OneLogin has four types of users, which have different sets of privileges. In the list below, each user type has all the privileges of the ones above it.

• User - can only access the dashboard
• Group admin - can manage all the users in the groups it's an admin of
• Admin - has access to all functionality, except encryption policy
• Owner - has access to all functionality

Users

Users are employees or contractors who use applications and have no administrative privileges. All users can add personal applications though.

Group admins

Groups are used to delegate administration of users. For example, someone in sales may be responsible to managing access to sales-related applications. 

Admins

Admins have full access to all the administrative functionality except changing the encryption policy, which only the owner can do.

Owner

The account owner is responsible for the OneLogin account and is also the billing contact by default.

OpenID

Every user in OneLogin is automatically assigned an OpenID issued by OneLogin. The advantage of using OneLogin's OpenID as opposed to a one issued by a third party is that the employer has full control over the employee's OpenID identity and can withdraw it at any time.

Personal apps

Users can add personal apps, which are only visible to the users themselves. The audit trail does not log any activity for personal apps and admins are not able to see personal apps on users' dashboards when they assume them.