Onelogin- SaaS App review #1: The Good, Bad and Ugly- Nice SaaS SSO App

2010 March 4
tags: , , ,
by Justin Pirie

I’ve been getting feedback from people that know me well, that I don’t share enough of my core SaaS product expertise on the blog. This post is the first in a series of product reviews of SaaS applications- The Good, The Bad and The Ugly…

The first app I wanted to review was onelogin, a really nice SaaS password management tool for web applications.

Onelogin Home Page

Security is the number one concern of buyers of SaaS, yet because SaaS is so decentralised, security is democratised to each application unless each application integrates individually with your company directory.

Onelogin works by installing a browser extension which effectively pastes the credentials into the app and logs you in.

It’s simple, yet effective, and supports all the major browsers- IE, Firefox, Safari and pleasingly for me, Chrome. Because it supports the major browsers, it also supports the major OS’s- Windows, Mac, Linux.

Onelogin Chrome Extension

To use it, you simply click on the extension, and it takes you to https://app.onelogin.com/client/apps where you get a display of your apps- not unlike firefox or chrome speed dial.

You simply click on the relevant app and it logs you straight in.

I really like the approach to improving the security of SaaS apps; by having a centralised password you can have more secure passwords throughout your network of apps because you don’t have to remember them all. For added protection, you can even have two factor authentication with a yubikey. For organisations with a directory, like Active Directory and LDAP, directory integration is available.

So apart from the lovely UX (User eXperience), the other thing that really impressed me was the sheer number of applications that are supported- literally everything I could want. The reason for this is the integration is so easy, there’s barely any work to do.

This is onelogin’s biggest strength and it’s biggest weakness.

Because it’s not tightly integrated into the app, it can’t do any serious heavy lifting within the app, so you can’t provision and de-provision users, set up security on a role basis etc, you’ve got to do that manually.

I guess there is a trade off, simplicity and easy integration, or few apps on the platform.

The other concern I have is de-provisioning. Because onelogin doesn’t set the passwords for the external application, revoking rights on onelogin does not revoke rights in the app, which means you could revoke the onelogin account and the user could still access the information. It’s a minor concern, but one people should be aware of.

But all said and done, I think it’s a fantastic SSO for small organisations that use a lot of SaaS. I think it especially helps to create a speed dial, to help new users to adopt multiple SaaS apps and improve the productivity of existing users.

The Good:

  • Beautiful UX (User eXperience)
  • Simple, easy to use, easy to set up
  • Cross Platform and Cross Browser Support (make everyone happy!)
  • Autologin from email links- nice
  • 2 factor authentication available
  • Directory Integration (AD, LDAP)
  • Easy to add new apps (including custom apps)

The Bad:

  • Doesn’t do role based security, only application level

The Ugly:

  • De-provisioning doesn’t delete or lock the applications, only prevents access to onelogin

An 8 out of 10 for me at the moment, could be a 9 if it de-provisioned users and a 10 if it did role based security.

from → SaaS

  • Just had a great chat with Thomas, one of the founders of Onelogin- I'm really impressed with him and what he's achieved in such a short space of time. I was delighted to hear that they're well aware of the issues raised and they're firmly on the roadmap.
blog comments powered by Disqus