also customize the text message if desired. These updates allow you to adjust security requirements for improved usability and deliver a seamless, personalized experience for your users.
- Admin-Generated OTP Customization: You can now set the expiration of an admin-generated token from 15 minutes to 3 days. This enables better security with more control over the expiry of single-use and multi-use tokens. Quickly revoke the token at any time to immediately cut off access and defend against account compromise in the future.
- Custom Icons for MFA Factors: Customize the user experience by providing custom, rebranded icons for MFA factors, such as WebAuthn, Email, Voice, and more. End-users see these icons in their user profile and during login when selecting the auth factors available for completing the MFA requirement.
- Bypass MFA for Trusted Devices: Configure the User Policy under MFA settings to allow MFA bypass for trusted devices so that when users are authenticating using a trusted certificate, they will not be prompted for MFA. This helps improve user convenience, while also ensuring only trusted devices are permitted to gain access to valuable company resources.
As part of this release, we are announcing several exciting new features that allow you to tightly integrate OneLogin with other systems, including homegrown applications. Our low-code approach means you can extend OneLogin functionality across your environment and get up and running faster.
- Pre-Authentication Hook: Create new authentication flows by dynamically assigning the user policy at login time to implement the principle of least privilege access and achieve zero trust security across your environment.
- User Migration Hook: Progressively migrate users from another system to OneLogin without requiring users to change their password and without interrupting the experience.
The administrator experience continues to be a key investment area of the OneLogin platform. In this release, we have added new early preview features that enable you to further control and define access privileges and gain a high-level view of your overall security posture. Plus, new app connectors to enable user provisioning.
- Delegated Administration: Delegate administrative access to various parts of the organization at a granular level to control and improve your security footprint using the principle of least privilege and grant access only when truly needed. Please sign up for the early preview program or contact your OneLogin rep to try out this new feature.
- Admin Insights Dashboard: Improve your security posture by tracking certificates, login activity (and more) at a high level. Provide standardized reports on a regular basis to other stakeholders across your organization. We’ll be rolling out slowly to all users, but if you want to test it out yourself today, go to mycompany.onelogin.com/admin2/dashboard and provide feedback!
- New Provisioning Connectors: We added SCIM connectors for TerraTrue, Keeper, Twingate, and Contentstack to enable automated user provisioning in OneLogin.