Item: OneLogin by One Identity
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

Due to the multitude of sites that need to be accessed by its community members, Berklee decided to implement a web single sign-on solution. The solution aimed at serving multiple purposes:

Simplify access to the various application
Increase security by enabling the roll-out of two-factor authentication
Increase automation around provisioning and de-provisioning of accounts.

OneLogin was the best solution in terms of ease of implementation and maintenance, and the most cost effective. All of our community members eligible for accounts (employees, students, alumni, contractors) use the platform to authenticate to more than fifty (50) web-based applications.

Pros and Cons

Numerous predefined connectors: Those connectors to the most popular applications allow to have a quick start.
Easy integration with various directory solutions: This allows to quickly setup an existing set of users with no password change, whether they are managed in Active Directory, OpenLDAP, G-Suite
Availability of APIs: The APIs offered allow to manage users and users attributes and allow to have more flexibility to provision data to and from the platform.

Lack of administrative APIs for creating or setting up new connectors: This prevents the automated integration to federations and requires manual setup rather than discovery-based automated setup.
Customization of the interface: The potential configuration of the interface are still limited at the moment (logo, primary and secondary colors, background). This prevents the usage of the platform as a communication medium or to organize the space in a more standard fashion (for our institution)
There are some limitations with using the apps provisioning APIs that can lead to some termination or provisioning actions not being completed

Most Important Features

Delivered connectors
APIs available to get and update data
Multi factor authentication
Available logs
Directory service

Return on Investment

OneLogin made it easier to roll-out new services to our Alumni population, increasing our engagement with our community
IT Operations now spends less time managing accounts and can focus on other tasks

Alternatives Considered

Okta Workforce Identity, Salesforce Identity and Gluu

With similar functionalities, OneLogin was the most cost effective solution. We also compared OneLogin to on prem open source solutions but we were worried about the management overhead that would be required by such systems. Cloud services like OneLogin were allowing to limit that overhead as there is almost no infrastructure to maintain

Key Insights

Do you think OneLogin by One Identity delivers good value for the price?

Yes

Are you happy with OneLogin by One Identity's feature set?

Yes

Did OneLogin by One Identity live up to sales and marketing promises?

Yes

Did implementation of OneLogin by One Identity go as expected?

Yes

Would you buy OneLogin by One Identity again?

Yes

Other Software Used

Identity Automation RapidIdentity, Duo / Cisco Secure Access, by Duo, Rapid7 InsightVM (Nexpose)

Likelihood to Recommend

OneLogin is well suited for environments that are fairly standard and in which teams do not have a lot of technical expertise in the various single sign-on protocols. The setup and maintenance is very easy while providing a really robust service.

The lack of possible customization could make it less attractive for specific environments that do not have standards in their infrastructure.

OneLogin allows enabling simpler identity and access management on web-based services

Overall Satisfaction with OneLogin