This week OneLogin Desktop graduates exciting new features from Beta to Release, and I’m thrilled. Using it over the last couple of weeks has been remarkable; I have a simpler way to access all my applications within the office with greater security. And when I leave the office, the difference is even more striking.
So what is OneLogin Desktop?
OneLogin Desktop is a new kind of endpoint management. It enrolls your laptop or desktop computer with the OneLogin Cloud Directory, and creates a secure profile on your machine that can only be accessed with your OneLogin Cloud Directory credentials. And once you are in your new secure profile, you can access web- and desktop apps as you please, without entering your credentials again. In other words, once you login to your operating system, you don’t need to login again to access your OneLogin Application Portal and SAML-enabled apps. You only login once!
Of course OneLogin Cloud Directory can broker that authentication to validate you against Microsoft Active Directory, Google Apps, an OpenLDAP directory, or any other directory you have set up in OneLogin. More and more of our customers are using the OneLogin Cloud Directory as the master, and simply living in the cloud. This has multiple tangible benefits, such as:
- You don’t need a server room of your own anymore to run your company.
- Users are connected whenever they are on the internet; there is no “DOMAIN” to join, no VPN to curse at on the weekends.
- You can scale your company faster and with less internal resources.
Taking the natural next step and enabling OneLogin Desktop, you get even more benefits:
- Security is improved with an implicit “something you have” factor: a certificate specific to you, installed on your machine.
- The admin has visibility into which devices in the organization are trusted, i.e., have this certificate.
- The risk of laptop loss becomes the risk of losing the replacement cost, since admins can instantly remove lost or stolen machines from the trust list.
- Work is easier to get done, so more work gets done.
So what is it like to use OneLogin Desktop? Let me break it down:
First, you authenticate against the machine:
Sweet. Now I am logged into my machine. The Cloud Directory has a record of the authentication, and when and on what endpoint it occurred.
After verifying that my certificate is still valid, and the conditions of the Security Policy assigned to my user are satisfied, my browser opens with my OneLogin entrypoint to all of my applications.
Now when I go into Salesforce, or Google, or any other web application, I authenticate invisibly, with a secure handshake extending my OneLogin session to those applications. That presentation you need to review on the weekend before your dinner plans? Seamless access make it a lot less painful. You need to quickly log into OneLogin Cloud Directory to disable an end user? Done in less than a minute. Need to collaborate on a document while on your morning train commute? No need to fumble with your phone for an OTP while on the train.
And check this out — my desktop apps open like a dream too. Let me catch up on Slack before the crazy week…
Step 1
Step 2
Step 3
Nice. Zero friction there. Oh crap; after logging in to Slack I see a call is just about to start about our Asia expansion. I need to start that in… 1 minute! So I fire up RingCentral.
Do I want to allow access to the key? Oh yes, yes I do. Use that key! Sign me in! Better than typing in my 33 character password.
Again, sweet. 55 seconds to spare. Let me put on those headphones and debate whether the new office should be in Tokyo….
So over the last couple of weeks my life has gotten simpler, since work has become easier, and less disruptive. But earlier I said it was more secure. Why is that?
Suppose you have a well thought-out identity policy at your office. This policy requires multi-factor authentication for sensitive applications all the time, and for authenticating to anything when you are not in a known location. That is, if you login from home, you have to enter a password, and then enter a one-time password generated by an app or a hardware device before you gain access. But at work you just need to enter a username and password. I mean, your corporate office is arguably a more trustworthy place than the local Starbucks or even your home office.
Except that it often isn’t. There can be malicious employees, but also people you don’t know are often circulating through your office. Suppose someone sees you type in a password, and then from within the office network walks up to a computer and logs in as you? There is no second factor to protect your information.
OneLogin Desktop installs a certificate bound to a person and a device, within a protected device profile. This makes my machine “trusted” in a special way, that no one else’s machine in the company can be. And it’s quicker than pulling out my phone to respond to an multi-factor authentication request.
So there you have it, better security, less friction for employees, and an enterprise that moves faster and gets more done. Which is why if I ever have a choice of computers to do work, it will always be a OneLogin Desktop for me.
We’ll be making OneLogin Desktop for Mac 2.0 available to customers later this week, with OneLogin Desktop for Windows 2.0 expected in Q4.
Learn more about OneLogin Desktop: