What needs improvement with OneLogin by One Identity?

There have been some outages over the years. The uptime has not been great recently, with some outages lasting six, seven, or eight hours. Improvement in the stability of the infrastructure would be beneficial.

I'd like it to have a customization section that displays the company's offerings, categorized by different topics. Ideally, there would be a user-friendly feature at the top allowing individuals to pick and choose the topics they're interested in, essentially creating a personalized experience.

One issue was related to the downtime. They have downtime twice a year or once in six months. During the downtime, the SSO page did not come up. When users wanted to get to their email, they were redirected to the OneLogin page, but the page did not come up, and MFA and logins failed. It completely crippled us. In those moments, people did not want to hear about a single pane of glass. We did try to solve it, but it caused issues. Their uptime is 97% or 98%, but most companies prefer 99.9% uptime.

While I initially used OneLogin's desktop feature to extend SSO, I discontinued it two years ago due to limitations. Firstly, the feature lacked day-one support for new macOS versions, forcing me to postpone system updates until OneLogin released a compatible update. Additionally, our adoption of Jump Pro for mobile device management necessitated the use of their native Jump Connect product for broader access management, rendering the OneLogin desktop feature redundant. We're using Meraki, and even though the OneLogin integration works fine, it doesn't pass one specific tag that Meraki just ignores. I've been back and forth with both Meraki and OneLogin support trying to figure it out, but they keep blaming each other.

The tool must be made more robust.

We've been a OneLogin customer for several years now. While I like the platform, there have been some challenges. A great example is the amount of work needed with that webhook for the enrollment user experience. This functionality is native to some competing products. That's one area where we've leaned on our account rep over the years. They shouldn't rely on the customer to make this experience better. This is one feature request that hasn't been implemented yet. At the same time, they've implemented other features we've requested. One is the ability to use a personal email address as a factor. Initially, they didn't have that. We pushed hard on our account team for about two years before it was finally released. It's a give-and-take. Some of the product's features aren't perfect, but we've had some success pushing fixes to the development team that needs to happen. They've done a decent job. However, there are some fixes that they don't have an interest in. A lot of what I described was before OneLogin was acquired by Quest/One Identity. Things have changed. It doesn't feel like they're driving the product as OneLogin was. It may be because it's a new product to them, and they're still trying to get the lay of the land, process feature requests, etc., but it's not moving as fast as before. We've been experiencing some pain points since the acquisition. For example, there have been some outages we didn't see previously, which are a big topic with my executive team. You have hundreds of applications relying on this service for login. If the service is unavailable, nobody can log into these applications. The issues have high visibility. It's gotten better, but it's still there. It raises questions about whether One Identity can support the platform they've acquired. How are they enhancing the product? And how are they supporting the product and the service in the future? Those are two essential questions. There are also lots of nice-to-haves, but that's the case with any product.

This product doesn't necessarily provide us with all of the functionality that we need, such as being able to share passwords with external users. It does with regards to single sign-on solutions but there are other non-single sign-on tools that we utilize. For example, we use LastPass for some of our services because it allows us to share passwords with external vendors. This solution needs to offer better management of non-single sign-on applications. It should offer the ability to provide secure password management, with either an external party and/or better sharing. In that same bracket, it would be nice to have password management where the websites or the tool requires two-factor authentication. In LastPass, you can support the one-time password if it's embedded into the LastPass profile for that application, which means that multiple users can use that from within LastPass. Having that feature and being able to do that in OneLogin would be huge.

One area where Onelogin may improve is on the Onelogin Desktop reporting side. Onelogin does provide reporting on the devices in the admin portal, but data is not updated and only written at the installation of the application.

We use the solution SmartFactor Authentication to adjust authentication flows in real-time, depending on the risk score associated with the login attempt. I honestly haven't found that as useful. It's helpful, however, I've run into an issue where it blocks people from signing in. Essentially, if I'm not paying attention to such and such person failed to log in, it doesn't seem like there's an easy way to alert the admin, "Hey, this person was blocked from signing in and cannot sign in at all," even if they're attempting a legitimate sign in. Therefore, while we do utilize it, we keep it at the highest level, just so that if users are traveling, they will not be bothered most of the time by it. For now, the only thing that needs to improve is the support. I used to have a really good support experience. I'm not sure now that they were acquired by One Identity, it seemed like that changed. It could just be growing pains, however, I feel like their support lately needs some improvement. The product itself works great. I would like better reporting from SmartFactor Authentication when a user is not able to sign in due to a new location, new IP, new device, et cetera. That would definitely help.

When you offboard someone on OneLogin, there's this checklist of stuff. However, basically, you have to manually click on this checklist, each of the checkmarks. It would actually be really nice if, for offboarding someone, you just click "offboard" and it automatically runs a script to do that. It's not like a massive amount of time. Still, it'd be kind of nice just to hit one button and be say all right, I've offboarded these people. I click the button and they're out. I'm a cybersecurity guy and I found that the two-factor authentication offering they have (if you don't buy one of their other products) is pretty basic. It'd be nice to have something a bit more advanced included, however, that's probably just me wishing.

With OneLogin, I haven't found anything that I thought particularly needed an upgrade. The features that they have provided are absolutely fine with me. When it comes to our organization's requirements, it changes from time to time, so the features we need might change in the future as well. In terms of managing the users on a large scale, it would be easier if they had some kind of user management portal. Device management could be added to the solution. Users should be able to have a custom device added to the enterprise edition of the portal. From there, users should be able to add any device and use the solution to login. The user management is supplied via a plugin and should probably just come standard within the solution itself.

OneLogin needs to increase the number of connectors available out of the box to connect to the different endpoints. The number of out-of-box connectors should be increased. If more of the out-of-box connectors are made more available, the product would be improved. I believe that the user interface can be a little better on OneLogin. The downtime with OneLogin is something that will keep improving, but it's fine. The pricing is quite competitive compared to other products. I would like to see easier UI customization and things like that. It should be easier to configure the settings of OneLogin based on the customer's needs.