OneLogin

OneLogin was founded in 2009 in San Francisco by Thomas and Christian Pedersen. The brothers were involved with the on-demand help desk application, Zendesk, before launching OneLogin. Through their interactions with Zendesk customers, the founders realized that companies were encountering security and productivity challenges moving into the cloud. They came up with the idea of building an identity and access management solution that was secure and easy to use. OneLogin officially launched in 2010[4] with a seed round of funding and a $4.7M Series A round. From 2013 through 2017, the company raised an additional $48M, with an additional $22.5M raised in 2018. In August 2017, OneLogin appointed Brad Brooks as chief executive officer.[5] In 2018, Matt Hurley was hired as Vice President of Global Channels[6] and Venkat Sathyamurthy was appointed Chief Product Officer.[4]

In January 2019, OneLogin received $100 million in a debt and equity deal.[7]

OneLogin's Unified Access Management Platform includes:

• Single sign-on
• Cloud directory
• Directory integrations
• User provisioning and lifecycle identity management
• Multi-factor authentication
• Adaptive authentication
• Mobile Identity Management
• Virtual LDAP
• Cloud RADIUS
• Desktop for authentication via Mac or Window machines
• Access for integrating legacy applications

OneLogin is deployed by over 2000 companies worldwide, from high-growth tech companies like Airbnb, Uber, and Facebook to well-established global multinationals such as Airbus, Du Pont, Royal Mail, Herman Miller, and Dun & Bradstreet.[8]

OneLogin is backed by the venture firms Charles River Ventures, The Social Capital, and Scale Venture Partners. Its venture funding includes:[9]

• $4.7M Series A in June 2010
• $13M Series B in October 2013
• $25M Series C in December 2014
• $10M Series C May 2017
• $22.5M Series C in June 2018
• $100M Series D in January 2019

• In December 2015, OneLogin acquired San Diego-based Cafésoft, a provider of on-premise Web Access Management (WAM) software. The technology enables OneLogin to extend Single Sign-on to applications running on-premises.[10]
• In June 2016, OneLogin acquired Santa Clara, California-based Portadi, a cloud-based password management tool. The technology enables OneLogin to automatically populate customer's OneLogin single sign-on portals with applications as employees manually sign into them.[11]
• In September 2016, OneLogin announced a partnership with Deutsche Telekom’s T-Systems to resell OneLogin within the European Union (EU).[12] Other global partners include CDW, SHI, Gotham, Guidepoint, MicroAge, Infosys, Hermitage Solutions, and TechMahindra.
• In November 2016, OneLogin acquired London-based Sphere Secure Workspace, a software vendor with container technology that runs on mobile devices.[13]
• In June 2017, OneLogin acquired Auckland, New Zealand-based ThisData, a developer-focused cloud security company specializing in account takeover detection. The technology has been used to enable OneLogin’s adaptive authentication solution, which uses machine learning to intelligently score the risk of each login attempt, and challenges users making high-risk logins to use an additional authentication factor.[14]

• May 2015: Forrester Research ranked OneLogin as the top vendor in the Forrester Wave for Cloud Identity & Access Management.[15]
• December 2015: OneLogin named a "Best Place to Work" by Glassdoor.[16]
• January 2016: OneLogin ranked 28th on Deloitte’s Technology Fast 500.[17]
• March 2016: OneLogin named to the "Fast 50" privately held Internet security, networking, and storage companies by JMP Securities LLC.[18]
• April 2016: OneLogin named one of Fortune's Top 25 Workplaces in the Bay Area - SMB[19]
• July 2017: Gartner Peer Insights ranks OneLogin #1 among Access Management providers.
• August 2018: OneLogin makes the Constellation ShortList for Cloud Identity Management vendors.[20]
• September 2018: OneLogin featured with a 4.6 rating in Gartner's peer insights Reviews for Access Management.[21]

OneLogin runs in multiple Amazon Web Services (AWS) datacenters in the US, as well as in AWS Dublin and AWS Frankfurt.[22]

In August 2016, OneLogin reported that "an unauthorised user gained access to one of our standalone systems, which we use for log storage and analytics." The single user accessed the service for a month or more, and may have been able to see Secure Notes unencrypted. To remediate, OneLogin fixed the cleartext logging bug, locked down access to the log management system, and reset passwords.[23]

OneLogin remained available and performant during the October 2016 attack on Dyn, a major provider of DNS services, which brought down many websites, including Spotify, Twitter, Reddit, and The New York Times, in part by using redundant DNS providers.[24]

On May 31, 2017, OneLogin detected and stopped unauthorized access in their US data region. According to a OneLogin blog post on the breach, "a threat actor used one of our AWS keys to gain access to our AWS platform via an API from an intermediate host with another, smaller service provider in the US."[25]

OneLogin staff detected the intrusion in seven hours, faster than Cisco's estimated industry average of 100–200 days to detect a breach and FireEye's 146 days to detect a breach, and slightly faster than Cisco's best median TTD of nine hours to discover security issues.[26] OneLogin staff stopped the intrusion within minutes, significantly faster than the industry average of 100–120 days[27] to remediate existing vulnerabilities.

• List of single sign-on implementations

• Official website