Fall 2021 Release: Further Customize User Experiences and Enable Identity Automation at Scale

The leaves are changing, the nights are getting cooler, and the end of the year is fast approaching. For many, the focus right now is ending the year strong, while at the same time, starting to plan for 2022. That’s why it’s extremely important to assess the benefits you have realized over the past year with your identity provider.

And you’re in luck! We’ve got some awesome new updates for you that will help demonstrate the value OneLogin provides so that you can continue to drive operational excellence and improve security within your organization.

Our Fall 2021 Release highlights new features and functionality that enable you to further customize password reset flows, build complex identity automation at scale, improve user adoption of MFA, gain valuable insights into the security posture of your environment, and much more! These new features and capabilities span three key areas:

Read on to find out more!

What are we announcing?

Security

Although the adoption of hybrid work models has greatly benefited organizations and their employees in terms of increased flexibility and higher productivity, security obstacles will continue to keep IT & Security teams on their toes in the months to come. In fact, the UN recently reported that cybercrime is up 600% since the start of the global pandemic. The key is to offer your users the flexibility they need to get access to everyday resources critical to the business without increasing additional security risks.

  • Smart Access User Policies: Smart Access allows you to reduce threat exposure by restricting access based on the user’s location or if they exhibit an unusual pattern of behavior. First-time users, however, will be able to gain authorized access to resources without getting blocked due to high risk. This helps you enforce access denial for logins that are truly high risk and decrease the amount of help desk tickets associated with account lockout for first-time users until the system learns that the user’s behavior over time.

Enable Smart Access risk level

  • Custom Values for MFA Factors: Allow end users to enter a custom value (e.g. phone, email) when registering for email, SMS, or Voice MFA. This provides them with the flexibility to define their own custom values for MFA factors, such as personal email, without requiring the email to be validated and stored in your IT directory.

Custom value field for personal email

  • OpenID Connect (OIDC) Signing Keys Rotation: Improve security for your OIDC applications with the ability to rotate the keys used to sign JWT ID and Access Tokens. This feature allows you to cycle signing keys out of rotation or revoke them immediately. Best practice recommends you rotate your signing keys every 6 months.

Administration

In this release, we have added new administration features that empower you to gain more insights into your Active Directory (AD) configuration, support AD/Azure AD hybrid domain join, as well as build complex identity automation at scale.

  • Active Directory Connector (ADC) Telemetry: We added a new Sync Status column that provides additional telemetry information for each configured AD Connector. This allows you to gain insights into your ADC configuration to proactively troubleshoot any issues related to connectivity, syncs, health, etc.

Sync status for configured AD Connectors

  • Hybrid AD/Azure AD Domain Join: Learn how to set up Microsoft Hybrid Azure Active Directory Join with OneLogin. This allows you to improve the management of Windows devices on Azure while maintaining connectivity to on-prem AD, which is already federated to OneLogin. Check out our new configuration doc!
  • OneLogin Workflows and Universal Connector: Reduce the complexity of integration projects and automate complex IT workflows across different cloud and on-prem systems–all without requiring additional developer resources. Automate more advanced lifecycle management processes using time-based actions and custom notifications to provide quick access to the applications your users need, while reducing the risk of a breach due to lingering access.

Hybrid AD/Azure AD Domain Join: Learn how to set up Microsoft Hybrid Azure Active Directory Join with OneLogin. This allows you to improve the management of Windows devices on Azure while maintaining connectivity to on-prem AD, which is already federated to OneLogin. Check out our new configuration doc!  OneLogin Workflows and Universal Connector: Reduce the complexity of integration projects and automate complex IT workflows across different cloud and on-prem systems–all without requiring additional developer resources. Automate more advanced lifecycle management processes using time-based actions and custom notifications to provide quick access to the applications your users need, while reducing the risk of a breach due to lingering access.

  • Delegated Administration: Create custom privilege sets for users with the ability to scope down permissions to specific users, roles, apps, events, and reports. By delegating administrative access to various parts of the organization at a granular level, you can enforce the Zero Trust principle of “least privilege access” and balance productivity with defending against security threats.

Manage privileges

  • Admin Insights Dashboard: Demonstrate the value of your Identity and Access Management program with a dashboard that displays data across the user base. Improve your security posture by tracking certificates, login activity, and potential opportunities to convert apps to SAML. Quick links allow you to easily provide standardized reports on a regular basis to other stakeholders across your organization.

Admin Insights dashboard with reports, news and updates, and login information chart

  • New Provisioning Connectors: We added SCIM connectors for Vonage, Calendly, Twingate, Clarizen to enable automated user provisioning in OneLogin.

Experience

As the demand to provide fast, highly streamlined login experiences increases, IT teams are looking for more customization possibilities from their identity provider. From new user registration to self-service password reset, each step of the login process needs to be optimized and fully transparent to the end-user.

  • Password Reset Flow Customization: We have added several new enhancements that allow you to further customize password reset flows. You can now build a custom password reset flow from any page, which can then redirect users to a defined URL. We also have added a direct link to allow admins to provide a URL that directs the end-user to the Forgot Password page only. Additionally, you can decide whether you want to hide the Forgot Password link on the login screen. As a result, you can provide a more unified login experience for end-users that is consistent with your custom-built pages.

Show Forgot Password

Want to learn more?

To learn more about our recent releases, check out the release notes in our Knowledge Base and tune in to our upcoming Fall ‘21 Product Release webinar on November 17th, 2021 at 10am PT/1pm ET.

About the Author

Ariel Zommer

Ariel Zommer is a Product Marketing Manager at OneLogin. Ariel is passionate about cloud technology and how it is transforming the way we work, live, and collaborate every day. Prior to OneLogin, Ariel has held strategic marketing roles at Signifyd, IXYS Corporation, and TIE Kinetix.

Related Articles