Since 2020, all OneLogin accounts have used multi-step login (sometimes known as "login2"), a modular and extensible feature that provides a seamless and fast login experience for both desktop and mobile users, with a strong focus on strong security controls for account administrators. This article briefly describes what multi-step login involves and some of the ways it supports your organization's security and end user experience.
During a traditional login flow, the user enters both their username and password in the same form, then submits both credentials at once in order to proceed to the next step of the authentication process, whether they are immediately given access or prompted for an additional authentication factor such as a one-time passcode (OTP), security question, or email verification.
Multi-step login splits that initial step in two, first prompting the user to submit their username, email address, or other identifier, and only then prompting for their password on a separate page. This provides a variety of benefits for your organization:
-
Protection from brute-force attacks
By separating the login credentials, OneLogin neutralizes or severely limits many attack techniques from malicious actors. For example, hackers and bots often attempt to automate a large quantity of login attempts in quick succession, hoping to "guess" a correct combination with statistical probabilities and overwhelming numbers. Multi-step login prevents some of these bots from working completely, while others will be significantly slowed down by the additional step and have much-reduced odds of a successful attack.
-
SmartFactor Authentication
Many of OneLogin's intelligent SmartFactor Authentication features rely on multi-step login, such as Smart Flows, which allow you to define and customize different login flows for different users. For example, you might allow on-site users with dedicated workstations bypass entering their password entirely when logging in from an approved device, while higher-risk or remote users may be subject to tighter security restrictions or required to verify additional authentication factors before being permitted to enter their password.
-
Terms and Conditions & System Use Notifications
With multi-step login, it's easy to get specific users' attention or convey important information by assigning them relevant user policies. For example, you can prompt all users to agree to your organization's Terms and Conditions during their first login, then skip that step in the future once they've already agreed, or you might display a given announcement to all users working in a certain department each time they sign in.
These are just a few examples of the improvements enabled by multi-step login. If your OneLogin account predates 2020 and you have not updated some of your configuration details since that time, particularly any trusted IdP (TIdP) settings you may have established, please reach out to OneLogin Support for assistance with any login errors your users may encounter during authentication. |