OneLogin Improves Access Flow in its Security Platform

Company said it has has completely re-architected its user authentication flow into a modular and extensible service.


OneLogin, which specializes in unified access management for enterprises, on Aug. 1 announced improvements to its security platform which feature a new login experience and the release of OneLogin Protect 4.0 authenticator.

These new additions are aimed to provide increased security and customization for both administrators and end users, the San Francisco-based company said.

OneLogin said it has has completely re-architected its user authentication flow into a modular and extensible service. The redesign provides a simpler experience for desktop and smartphone users and strengthened security controls for account administrators, the company said.

New features in the login include:

  • Multi-step authentication: Each authentication step now resides on a standalone page requiring a successful response for verification like the existence of a certificate, a valid username, correct password and multifactor authentication (MFA), for enhanced security.
  • One-click activation: The new login screen is optimized for mobile touchscreen displays with a new two-factor authentication setup wizard, making it much easier for users to register an MFA client, even if they only have a mobile device. In addition, users can do a one-click activation of the OneLogin Protect authenticator, eliminating a series of setup steps that most other MFA clients require.
  • Additional security measures: The new login flow includes mandatory second-factor registration and the ability to force authentication, which requires users to re-authenticate before being allowed access to a sensitive app.

The latest release of the OneLogin Protect 4.0 authenticator makes OneLogin’s solution one of the most secure authenticators available while improving usability and adding third-party support.

OneLogin Protect simplifies the customer experience by eliminating the need for multiple one-time passcode (OTP) authenticators on their iOS or Android mobile devices, reducing costs for their organizations and cutting management time.

OneLogin Protect provides enterprise-grade OTPs for both OneLogin and third-party cloud services, reducing the number of distinct authenticators that each user needs to manage on their devices.  OneLogin Protect enhances the security of corporate resources with policy-based actions that allow OneLogin Protect to behave differently based on user needs.

In keeping with OneLogin’s security-first mission, the company is hosting a Bug Bounty Bash in Las Vegas on Aug. 7, coinciding with Black Hat and DEF CON. Hackers will be flying in from all around the world to try to identify security flaws in OneLogin’s systems.

Each valid vulnerability submitted to OneLogin will receive a bounty which will be eligible for donation. All hackers have agreed to donate at least 50 percent of their proceeds to non-profit partners that promote diversity in information security like International Consortium of Minority Cybersecurity Professionals (ICMCP) and Queercon.

OneLogin’s Bug Bounty Bash will be awarding a big check to non-profit partners at 3 a.m. (Pacific time) Aug. 8, 2018 in Las Vegas.

For more information, go here.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...