OneLogin can integrate applications in several different ways. The ideal approach depends on a number of different factors, such as the application's current single sign-on capabilities, whether it has a mobile or desktop clients and whether it's a commercial application or one that your organization has built internally.
- Security Assertion Markup Language (SAML)
- Form-based authentication
- API-based authentication
- Proprietary API
Security Assertion Markup Language is the preferred way of handling SSO to web-based applications. It's standards-based, fast, very secure and does not rely on user passwords. OneLogin is pre-integrated with most leading web applications.
OneLogin also provides free, open-source SAML toolkits for Java, .NET, Ruby and PHP which both vendors and enterprises can use to add enterprise-strength SSO to their applications.
WS-Federation is an Identity Federations specification for single single-on, which is mostly used by Microsoft solutions, such as SharePoint and Office 365.
Most web applications do not support SAML and in most of these cases, OneLogin stores the user's password securely in the cloud and automates the sign-in process via the application's login page. This sometimes requires the use of OneLogin's browser extension, but not always.
Clients that support the RADIUS protocol, such as IPsec VPN clients and WiFi Access Points, can authenticate against OneLogin's RADIUS interface.
Some applications have their own, proprietary SSO API and OneLogin in some cases integrate with those.