As IT admins consider web application single sign-on (SSO) solutions, many end up evaluating OneLogin and its pricing. As a popular web app SSO vendor out there, OneLogin is often leveraged alongside a directory service like Microsoft Active Directory (AD) to extend and federate user identities to cloud-based applications. And, given the recent news around their acquisition, there will likely be even more interest in seeing if/how their pricing model changes.
This layered approach is one of two commonly chosen options for identity and access management (IAM), while the other approach involves implementing a single cloud directory platform that has built-in SSO capabilities, thus eliminating the need for multiple point solutions and vendors.
Pricing for web app SSO solutions can get tricky. Often, there are separate pricing tiers based on volume (ex. 5,000+ users) and by verticals such as education. Many vendors offer different bundles that include a few standard features and others can be added a la carte (for example, multi-factor authentication). Also, virtually all implementations for traditional Identity-as-a-Service (IDaaS) platforms require professional services which increases the overall cost.
All in all, there are many permutations around what IT admins can purchase, but this can be a double-edged sword. While having many options and a la carte purchasing available can give admins greater flexibility with their purchasing decisions, it can also muddy the waters with the sheer number of feature combinations possible. So, evaluating all of your options is key to getting the most out of your SSO solution.
SSO Pricing in the Big Picture
With SSO pricing, the most important thing to keep in mind — sometimes even more than the actual prices you’re quoted — is what you do (and do not) need. This is because critical functionality like multi-factor authentication (MFA), user provisioning, and more are typically offered as add-ons, so the actual cost you pay can quickly increase compared to the base price as you pick out the features that you need.
Further, deciphering pricing and what the solutions you need will cost you becomes increasingly difficult as you begin to consider the big picture which is, web app SSO is only one part of identity and access management. There are numerous other functionalities admins need to connect users to the resources that they need, such as on-prem applications, WiFi networks, VPNs, physical and virtual file servers, and various devices (Windows/Mac/Linux).
Ultimately, pricing for an SSO solution — be it OneLogin, Okta, or otherwise — is only one part of the complete cost structure. For one, SSO solutions usually require a directory service as the primary source of truth. From there, functions such as RADIUS, LDAP, SSH key management, device management, governance, and more are all usually add-on solutions that will cost more (if they’re offered at all).
The result of this is:
- Overall costs balloon as do implementation timeframes
- You end up paying for basic SSO and likely adding things on like MFA, LDAP, RADIUS, and more
- You’re also paying for a separate directory service
- You have to deal with separate support from each point solution being used
- Advanced bundle: $4/user/mo.
- Professional bundle: $8/user/mo.
- A la carte: varies by choices
Active Directory Pricing
- AD pricing involves purchasing CALs (Client Access Licenses) specific to each machine
- There are also many hidden costs associated with AD, such as hardware and maintenance costs
Total Cost of AD + OneLogin SSO
So, the bare minimum you can pay for an integrated solution like this is $10/user/mo (assuming that AD is essentially free because of your ELA). However, once you scroll through and see what’s not included in the basic packages, you realize that you have to add in more a la carte options, which add up quickly (a total of upwards to $25/user/mo. In addition to your AD subscription). Plus, using this strategy, you have to manage two disparate solutions created and owned by two different organizations, which may not cost you money directly (unless we’re talking about support), but it will cost you and your IT team time, which is just as valuable.
Figuring Out What You Need Besides SSO
Ultimately, pricing for the SSO component is important, but the overall architecture of your identity and access management is much more critical to determine. From there, figuring out the most cost-effective solutions becomes easier.
Every organization has its own needs which should be used to guide buying decisions. However, we’ve compiled this short list of features to serve as a starting point:
- Heterogeneous device management capabilities – can work with Windows, Mac, and Linux
- Remote access and control through APIs and Powershell
- Support for industry-standard protocols like LDAP, SAML, and RADIUS
- Different levels of access according to user-group membership
- Access to:
- On-prem apps (Jira, MySQL)
- File servers (QNAP/Synology)
- Networks (Meraki/OpenVPN)
- Cloud-based infrastructure (AWS/GCP)
Considering the whole picture, it’s not about establishing one identity for web apps, but about establishing one identity for all IT resources. This means a single source of truth to authenticate against, regardless of platform, protocol, provider, or location.
So how do admins cobble together the best mix of solutions, when so many different and specific ones are out there? The easy way to answer that is to look for a holistic solution that can address all of your IAM needs. And for many small to medium-sized organizations, that leads them to a cloud directory platform.
An All-Inclusive Alternative to OneLogin
Any SSO vendor is going to successfully address the core web apps in your environment, but this is not a selling point — it’s a basic functionality. It’s the other features — managing mixed-OS environments, connecting users and devices, and securely managing access to virtually all IT resources — that sway admins’ decisions.
No one wants to go into a purchasing decision knowing that they’ll have to continue to add costly features or replace solutions altogether as their organization grows, or in some cases, continue to maintain legacy hardware to leverage as a source of truth for newer features.
These are just a couple of reasons why many OneLogin customers have modernized their infrastructure with JumpCloud’s Directory Platform, which is a cloud-based IAM and SSO solution all in one. Especially after the news of OneLogin’s acquisition — admins are realizing that the industry is shifting to holistic solutions and away from multi-vendor point solutions.
Try JumpCloud’s IAM and SSO Solution Free
JumpCloud’s True Single Sign-On™ capability gives users the ability to use one set of secure credentials across web apps, legacy on-prem apps, cloud infrastructure, on-prem and cloud-based file servers, and networks via RADIUS — no matter your operating system.
Test out JumpCloud’s modern, simplified IAM solution with True SSO, and see if it’s right for your organization! Create a JumpCloud Free account to access the entirety of the platform for free, up to 10 users and 10 devices. Along with that, enjoy 24×7 in-app support — free for the first 10 days!