Skip Links

Single sign-on moves to the cloud

Okta and OneLogin score high in test of eight SSO solutions that cut help desk calls and boost password security

By David Strom, Network World
December 17, 2012 12:00 AM ET

Page 6 of 10

The directory synchronization is very easy to setup, and OneLogin supports Active Directory, OpenLDAP, Google Apps and Workday. You can set up rules to map users to particular roles and groups.

Its documentation is awesome with loads of help files on a Zendesk server that has copious screen shots and illustrations on how to set up various services. There's a large selection of reports including all provisioning activities, various ones on user status (suspended, active or whatnot), and a nice report on weak passwords. You can customize each report and download each as a CSV. There are also custom notification rules, so you can email users when they have been locked out of OneLogin, for example.

A wide variety of multifactor authentication methods is supported, including Yubikey, Verisign VIP, FireID, SecurID and OneLogin's own mobile-based soft tokens. It can be required for every login or for unknown browsers, which is not as flexible as some of its competitors. Browser PKI certificates can be required as an additional factor. You can also prevent the browser from caching passwords for applications where OneLogin uses form-based authentication, a nice feature. Finally, it integrates with various SSL VPNs (we didn't test this) and you can specify which apps can be accessed through the VPN gateway.

OneLogin offers several pricing plans, including a free plan for unlimited users with three company apps and limited online support. The $5 per user per month enterprise plan widens this to support unlimited roles and directories but only includes daytime live support: if you want 24x7 that bumps you up to $7 per user. That works out for 500 users to be $35,000 for the first year and subsequent years.

Radiant Logic RadiantOne

Radiant started in the directory management space and is slowly moving into SSO. Its solution is for on-premises, and has two main pieces: a Virtual Directory Server (VDS) that handles identity federation and a Cloud Federation Service (CFS) that handles applications.

CFS requires VDS to work: think of VDS as handling the authentication of the user's identity, then CFS contains a bunch of secure tokens that can access your various apps. It isn't as elegant as the other vendors, but it can be flexible if you understand which piece of software does what. There are a few other tools to set up the integration and deployment, such as the Radiant Trust Connector that handles the Windows desktop logins and the CFS Deployment Manager that does what its name says. Everything runs on Windows 2008 R2 Servers with at least IIS v7.5 and .Net Framework v4 and goes under the name of RadiantOne.

That is a lot of different pieces to keep track of. Each piece has its own printed documentation, so there is a lot to review and understand the various relationships before you can get started. If you are still running earlier Windows Server versions, this isn't the product to upgrade them.

RadiantOne handles its trusted relationships with its apps via certificates that have to be downloaded and installed separately using the Deployment Manager. This means that users are authenticating once with CFS and then gain access to the various trusted apps. Using certificates is cumbersome but avoids the browser plug-ins that many of the other vendors use for encrypting the login credentials.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News