Avari Solutions

OneLogin Identity Platform

With OneLogin's single sign-on portal users only have to enter one set of credentials to access to their web apps in the cloud and behind the firewall – via desktops, smartphones and tablet. Transform enterprise security and centralise control of users, apps and devices with cloud-based identity and access management.

Features

  • ingle Sign On to access all Web and Corporate apps
  • Policy-driven password security and multi-factor authentication
  • Implement demanding password policies; length, complexity, reuse restrictions
  • Session timeout and self service reset policies
  • Single password login to different instances of same app
  • Unify Active Directory, LDAP, G-Suite, Workday directories
  • Centralised access control with rich audit trail
  • Machine learning to identify security risk and prompt multi-factor authentication
  • Restrict by IP address and enforce multi-factor authentication

Benefits

  • Cut costs, enhance security and improve user experience
  • Unify multiple directories into single cloud directory and save time
  • Automate onboarding/offboarding of users, reduce errors and save time
  • Reduce support overhead
  • Simplify Compliance with one click audit reports

Pricing

£20.40 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ross.garman@avari.solutions. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 5 2 6 7 8 0 8 3 6 2 7 5 4 0

Contact

Avari Solutions Ross Garman
Telephone: 08450360040
Email: ross.garman@avari.solutions

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Onelogin does not have any constraints except for connections to Active Directory. The hardware requirements in which our connector is to be installed is as follows
• .NET 3.5 Framework (no other versions are supported)
• Windows Server 2008+, 2012+. (Core editions are currently not supported, but the service can be installed on any domain member server in your network).
• Pentium 4 Processor or better
• 512 MB RAM
• 120 MB Available hard drive space (Configurable to less than 50)
System requirements
Not Applicable

User support

Email or online ticketing support
Email or online ticketing
Support response times
2 Hours, Mon-Fri 09:00 - 17:00
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Standard
Premium
Premium Plus
Support available to third parties
No

Onboarding and offboarding

Getting started
Avari have various levels of support for new technologies, please contact info@avari.solutions for full details.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
In PDF format or to a CSV file if preffered. No additional costs either way.
End-of-contract process
The contact is renewed via tacit relocation if no intervening communication.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
OneLogin’s mobile application has been designed to have the same look and feel as the desktop. The only difference is that a user will be required to enter a pin number on their device to authenticate into the OneLogin application.
Service interface
No
API
Yes
What users can and can't do using the API
Onelogin provides a full set of Restful APIs. Facilities include
• User management – Full create, update and delete functionality
• SAML Assertions – Generate SAML assertions
• Obtain list of applications for a user
• Manage applications available for a user.

The API can easily be accessed using standard RESTful techniques.
API documentation
Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The presented pages can be fully branded using company images and corporate colour schemes.
Emails and displays can be customised to show different words.
Localisation can also change the language that is presented.
The list of applications for each customer is very unique.
Custom attributes for each user can also be used.

Scaling

Independence of resources
OneLogin is hosted on Amazon Web Services and is designed to be fully scalable and resilient. It has been tested to support millions of concurrent users.

Analytics

Service usage metrics
Yes
Metrics types
OneLogin stores a full list of Events that include user authentication, accessed applications and administrative functions performed.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Okta, Checkpoint, Varonis, Splunk, Centrify, Onelogin, Imprivata, Onelogin, Azure

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Dependent on support package with OneLogin
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Other
Other protection within supplier network
Data encryption

Availability and resilience

Guaranteed availability
Onelogin is hosted on AWS whcih is highly resilient and available. Should any down time occur this is refunded in additional time or days on licenses at the end of the agreement.
Approach to resilience
AWS has built-in in resilience that Onelogin automatically uses.
Outage reporting
All outages are announced on https://www.onelogin.com/why-onelogin/trust

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
AD/LDAP
Access restrictions in management interfaces and support channels
Onelogin works on the principle of least privilege access. Therefore a user needs to be given the rights to access management interfaces.
Access restriction testing frequency
Never
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
The Tuv Nord Group, which is accredited under DAkkS
ISO/IEC 27001 accreditation date
Nov 2014
What the ISO/IEC 27001 doesn’t cover
The Tuv Nord Group, which is accredited under DAkkS, performs the audit and the certification. It was awarded in November 2014 and lasts for three years. It covers all of Onelogin’s services to support OneLogin’s Enterprise Identity and Access Management solution.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
August 2014
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
The certification only covers the OneLogin service.
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Enterprise level firewall appliance which has regular intrusion tests.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Supplier Defined
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Supplier Defined
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Supplier Defined
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents may be reported via phone, email or other messaging system, then the incident is logged on our internal CRM System which is then ticketed. And then handled in line with our MSA,

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£20.40 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full license for up to 28 days.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ross.garman@avari.solutions. Tell them what format you need. It will help if you say what assistive technology you use.