Q3 ‘20 Release: Simplifying and securing application access across the enterprise

With the mad dash to set up a fully remote workforce mostly behind us, IT & Security teams must now shift their focus to securing additional vulnerabilities in their environment and further improving the login experience for employees, partners, and customers alike.

For this quarter’s release, we bring to you more granular security controls, an improved MFA user experience, API enhancements, new AWS integrations, and much more. These new features and capabilities span four key areas:

  1. Security
  2. Administration
  3. Developer APIs
  4. New Integrations

Read on to find out more!

Security

In order to continue to protect user access to critical corporate resources, providing more authentication options for your end users allows you to simultaneously enforce MFA across your different applications, while also improving the MFA user experience overall.

  • App Policy MFA: Admins now have the ability to specify which MFA factors are required to log into an application based on the app policy. This allows you to protect specific apps with stronger factors as part of the MFA requirement.

Q3 2020 Release security enhancement

  • Email MFA with Magic Link: As part of Email MFA, allow users to easily authenticate into the app portal by clicking on a quick, one-time use link via email. This eliminates the need to enter an OTP code and provides a more seamless way for users to fulfill the MFA requirement. You can also set the email magic link expiration between 2 to 15 minutes.

Q3 2020 Release new capability

Administration

As your employees continue to access their applications from locations you don’t recognize and on home networks you can’t control, the following improvements allow you to more conveniently perform admin duties, such as configuring access to on-prem applications and helping employees restore their accounts on OneLogin Protect in the event that their phone is lost or stolen.

  • OneLogin Protect Backup Restore: When a user does the initial configuration of the backup function for the OneLogin Protect authenticator app, they will need to provide an email and phone number, which will then send them an SMS code to verify the user set up an account for backup. Not only does this enhancement provide better security, but we also removed the reliance on Google sign-in in order to extend the backup feature to non-Google accounts.

Q3 2020 Release admin enhancement

  • Apps List Improvements: Instead of just a search bar and list of apps, we have added more information into columns so you can easily sort based on app name, authentication type, number of users, and more. Built on our new Apps API, pagination and search is now faster and more performant with load times the same whether you have 5 apps or 500 apps. To check out the new apps list, go to yourcompany.onelogin.com/admin2/apps.

Q3 2020 Release admin improvement

  • Oracle EBS Gateway Enhancement: Simplify and protect access to Oracle eBusiness Suite (EBS) by leveraging Single Sign-On and Multi-Factor Authentication without the need for additional Oracle software, such as AccessGate and WebLogic. Please register to participate in the early preview if you are a current OneLogin customer.

  • Export Groups to AD: Export multiple Groups into Active Directory, so that you can use different HR directories, for example, as a single source of truth to manage AD group members. Please register to participate in the early preview if you are a current OneLogin customer.

Developer APIs

As part of our continued investment to help you easily administer OneLogin across your environment, we have made enhancements to the following APIs, which are in early preview.

  • Users API v2: This new version of the Users API is even faster and provides more search filters, such as group ID, last updated date, last login date, etc., with custom date ranges. This is incredibly useful for syncing users between OneLogin and a 3rd party system.

  • MFA API v2: Register OneLogin Protect, Google Authenticator, and Email MFA using the OneLogin API. Previously, you were only able to do so for SMS and Voice registrations. Build your own registration experience with the ability to bulk register different MFA factors as well as provide more factors for step up authentication.

New Integrations

As part of AWS’s Shared Responsibility Model, we continue to invest in building integrations that make it easy to quickly secure and scale your growing AWS environment. Whether you are running your infrastructure or building applications on AWS, OneLogin integrates seamlessly to multiple AWS solutions, extending capabilities for IAM and enterprise security.

  • AWS Control Tower: Whether you’re newly migrating to AWS or an enterprise user, leverage AWS Control Tower with OneLogin IAM to ensure your organization has appropriate identity safeguards and automation to scale your multi-account environment. Centrally manage and automatically provision access permissions across all users, roles, and AWS accounts.

  • AWS IAM: Enable administrators to assign user and group access centrally to their AWS Organizations accounts and applications integrated with AWS IAM. This makes it easier for an AWS administrator to manage access to AWS and ensure OneLogin users have the right access to the right AWS accounts–all while maintaining a familiar login experience for administrators and end users.

To learn more about our AWS integrations, visit our partner page.

Want to learn more?

Join us on October 6th (or October 7th if you’re in EMEA) for our annual industry event, Connect 2020, to hear more from the OneLogin Product team on future product announcements. In the meantime, read our release notes. And stay tuned for the upcoming Q3 product webinar in November!

About the Author

Ariel Zommer

Ariel Zommer is a Product Marketing Manager at OneLogin. Ariel is passionate about cloud technology and how it is transforming the way we work, live, and collaborate every day. Prior to OneLogin, Ariel has held strategic marketing roles at Signifyd, IXYS Corporation, and TIE Kinetix.

Related Articles