Security is at the heart of Onegini - our platform has been built around the best and most user-friendly security solutions

Key points

  • iconStandards and Certification
  • iconIntegrations
  • iconSecurity and GDPR compliance
  • icon Bank-grade security

A user-friendly approach to security

Onegini Connect security is like an onion: we provide the right security measures at all layers of your app or online platform, securing you against all kinds of attacks. But we also like to keep things simple. That is why we’ve designed Onegini Connect in such a way that you’ll never have to choose between security and ease of use.

  • icon
    Mobile SDKs for Android and iOS
  • icon
    Standards-based components with support for OAuth 2.0 and SAML 2.0;
  • icon
    Support of industry-leading initiatives
  • icon
    A security gateway which delivers enhanced validation and authorization checks without losing performance

Keep your favourite tools

We also don’t want our security framework to force you into changing the way you build apps. That is why we provide all the SDKs and APIs you need to keep building apps the way you like it. Adding the Onegini SDK to your new and existing apps is easy and safe.


We must assume that we cannot trust anything the end-user does on his device, unless it has been verified at the back-end, outside the end-user’s control. Onegini Connect handles any low-level security risks you can think of:.

  • icon
    All device security threats
  • icon
    Forced upgrade and prevention of installation on jailbroken devices
  • icon
    Creates a unique device fingerprint
  • icon
    All our software is code-obfuscated


Onegini Connect monitors all events and detects discrepancies in real-time. Depending on the policies you have defined, Onegini Connect will take appropriate action such as blocking accounts, demanding extra authentication using biometrics or PIN code, or any other predefined action.

  • Policy Management
  • Real-time monitoring
  • API interface
  • Predefined rules

Future woman with cyber technology eye panel concept-1

Responsible Disclosure

Onegini rewards those who want to help keep our products secure. If you find a vulnerability in one of our projects or think you can contribute to the safety of our solution, we ask you to notify us through the resources provided on this page.

Envelope responsible disclosure

Data security

Data needs to flow freely between the mobile app and your enterprise. To prevent hackers from getting to this data, Onegini Connect provides you with:

  • Payload encryption for secure communication - we don’t rely solely on TLS, so all communication between your mobile app and your enterprise is secure (double encryption; application layer encryption on top of TLS/HTTPS)
  • Brute force prevention, OWASP, AES-256 encryption, forward secrecy, invulnerable to MitM (Man-in-the-Middle) attacks
  • Enhanced API Security on top of your API infrastructure


Just fill out the form to download your copy of the whitepaper