Category Archives: App

Onelogin embarks on a mission to strengthen overall privacy and security

General Data Protection Regulation (GDPR) based in the European Union, is on the radar of most companies including OneLogin. The GDPR is a whole unique animal. The best analogies are that GDPR is akin to Sarbanes-Oxley in the naughts.

While it is essential to adopt the frameworks and regulations, below are the significant areas that OneLogin is working upon to strengthen the overall security and privacy. Some of these will be complete closer to May 2018.

Processes and Policies.

Their long-standing devotion to aligning to respectable privacy frameworks has made such an effort minimal. Nevertheless, taking a “blank page” approach to redrawing data flows as well as building a very detailed data mapping diagrams is an area which they spent a fair amount of time. It was an essential exercise to discover items that might have been overlooked.

Contract Language.

Privacy requirements specific to contract language is part and parcel of many privacy and security frameworks, and GDPR is not an exception. Some contact verbiage which requires being crystal clear includes the following; data breach notification language (Article 34), data processors responsibility applicable to data controllers (Article 28) and use of subcontractors (Article 28).

The changes have been merged into the standard MSA and the Data Processing Agreement. Also, they work with customers to obtain the best language in place which works for all parties.


They had a sound plan for addressing the Data Protection Officer (DPO) requirement earlier on, although this is an instance of article 29 (issued in late 2016) that contained practical party guidance and led to best GDPR plans for change. They leverage an external independent legal counsel situated in the EU to work as their DPO to meet the GDPR requirements (Article 37-39).


Over and over again, new regulations require the birth of further attestations or certifications, and some existing providers adapt to existing programs to cover GDPR. An independent review will be conducted closer to May 2018. It will see to it that there are all ducks in a row. Also, a more official GDPR certification is bound to crystallize over time (Article 42).

Learn more about OneLogin:

One secure sign-in for all apps: OneLogin

Many manufacturers and companies prefer the use of one login because it ensures increased productivity and security of data. The single sign-on portal enables the user to access their web apps in the cloud through their computers or smartphones.

The single sign-on services provided by one login help in rolling out new applications to the entire organization regardless of time and location.

One login has a secure directory in the cloud with an intuitive web-based interface. The company can manage its users through this. Authentication of policies, relationship issues, and access control are made easier through this directory.

The company is able to synchronize users with several directories like LDAP, Workday, active directory or Google apps. They can import custom user attributes and pass them on to a downstream app.

  • Web Access Management integration.

Web Access Management allows for integration with company’s web servers hence secure access to the user’s custom and commercial web applications. Commercial web applications like SAP Net Weaver and Oracle people Soft can be integrated using existing configuration templates.

There is tight integration of one login cloud directory for SaaS apps and one login WAM. This enables the premises applications easier for the people, enabling them to have a more efficient IT department.

One login has an adaptive authentication. Through the use of machine learning which determines when to allow users for multi-facet authentication. A broad set of inputs including devices, networks, geography and time are used to build a user profile to score the risks of new login attempts.

  • Automated processes

An automated on board and off board processes. These reduce human involvement and streamline access control. These are based on the department, role, location, and title among other attributes. Applications can be down streamed within seconds through the synchronized directory. This provides an effective user kill switch that can help minimize exposure.

One login provisioning enables the companies to import custom user attributes from external directories. These are then pushed to apps that support them like Samange and Jive.

When the company empowers its enterprise through one login, it is easier to make choices hence positive returns!!