Single sign-on: OneLogin Mini Demo

Hi, and thanks for joining. Today we'll be exploring OneLogin Single Sign-On, or SSO. As organizations grow, the technology puzzle pieces multiply, resulting in more applications, users, and devices, all distributed across various locations. This leaves IT and security teams with the difficult task of securing application access to protect corporate data, all the while making that same access easy for employees who need to stay productive. This introduces the need for Single Sign-On, or SSO. On an enterprise level, SSO refers to the capability for employees to log in just one time with one set of credentials to get access to all corporate apps, websites, and data for which they have permission. With one login single sign-on portal, users only need to enter one set of credentials to securely access their web apps, whether via desktops, laptops, smartphones, or tablets. This significantly improves productivity while ensuring data security. Now let's take a look at some of the features and capabilities of the OneLogin SSO portal. Starting here on the login screen, our powerful branding options empower you to tailor this screen to mirror your organization's identity. You can customize the logo, the color theme, and incorporate additional links to guide users to your help desk. If a user forgets their password, a simple click on the Forgot Password button prompts them to enter their username, after which the user is prompted to complete Multi-Factor Authentication, or MFA. And in this instance, our user opts to use the OneLogin Protect app for MFA, triggering a push notification to their smartphone. After accepting the push notification, the user can reset their password. Note that as the new password is entered, green checkboxes appear confirming that the password meets the stated requirements. Then, once clicking Submit, the user is notified that their password has been updated. Additionally, if users authenticate against Active Directory, this process seamlessly updates the user's password in Active Directory via OneLogin's real-time Active Directory connector. Now let's sign into the OneLogin SSO portal. The user will start by entering their username, followed by their password. Then, depending on the user's security policy, they may be prompted for MFA. As we can see here, this user is on a security policy that prompts them to perform MFA before allowing them access to the portal. Once the user accepts the MFA prompt, they are directed to the OneLogin SSO portal, where they can access all the apps that are assigned to them based on role-based access control. To access any of these applications, the user simply clicks on a tile, and they're automatically signed into the app. Here we can see that this user has been signed into their Office 365 account without the need to enter their credentials. Now, going back to the SSO portal, users can easily use the search bar to find the app they're looking for by name or description. For example, we can see that as the user searches for email, Office 365 is displayed. OneLogin supports numerous authentication standards, such as SAML, WS-Fed, OpenID Connect, RADIUS, API-based authentication, and more. Security Assertion Markup Language, or SAML, is the most widely adopted standard for authentication and for good reason. With apps that support SAML, every user can be forced to authenticate with their identity provider. For example, let's say this user signs off for the day. And the next day, instead of going to their SSO portal, they open their browser and go directly to an app or website like office.com. Here, after clicking Sign in and selecting their account, they'll be automatically redirected to their organization's Single Sign-On page. This means that, regardless of how the user tries to access Office 365, they'll be forced to use their SSO credentials to sign in, which provides users with the ease of securely accessing their applications using a single set of credentials. Now moving back to the portal, sometimes you have apps that don't support SSO, meaning that the app hasn't adopted open authentication standards like SAML, for example. And in these scenarios, OneLogin can use form-based authentication to inject user credentials into an application's login page to log the user in. Sometimes this can be done with a simple HTTP POST, but there are cases when OneLogin's browser extension is required. Once the OneLogin browser extension is installed, logging into a form-based app is just like signing into any other app in their portal. For example, in this demo environment, LinkedIn is set up using form-based authentication. The user can either click on the app tile in their SSO portal or open the OneLogin browser extension and click on LinkedIn. This opens LinkedIn in a new tab and automatically injects the user's stored and encrypted credentials into the login page. Once again, this allows the user to log in without requiring them to enter their credentials manually. This enables OneLogin to provide single sign-on access to all your organization's applications, even the ones that haven't adopted SAML or don't have an API interface, making OneLogin the central location for users to access all their apps using a single set of credentials. And that concludes this brief overview of the OneLogin SSO portal. Thanks for watching.