Avari Solutions

OneLogin Identity Platform

With OneLogin's single sign-on portal users only have to enter one set of credentials to access to their web apps in the cloud and behind the firewall – via desktops, smartphones and tablet. Transform enterprise security and centralise control of users, apps and devices with cloud-based identity and access management.


  • ingle Sign On to access all Web and Corporate apps
  • Policy-driven password security and multi-factor authentication
  • Implement demanding password policies; length, complexity, reuse restrictions
  • Session timeout and self service reset policies
  • Single password login to different instances of same app
  • Unify Active Directory, LDAP, G-Suite, Workday directories
  • Centralised access control with rich audit trail
  • Machine learning to identify security risk and prompt multi-factor authentication
  • Restrict by IP address and enforce multi-factor authentication


  • Cut costs, enhance security and improve user experience
  • Unify multiple directories into single cloud directory and save time
  • Automate onboarding/offboarding of users, reduce errors and save time
  • Reduce support overhead
  • Simplify Compliance with one click audit reports


£20.40 per user per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

6 9 7 0 7 1 4 3 7 0 1 6 9 0 2


Avari Solutions

Ross Garman



Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints Onelogin does not have any constraints except for connections to Active Directory. The hardware requirements in which our connector is to be installed is as follows
• .NET 3.5 Framework (no other versions are supported)
• Windows Server 2008+, 2012+. (Core editions are currently not supported, but the service can be installed on any domain member server in your network).
• Pentium 4 Processor or better
• 512 MB RAM
• 120 MB Available hard drive space (Configurable to less than 50)
System requirements Not Applicable

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 2 Hours, Mon-Fri 09:00 - 17:00
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Standard
Premium Plus
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Avari have various levels of support for new technologies, please contact info@avari.solutions for full details.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction In PDF format or to a CSV file if preffered. No additional costs either way.
End-of-contract process The contact is renewed via tacit relocation if no intervening communication.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service OneLogin’s mobile application has been designed to have the same look and feel as the desktop. The only difference is that a user will be required to enter a pin number on their device to authenticate into the OneLogin application.
Service interface No
What users can and can't do using the API Onelogin provides a full set of Restful APIs. Facilities include
• User management – Full create, update and delete functionality
• SAML Assertions – Generate SAML assertions
• Obtain list of applications for a user
• Manage applications available for a user.

The API can easily be accessed using standard RESTful techniques.
API documentation Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation The presented pages can be fully branded using company images and corporate colour schemes.
Emails and displays can be customised to show different words.
Localisation can also change the language that is presented.
The list of applications for each customer is very unique.
Custom attributes for each user can also be used.


Independence of resources OneLogin is hosted on Amazon Web Services and is designed to be fully scalable and resilient. It has been tested to support millions of concurrent users.


Service usage metrics Yes
Metrics types OneLogin stores a full list of Events that include user authentication, accessed applications and administrative functions performed.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Okta, Checkpoint, Varonis, Splunk, Centrify, Onelogin, Imprivata, Onelogin, Azure

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Dependent on support package with OneLogin
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network Data encryption

Availability and resilience

Availability and resilience
Guaranteed availability Onelogin is hosted on AWS whcih is highly resilient and available. Should any down time occur this is refunded in additional time or days on licenses at the end of the agreement.
Approach to resilience AWS has built-in in resilience that Onelogin automatically uses.
Outage reporting All outages are announced on https://www.onelogin.com/why-onelogin/trust

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication AD/LDAP
Access restrictions in management interfaces and support channels Onelogin works on the principle of least privilege access. Therefore a user needs to be given the rights to access management interfaces.
Access restriction testing frequency Never
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The Tuv Nord Group, which is accredited under DAkkS
ISO/IEC 27001 accreditation date Nov 2014
What the ISO/IEC 27001 doesn’t cover The Tuv Nord Group, which is accredited under DAkkS, performs the audit and the certification. It was awarded in November 2014 and lasts for three years. It covers all of Onelogin’s services to support OneLogin’s Enterprise Identity and Access Management solution.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date August 2014
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover The certification only covers the OneLogin service.
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Enterprise level firewall appliance which has regular intrusion tests.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Supplier Defined
Vulnerability management type Supplier-defined controls
Vulnerability management approach Supplier Defined
Protective monitoring type Supplier-defined controls
Protective monitoring approach Supplier Defined
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents may be reported via phone, email or other messaging system, then the incident is logged on our internal CRM System which is then ticketed. And then handled in line with our MSA,

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £20.40 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full license for up to 28 days.

Service documents

Return to top ↑