Comparisec
Submit reviewFor vendors
MFA / Passwordless AuthenticationOneLogin MFA
AdequateAdequateAdequateAdequate
4.3

VendorsMFA / Passwordless AuthenticationOneLogin MFA

OneLogin MFA logo

OneLogin MFA

One Identity (Quest Software)

Founded 2009·US·PE-backed
4.3

Combined score

G2
4.4150
Gartner
4.4200

Security incident on recordFebruary 2022 — attacker accessed OneLogin database for approximately 3 months before detection

Editorial verdict

OneLogin MFA covers standard enterprise MFA requirements at a price point below Duo and Microsoft Entra. The SmartFactor Authentication risk engine provides basic adaptive capability and the factor breadth covers the common enterprise use cases.

The February 2022 breach where an attacker had undetected access to production systems for three months, affecting the authentication infrastructure itself, is the central concern for buyers. OneLogin has made improvements since, but the incident track record is a material consideration for an identity platform.

The verdict: the breach history makes OneLogin difficult to recommend over alternatives with clean security records. Organisations evaluating mid-market MFA should compare Cisco Duo and JumpCloud as alternatives with comparable functionality and better security track records.

Last reviewed: May 2026

G2

4.4150 reviews

Gartner

4.4200 reviews

PeerSpot

7.970 reviews
Gartner MQ: Challenger (Access Management MQ)

MFA / Passwordless Authentication assessment

PROTECTIONAdequate
Phishing-resistant factors
3 / 5

FIDO2 and push authentication available. Scored 3 because the 2022 breach (3-month undetected access) suggests authentication control weaknesses that have since been addressed but create historical concern.

Sources: OneLogin breach disclosure February 2022, OneLogin documentation

Factor breadth & fallback
3 / 5

Push, TOTP, SMS, biometric, FIDO2, voice. Scored 3 for adequate factor variety.

Sources: OneLogin documentation

OPERATIONSAdequate
Adaptive & risk-based policies
3 / 5

SmartFactor Authentication with risk-based step-up. Scored 3 because adaptive policy sophistication is less than Okta or Microsoft.

Sources: OneLogin documentation

Device posture integration
3 / 5

Basic device context integration. Scored 3 because MDM/EDR posture signal depth is at category average.

Sources: OneLogin documentation

ANALYTICSAdequate
Authentication telemetry
3 / 5

Authentication logs and admin activity. Scored 3 because telemetry depth is at category average.

Sources: OneLogin documentation

TRUST & ECOSYSTEMAdequate
Admin & privileged protections
3 / 5

Admin MFA enforcement available. Scored 3 because dedicated privileged access controls are less developed.

Sources: OneLogin documentation

Strongest: Phishing-resistant factors

Watch out for: Admin & privileged protections

Strengths & limitations

Strengths

Competitive pricing vs Okta for equivalent SSO and MFA core features
SmartFactor risk scoring — risk-based step-up MFA without constant friction
Strong Active Directory and LDAP integration for Windows-centric environments

Watch out for

Challenger not Leader in Gartner MQ — execution gaps vs Okta and Microsoft
2022 breach — attacker maintained access for approximately 3 months before detection
Less breadth of SaaS integrations than Okta (700 vs 7,000)

Best for

Budget-conscious mid-market organisations wanting Okta-like SSO and MFA at lower cost — evaluate 2022 breach response before purchasing.

Not suitable for: Security-sensitive orgs — 2022 breach had 3-month undetected access

Compliance coverage

SOC 2
HIPAA
NIST CSF
PCI-DSS
GDPR
ISO 27001
Essential Eight
AU Privacy Act
CMMC
NIS2
DORA
CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

  • Active Directory (cloud)
  • ADFS
  • Basic TOTP

Also considering

Vendors typically shortlisted alongside

← Back to MFA / Passwordless AuthenticationCompare with other MFA / Passwordless Authentication vendors →

Quick facts

Pricing modelper user/month subscription
Pricing range$4-8/user/month
Free trialYes — 30 days
Min seats5
Deployment time1-2 weeks
Complexity2 / 5
Pricing transparency4 / 5
AU presenceNo
IRAP assessedNo
Open sourceProprietary

Deployment

ModelsSaaS
OS supportWindows, macOS, Linux, iOS, Android
CloudAWS, Azure
SupportEmail, Phone, Chat
Data residencyUS, EU

Company

One Identity (Quest Software)

Founded 2009 · 500-800 employees · PE-backed

HQ: US

$100M+ ARR est.

Certifications

SOC 2 Type II, ISO 27001

Integrations

Active DirectoryAzure ADLDAPSalesforceMicrosoft 365Google WorkspaceServiceNow700+ appsSIEM via syslog