After my recent post about LastPass, Thomas Pedersen, a Zendesk alumnus and founder of SaaS password management tool OneLogin flicked me an email with an invitation to try out their product. OneLogin works via a browser extension which effectively pastes the credentials into your application and logs you in. OneLogin supports all major browsers – IE, Chrome, Firefox and Safari.
Using OneLogin is simple – you click on the extension, and you’re presented with a dashboard displaying all the applications you have access to. From there you simply click on the particular app you want and it logs you straight in. For even higher level protection, you can use two factor authentication with a yubikey. And, unsurprisingly considering it’s enterprise focus, OneLogin supports Active Directory and LDAP
For organizations that use a number of SaaS apps, OneLogin gives administrators the ability to centrally manage application access for their users.
Of course OneLogin can only be used (out of the box) with the applications it’s currently integrated with, I put this to Pedersen, suggesting that tools like LastPass would lessen the broad appeal of OneLogin. His response:
LastPass (saw your post by the way) is definitely consumer and doesn’t address many of the issues we do. The big difference is that OneLogin deals with apps as structured entities that have logical properties (such does this app support SAML? Does this app support OpenID? Do we require an extra auth step for this app?), while LastPass is still just a form-filler.
I went on to suggest that the recently announced Google Apps Marketplace, with it’s out of the box SSO offering, would also eat into OneLogin’s addressable market. Again Pedersen countered with an argument saying:
I think it’s natural to conclude as you did, but I don’t think SSO is really Google‘s focus. It’s just something that makes their marketplace work better… there are many apps that will never be on Google’s marketplace and we provide functionality that they don’t. Many of our customers use 15-25 different apps, most of which will never be there.
Pedersen went on to name a slew of use-cases that Google’s Marketplace approach would not work for:
- Multiple logins to the same app (we have customers with multiple different logins per app)
- Shared logins (for FedEx, GoToMeeting, Twitter etc)
- Active Directory integration
- Integration with in-house, behind-the-firewall apps
- Two-factor authentication
Anyway – as a service OneLogin works fine. For my own use LastPass suits me fine but remember that I’m not an enterprise user – those working with large numbers of users that need lots of apps provisioned at once, and attracted to a central application dashboard would do well to give OneLogin a look over – the fact that it can be used with on-premise applications really plays into the hands of it becoming a powerful complete application management offering.
Update – Scott McMullan from Google contact me to clarify that:
Marketplace apps that SSO to Google Apps using OpenID DO work in the following scenarios:1) company is using LDAP/Active Directory (this is because Google Apps supports SAML integration in to these dirs, which the Marketplace apps then “pick up for free”)