The cloud + security is achievable with identity management best practice. OneLogin provides cloud admins an “easy-button” to parse out sub-account application access without permitting user self-administration. In fact, their users enjoy many such “easy-buttons.” Once inside the OneLogin Single-Sign-On (SSO) portal, users see all of their available applications, projects, resources, or access-jump-points in a tiled layout as they are added or removed from projects. They needn’t know the login and password for these resources—in fact, we don’t want them to know. My users are never allowed administrative controls beyond their role on the project, because their work is transient.
OneLogin (serving as the identity provider: IDP) has pre-established trust relationships with all of my cloud service providers (IDP to SP). With modern authentication via SAML SSO, OneLogin sub-admin users enjoy pre-provisioned access to resources appropriate to their project role and none they shouldn’t see. Access is further secured with adaptive multi-factor authentication (MFA) to ensure my users prove who they say they are and may only access applications if the conditions are appropriate.
Password-less login to OneLogin with ThinC-AUTH strengthen the entrance of OneLogin world. This strong authentication is maintained with SAML federation to all trusted chains and their connected applications. There are various options to stregthen OneLogin login, but we recommend to adopt the strongest methods by use of stand alone, cyber attack immune ThinC-AUTH, which maintains all users credential in the physically separated USB dongle.
OneLogin Service
Video for setting ThinC FIDO2 Login to OneLogin
- Single Sign-On (SSO) : With OneLogin’s SSO portal users only have to enter one set of credentials to access to their web apps.
- Real-Time User Provisioning : Automating the user provisioning lifecycle reduces errors and streamlines access control based on role, department, location, title and other attributes.
- Adaptive Multi-Factor Authentication ; Policy-based MFA prevents unauthorized users from accessing corporate data with passwords alone. Use our MFA application or a pre-integrated solution.
- Unified Directory : Synchronize users with any number of directories, such as Active Directory, LDAP, Workday, or Google Apps.
- Compliance Reporting & Analysis : Reports give instant insight into login activity, application utilization, weak passwords, and more.
Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role in how information security, personal computers and users are managed. This whitepaper describes how OneLogin securely connects your Active Directory infrastructure to OneLogin and your cloud applications.
There are several other advantages to directory integration besides enabling users to sign into applications with the existing network credentials:
- Eliminate passwords—The combination of SAML-based single signon and OneLogin’s AD integration eliminates passwords for all the applications that support SAML. Fewer passwords mean reduced IT workload and increased security.
- Unify multiple directories—For organizations that have their user base spread over multiple directories, OneLogin can combine and present them as one, unified directory to other applications for federation via SAML.
- Avoid point-to-point application integration—Some applications can delegate authentication to a directory via LDAP; however, as the number of applications increases, the cost of maintaining the integrations increases, and your firewall ends up
- Centralized access control—Instead of signing into applications directly, users must authenticate via the identity provider, subject to multiple authentication factors.
- Centralized audit trail—All sign-in activity is recorded in a centralized audit trail, which simplifies compliance and enables cross-application analysis.
- The rest of this white paper goes into more detail about how OneLogin integrates with AD. (Note that a similar white paper exists about OneLogin’s LDAP integration.)