OneLogin
Generated by GPT-5-miniExpansion Funnel Raw 72 → Dedup 9 → NER 7 → Enqueued 4
| OneLogin | |
|---|---|
| Name | OneLogin |
| Type | Private |
| Industry | Identity and access management |
| Founded | 2009 |
| Founder | Thomas Pedersen; Tomer Weingarten |
| Headquarters | San Francisco, California |
| Key people | Brad Brooks; Garrett Gross |
| Products | Single sign-on; Multi-factor authentication; Identity governance |
OneLogin OneLogin is a cloud-based identity and access management (IAM) provider offering single sign-on, multi-factor authentication, and directory services for enterprise and small-to-medium organizations. Founded in 2009, the company operates from the San Francisco Bay Area and competes in a market alongside Okta, Microsoft Azure Active Directory, and Ping Identity. OneLogin's platform aims to simplify user access across cloud applications while supporting regulatory requirements invoked by authorities such as the U.S. Securities and Exchange Commission and frameworks influenced by the National Institute of Standards and Technology.
Overview
OneLogin provides a unified platform that connects users to applications, networks, and devices through centralized identity management. The service emphasizes integration with cloud services like Salesforce, Google Workspace, Amazon Web Services, and on-premises systems such as Active Directory and LDAP. Enterprise customers across sectors including Healthcare providers like Kaiser Permanente, Financial Services firms such as American Express, and technology companies employ OneLogin to implement access controls consistent with standards from bodies like the International Organization for Standardization and legal regimes including HIPAA and GDPR-related authorities.
History
Founded in 2009 by Thomas Pedersen and Tomer Weingarten, OneLogin emerged during a wave of identity startups addressing cloud adoption following major events like the launch of Amazon EC2 and the mainstreaming of Salesforce.com. The company secured venture funding from investors tied to firms such as Sequoia Capital and Scale Venture Partners while expanding its executive bench with leaders from companies including Google, Oracle Corporation, and Cisco Systems. Over time, OneLogin evolved product offerings to respond to industry shifts signaled by initiatives from NIST and the rise of zero trust discussion promulgated by think tanks and agencies like Forrester Research and the U.S. Department of Defense. The company has engaged in partnerships with integrators and managed service providers that serve clients in markets influenced by regulations such as SOX and directives originating from the European Commission.
Products and Services
OneLogin's portfolio includes single sign-on (SSO), multi-factor authentication (MFA), identity lifecycle management, and directory services. SSO connectors enable federated authentication with major software vendors including Workday, Box, Zendesk, and Slack Technologies. MFA capabilities support hardware tokens from vendors such as Yubico and standards like FIDO Alliance specifications and SAML 2.0. Identity lifecycle and governance features integrate with HR systems such as Oracle PeopleSoft and SAP SuccessFactors for automated provisioning and deprovisioning workflows. The company also offers adaptive authentication and context-based policies influenced by research from organizations like Gartner and standards committees at the Internet Engineering Task Force.
Security and Compliance
Security is central to OneLogin's product positioning, with controls designed to meet compliance obligations enforced by agencies including Office of the Comptroller of the Currency and frameworks such as SOC 2 and ISO/IEC 27001. Encryption practices align with recommendations from bodies like NIST and cryptographic approaches used by vendors including Microsoft and Google. OneLogin participates in third-party audits conducted by firms such as Ernst & Young and Deloitte to verify controls; it also offers logging and reporting integrations with security information and event management platforms such as Splunk and IBM QRadar. Privacy disclosures reference requirements under statutes like California Consumer Privacy Act and enforcement from entities like the Federal Trade Commission.
Integrations and APIs
A core strength of OneLogin is its catalog of pre-built connectors and open APIs that enable custom integrations with enterprise ecosystems. The platform supports protocol standards including OAuth 2.0, OpenID Connect, and SAML, permitting interoperability with cloud providers such as AWS, Google Cloud Platform, and Microsoft Azure. Developer tooling and SDKs facilitate integration with continuous integration services like Jenkins and identity-aware proxies utilized in deployments with orchestration platforms such as Kubernetes. OneLogin's API surface supports provisioning via SCIM, enabling synchronization with human resources systems like Workday and ADP, Inc. and integration with ticketing systems from ServiceNow.
Incidents and Criticism
OneLogin has faced security incidents and subsequent criticism that influenced industry discourse on cloud identity risk. High-profile breaches affecting identity providers have prompted scrutiny from publications such as The Wall Street Journal and investigative reporting by outlets like Wired and The New York Times. Security researchers from groups including Mandiant and Krebs on Security have analyzed attack vectors involving credential theft, privileged account access, and the use of multi-factor failures. Critics have called for stronger transparency and faster disclosure practices aligned with guidance from regulators like the FTC and recommendations from cybersecurity standard-setters including CISA. In response, vendors in the IAM sector, including OneLogin peers, updated practices around incident response, customer notifications, and enhanced authentication mechanisms promoted in whitepapers by NIST and advisory firms such as PwC.