After reviewing several single sign-on (SSO) solutions, we recommend OneLogin as the best SSO for small businesses. We chose OneLogin from dozens of SSO companies. To understand how we picked OneLogin, see our methodology on our best picks page.
We selected OneLogin as our best choice for small businesses for a number of reasons; chief among them was the flexibility and scalability it offers. In addition, OneLogin has a relatively easy implementation process that supports the integration of multiple directory types and works across all devices and platforms, making it a versatile solution that can adapt to most any business's existing system.
OneLogin is also quite user-friendly; it should be easy to introduce to your current staff upon implementation, as well as to new hires who will be introduced into the system later. OneLogin can also support multiple logins to the same application for one user, further easing adoption in the event a user maintains multiple accounts for the same application.
OneLogin allows you to tailor the identity management process to your needs. Not only is it compatible with a number of directory types, OneLogin also gives you a degree of control over the integration process. The way the SSO manages groups also adds a degree of flexibility.
OneLogin manages security groups directly, rather than synchronizing with the integrated directory. A key part of this process is OneLogin's mapping tool, which automates the user management process. This means administrators will have a little extra work to do, but it gives them additional control beyond most SSOs.
For those more concerned with aesthetic than technical aspects, OneLogin offers a highly customizable user portal, right down to the ability to feature company branding and select the color scheme. The level of control OneLogin grants to administrators, whether it is under the hood or in terms of appearance, makes it an attractive solution.
Self-registration pages: The self-registration page is a unique feature that sets OneLogin apart from the pack. Self-registration pages allow users to request accounts to access certain applications, subject to administrative controls. This is an especially useful feature for collaborating with partner organizations or granting interns access to the system. Self-registered users can also be set to default into a specific group, meaning permissions can essentially be preset for this class of user.
Multifactor authentication: MFA is essential to securing users' accounts and maintaining the integrity of your network. OneLogin comes with a number of authentication platforms preintegrated, but it also allows integration of any third-party authentication methods you want to include. You can set security policies to dictate precisely how users can sign on, such as by employing OneLogin's one-time password or SMS authentication.
OneLogin offers several pricing tiers. The first level is free and includes SSO for three applications and five personal applications. The next tier, the Starter subscription, costs $2 per user per month (25-user minimum) and includes SSO and MFA for all of your applications. The Enterprise subscription costs $4 per user per month and includes integration with multiple directory types, multiple languages, custom reports and security policies. Finally, for those looking for an even more extensive SSO solution, the Unlimited subscription costs $8 per user per month and includes custom fields and mapping, user provisioning, and several additional integrations.
OneLogin's mapping feature requires additional attention, since security groups are not automatically synchronized from the active directory. So, while you get some additional customization out of it, you're also introducing more complexity. While this isn't really a limitation, it is a caveat worth mentioning.
Ready to choose a single sign-on solution? Here's a complete breakdown of our coverage: