We’re seeing a lot more discussion on the topic of single-sign on for SaaS environments. The issue is becoming more important as security emerges as a top concern for companies considering making the move to cloud-based environments.
OneLogin is a new company that offers single sign-on, cloud-based service that allows for small and mid-sized companies to enjoy the same level of security as large enterprise companies.
Most small companies do not deploy security methods that employ SAML, (Security Assertion Markup Language) an XML-based standard for exchanging authentication and authorization data between security domains. It’s expensive to deploy. Open-source tools do exist but require someone to understand how it works and deployed in a work environment.
OneLogin configures a browser to give the experience of a single sign in. It bypasses the traditional user name/password system, which often has gaping security holes.
To us, this is a big reason why the new breed of SaaS services are not taken seriously by security conscious enterprise customers. The security can not be trusted.
With OneLogin, a person would be directed to a login page that would automatically fill-in the information for the person. The person is provided their own OpenID account. OneLogin knows the person’s session so no second authentication is required.
OneLogin’s infrastructure sits in the cloud, which means that a customer does not have to maintain dedicated servers and people to keep the system working.
There is no install. Rackspace hosts the web server and the database.
Two-factor authentication is available. People may use a Yubi key, which used a USB port to plug in and activate a random number authorization. People may also soon be able to use Verisign’s VIP service that gives a mobile device the capability to generate a new password every 30 sec. You then input the number within 30 seconds to receive permission.
The OneLogin service works on most SaaS services, including Google Apps. There is a free service. For SAML capabilities, the cost is $8 per user per month.