OneLogin: Pursuit of Readiness

OneLogin is an access management and cloud-based identity provider. Their primary focus is to sell organizations and businesses. The GDPR or European Union’s General Data Protection Regulation is on OneLogin’s radar, and policies are being put into place to prevent any upcoming issues. OneLogin has a goal to become prompt adopters of frameworks and regulations, consequently strengthening their privacy and security programs. The major areas they are working on are contract language, processes and policies, DPO, and trust.

Some contract language needed to be made clearer. That includes the following: subcontractor use, language notification from data breach, and the accountability of data processors. They have put these into their regular Data Processing Agreement and standard MSA. OneLogin also offers the ability to work directly with them, to get language priorities straightened out between parties.

For processes and policies, OneLogin has taken a “blank page” approach. They are producing highly detailed data mapping illustrations, and redrawing data flows within its programs. They used Article 30 for the diagrams, and found it to be a very useful exercise. This effort has been quite small. This is due to lining up with valued privacy frameworks.

For the DPO or Data Protection Officer, they have found an external legal counsel in the EU to serve. The original plan fell through due to GDPR plans consistently changing. This was an example of the Article 29, issued in 2016.

OneLogin values trust. These new regulation will prompt the newest documentations and certifications. With Article 42, a more endorsed GDPR program will happen. They will also go back through existing programs, making sure those are up to GDPR standards.

Through all these security measures, OneLogin will make adjustments toward the GDPR requirements happening in 2018. They will continue their journey to becoming prompt adopters of regulations and framework. OneLogin will be looking into contract language, processes and policies, DPO, and trust. They will make adjustments as necessary for the upcoming year.

OneLogin Providing Security for Companies

One-Login is a cloud-based identity and access management provider which secures user access to devices and applications. Headquartered in San Francisco, OneLogin creates software that allows office visitors sign in using an iPad. Logbooks have become outdated and insecure for the offices. The Envoy automates various steps in the registration process of the visitor such as digital NDA, visitor sign-in, visitor badges, photos and host notifications. The primary clients of Envoy are some of the tech-forward and fastest-growing companies introducing technologies that increase security and productivity.

According to Envoy customers, movement of employees in to, across and out of the company can be hectic for IT experts who keep updating individual user access across many applications to ensure appropriate and secure end-user experience systems. Recently, Envoy partnered with OneLogin to implement the SCIM (System for Cross-domain Identity Management) protocol for user provision. This method is also called the automated user on/offboarding.

The feature is available to Enterprise customers and Envoy Premium and is set by adding the Envoy user provision connector in the application catalog of OneLogin. SCIM has an objective to simplify user provision and management. SCIM enabled applications allow customers to automatically provision fields such as emails, office location, and employee’s first and last names directly from the OneLogin directory into Envoy. With the continuous sync, ongoing user management is elevated by automatically updating the user profile.

Managing employees and other personnel like partners and contractors can be hectic on IT. Therefore Envoy Visitor Registration makes it easy as records are manageable, current and accurate. With this, an employee can create visitor invites and receive host notifications alerting them when the guest arrives. For the visitors, signing in is easy as they only search for a particular employee.

OneLogin integration allows customers use OneLogin and immediately sync all employee information to their Envoy directory. Any change made in this integration, in one’s directory, is automatically sent to Envoy.OneLogin’s customers who are different types of companies use their service to manage user identities in dozens of countries.The system improves security by ensuring only current employees can be selected as a host when signing in and also it saves time.