OneLogin stands behind its security and privacy commitments to customers and takes security incidents and vulnerabilities seriously.
Customers are encouraged to submit any security incidents to our Security Response Team at security(at)onelogin(dot)com or if you open a standard ticket and in the course of solving it we determine it needs to be escalated to the Security Response Team, our Technical Support Team will do so. Privacy related submissions should be sent to privacy(at)onelogin(dot)com instead.
All submissions will be triaged by the Security Response Team and a member of the team will be in contact to gather more information, as needed, or to discuss next steps and estimated remediation timeline.
In order to be able to quickly validate and resolve the issue please provide the following information:
- contact information for main point of contact
- when the incident occurred
- affected account(s) and/or user(s)
- compromised data
- how it was detected
Customers and members of the security community are encouraged to submit any potential vulnerabilities via our Responsible Disclosure Form located at https://www.onelogin.com/security. This form is integrated into our bug bounty program platform, or alternatively, you can request to be part of our bug bounty program by contacting support(at)bugcrowd(dot)com.