Are you going to stay with OneLogin? Why/Why not?



  • Avatar
    William Bagby


    Great question.  I'm also in the same position and we are an Office 365 E3 with EMS suite so I have another SSO platform I could go to right now.  I'm in a wait and see mode at the moment.  This most recent breach, while upsetting and confidence reducing, I can say that OneLogin's (OL) directions to resolve it were very clear.  Additionally as a customer you can ask for the after-action report were OL explains mitigating steps etc. 

    As far as the breach goes...for the other vendor's you mentioned it isn't a matter of if, just when.  It will happen to them also.  I'll follow this thread to see if there are any compelling arguments.


    Comment actions Permalink
  • Avatar
    John Jacoby

    Hi Anne,

    I agree with Randy about how they handled the breach - they hit the tick marks that I think most CISOs would want and I agree it's when, not if.  There is plenty of guidance on how to handle a breach and assessment of remediation plans which we determined to be adequate.   We known anything can change and cloud IAM is of particular interest to bad actors bad actors for obvious reasons. 

    We are just going through implementation (if anyone wants to share a DSSO  test plan - thanks!!) and we are an NGO using Office 365 E1.    However, because of our increasing MS footprint, Azure / other IDaaS will eventually make its way to our POC roster.  It's hard to keep up and I've learned the lesson of "Certainly we can do that, but......."



    Comment actions Permalink

Please sign in to leave a comment.