It would be nice if you could specify prioritized security policies by role (or by user).  Say for instance you have a security policy restricted by IP (let's call it "Policy A") and the end user tries to login from another network.  Right now, they're out of luck -- they can't access anything.  What I'd like to be able to do is have a fallback policy ("Policy B") that is used if they are not on the IP specified in "Policy A".  If they tried to access OneLogin from an IP that was whitelisted, it would default to "Policy A," but if they were outside the network, they would still be able to access OneLogin, but with the tighter controls specified in "Policy B" (e.g. browser sessions time out sooner). 

This is especially useful for those that work in an office, but also occasionally need to access apps from remote locations. (I'd imagine that's a good number of OneLogin users.)