Security is at the heart of Onegini Connect - our entire platform has been built around the best and most user-friendly security solutions

A user-friendly approach to security

Onegini Connect security is like an onion: we provide the right security measures at all layers of your app or online platform, securing you against all kinds of attacks. But we also like to keep things simple. That is why we’ve designed Onegini Connect in such a way that you’ll never have to choose between security and ease of use.

Keep your favourite tools

We also don’t want our security framework to force you into changing the way you build apps. That is why we provide all the SDKs and APIs you need to keep building apps the way you like it.

Device security

We must assume that we cannot trust anything the end-user does on his device, unless it has been verified at the back-end, outside the end-user’s control. Onegini Connect handles any low-level security risks you can think of:

  • All device security threats, included but not limited to jailbreak/root detection, debug detection, and prevention of tampering and code lifting
  • Forced upgrade and prevention of installation of apps on jailbroken devices (this option can be switched on or off)
  • Creates a unique device fingerprint
  • All our software is code-obfuscated

financescreenshot screenshot

Data security

Data needs to flow freely between the mobile app and your enterprise. To prevent hackers from getting to this data, Onegini Connect provides you with:

  • Payload encryption for secure communication - we don’t rely solely on TLS, so all communication between your mobile app and your enterprise is secure (double encryption; application layer encryption on top of TLS/HTTPS)
  • Brute force prevention, OWASP, AES-256 encryption, forward secrecy, invulnerable to MitM (Man-in-the-Middle) attacks
  • Enhanced API Security on top of your API infrastructure 

Real-time monitoring and detection

Onegini Connect monitors all events and detects discrepancies in real-time. Depending on the policies you have defined, Onegini Connect will take appropriate action such as blocking accounts, demanding extra authentication using biometrics or PIN code, or any other predefined action.

  • Policy Management
  • Real-time monitoring
  • API interface
  • Predefined rules

1.3.2 hosting

Download our whitepaper on security and the API economy

Just fill out the form to receive your copy of the whitepaper