OneLogin

OneLogin is a cloud-based Identity Provider (IdP) designed for workforce and B2B access management, providing secure and seamless access to applications through standards-based SSO, adaptive MFA, and automated provisioning. It supports OpenID Connect (OIDC), OAuth 2.0, and SAML 2.0, offering flexible integration options for SaaS and on-premises apps.

Key Capabilities

• Standards-based SSO: Acts as an OIDC/OAuth 2.0 provider with discovery endpoints and token issuance, and as a SAML 2.0 IdP supporting both catalog-based and Custom Connector (Advanced) configurations for non-standard apps.

• Adaptive MFA (SmartFactor Authentication): Enforces risk-based MFA policies that evaluate context such as device, location, and network. Supports WebAuthn/FIDO2, OneLogin Protect (OTP/push), SMS, voice, and email authentication methods.

• Provisioning (SCIM 2.0): Automates user and group lifecycle management across numerous target systems, such as AWS IAM Identity Center and LinkedIn Learning using SCIM 2.0 integrations.

Limitations

• Advanced OAuth profiles: Documentation focuses on standard OAuth/OIDC functionality; there is no public confirmation of support for Pushed Authorization Requests (PAR), DPoP, or mTLS-bound tokens.

• SaaS-only delivery: OneLogin is fully cloud-hosted and does not provide an on-premises deployment option.

• Portfolio overlap: Following the One Identity acquisition, customers should verify product naming, integration compatibility, and roadmap alignment when deploying alongside other One Identity tools.

• Refresh token and scope variability: The OneLogin OIDC provider implements specific refresh token policies and supported claim sets; developers should confirm metadata and behavior in the provider configuration before production use.