OneLogin
OneLogin, Inc. is a cloud-based identity and access management provider that designs, develops, and sells a unified access management system platform to enterprise-level businesses and organizations. Founded in 2009 by brothers Thomas Pedersen and Christian Pedersen, OneLogin is a late stage venture, privately held company.
OneLogin was named a visionary in the Gartner Magic Quadrant for Access Management. The OneLogin UAM platform is an access management system that uses single sign-on and a cloud directory to enable organizations to manage user access to on-premises and cloud applications. The platform also includes user provisioning, lifecycle management, and multi-factor authentication.
OneLogin is based in San Francisco with a developer office in Redmond, Washington, as well as London and Guadalajara. The company hosts an annual Connect user conference.
History
OneLogin was founded in 2009 in San Francisco by Thomas and Christian Pedersen. The brothers were involved with the on-demand help desk application, Zendesk, before launching OneLogin. Through their interactions with Zendesk customers, the founders realized that companies were encountering security and productivity challenges moving into the cloud. They came up with the idea of building an identity and access management solution that was secure and easy to use.OneLogin officially launched in 2010 with a seed round of funding and a $4.7M Series A round. From 2013 through 2017, the company raised an additional $48M, with an additional $22.5M raised in 2018.
In August 2017, OneLogin appointed Brad Brooks as chief executive officer. In 2018, Matt Hurley was hired as Vice President of Global Channels and Venkat Sathyamurthy was appointed Chief Product Officer.
In January 2019, OneLogin received $100 million in a debt and equity deal.
Products
OneLogin's Unified Access Management Platform includes:- Single sign-on
- Cloud directory
- Directory integrations
- User provisioning and lifecycle identity management
- Multi-factor authentication
- Adaptive authentication
- Mobile Identity Management
- Virtual LDAP
- Cloud RADIUS
- Desktop for authentication via Mac or Window machines
- Access for integrating legacy applications
Customers
Funding
OneLogin is backed by the venture firms Charles River Ventures, The Social Capital, and Scale Venture Partners. Its venture funding includes:- $4.7M Series A in June 2010
- $13M Series B in October 2013
- $25M Series C in December 2014
- $10M Series C May 2017
- $22.5M Series C in June 2018
- $100M Series D in January 2019
Acquisitions and partnerships
- In December 2015, OneLogin acquired San Diego-based Cafésoft, a provider of on-premise Web Access Management software. The technology enables OneLogin to extend Single Sign-on to applications running on-premises.
- In June 2016, OneLogin acquired Santa Clara, California-based Portadi, a cloud-based password management tool. The technology enables OneLogin to automatically populate customer's OneLogin single sign-on portals with applications as employees manually sign into them.
- In September 2016, OneLogin announced a partnership with Deutsche Telekom’s T-Systems to resell OneLogin within the European Union. Other global partners include CDW, SHI, Gotham, Guidepoint, MicroAge, Infosys, Hermitage Solutions, and TechMahindra.
- In November 2016, OneLogin acquired London-based Sphere Secure Workspace, a software vendor with container technology that runs on mobile devices.
- In June 2017, OneLogin acquired Auckland, New Zealand-based ThisData, a developer-focused cloud security company specializing in account takeover detection. The technology has been used to enable OneLogin’s adaptive authentication solution, which uses machine learning to intelligently score the risk of each login attempt, and challenges users making high-risk logins to use an additional authentication factor.
Recognition
- May 2015: Forrester Research ranked OneLogin as the top vendor in the Forrester Wave for Cloud Identity & Access Management.
- December 2015: OneLogin named a "Best Place to Work" by Glassdoor.
- January 2016: OneLogin ranked 28th on Deloitte’s Technology Fast 500.
- March 2016: OneLogin named to the "Fast 50" privately held Internet security, networking, and storage companies by JMP Securities LLC.
- April 2016: OneLogin named one of Fortune's Top 25 Workplaces in the Bay Area - SMB
- July 2017: Gartner Peer Insights ranks OneLogin #1 among Access Management providers.
- August 2018: OneLogin makes the Constellation ShortList for Cloud Identity Management vendors.
- September 2018: OneLogin featured with a 4.6 rating in Gartner's peer insights Reviews for Access Management.
Availability
Security
In August 2016, OneLogin reported that "an unauthorised user gained access to one of our standalone systems, which we use for log storage and analytics." The single user accessed the service for a month or more, and may have been able to see Secure Notes unencrypted. To remediate, OneLogin fixed the cleartext logging bug, locked down access to the log management system, and reset passwords.OneLogin remained available and performant during the October 2016 attack on Dyn, a major provider of DNS services, which brought down many websites, including Spotify, Twitter, Reddit, and The New York Times, in part by using redundant DNS providers.
On May 31, 2017, OneLogin detected and stopped unauthorized access in their US data region. According to a OneLogin blog post on the breach, "a threat actor used one of our AWS keys to gain access to our AWS platform via an API from an intermediate host with another, smaller service provider in the US."
OneLogin staff detected the intrusion in seven hours, faster than Cisco's estimated industry average of 100–200 days to detect a breach and FireEye's 146 days to detect a breach, and slightly faster than Cisco's best median TTD of nine hours to discover security issues. OneLogin staff stopped the intrusion within minutes, significantly faster than the industry average of 100–120 days to remediate existing vulnerabilities.