idpcost.com
Memo
To: IT / Security buyer evaluating OneLogin
From
idpcost.com
Re
OneLogin end-to-end cost analysis
Source
https://www.onelogin.com/pricing

OneLogin

live verifiedOne Identity · Per-user tiered (Basic $3, Essentials $6, Business $10, Enterprise quote). No annual minimum stated on the page.

Now owned by One Identity. Unlimited SAML and OIDC SSO is included in every tier — even Basic at $3/user/mo — so there is no SAML tax; MFA is available across tiers but requires an SSO plan as a prerequisite. Cheaper than Okta at the entry point and supports passkeys (WebAuthn including device-bound, synced, and cross-device passkey flows).

1.Year-1 TCO breakdown

Representative buyer: 200 employees, 30 SaaS apps, full SAML + MFA + lifecycle automation, 90-day audit retention.

Licensing (200 seats)200 seats × $10/mo (Business — adds SmartFactor, advanced directory, lifecycle for 30 apps) × 12 = $24,000/yr. Basic at $3/mo covers SSO + MFA but caps identity lifecycle at 5 apps (≈$7,200/yr).
SAML taxNo SAML tax. Unlimited SAML and OIDC SSO is included in every tier, starting at Basic ($3/user/mo); MFA is available across tiers but requires an SSO plan as a prerequisite.
Audit retentionAudit logging available across tiers; included in Business.
MFAIncluded with SSO across tiers.
Year-1 TCO~$24K Year-1 TCO for 200 employees on Business; ~$7K on Basic if the 5-app lifecycle cap is acceptable.

2.The hidden cost category for this IdP

Hidden cost

**Post-acquisition uncertainty is the structural risk.** One Identity acquired OneLogin in 2021; OneLogin remains a distinct product but roadmap clarity has been thin. Some functionality has been deprioritised in favour of One Identity's broader IGA suite. The hidden cost: buyers committing to OneLogin in 2026 face roadmap risk that could force migration in 2027-2028.

3.Migration cost out of OneLogin

Migration off OneLogin runs $50K-$140K for 200-employee deployment. SAML reconfiguration per app, SCIM rebuild. Simpler than Okta migration because OneLogin doesn't have the same custom-workflow complexity.

4.The negotiation lever

Acquisition-uncertainty discount. OneLogin sales acknowledges the One Identity acquisition has created customer hesitation; multi-year commits get steeper discounts (25-35% off list) than they would have pre-acquisition. The lever: leverage the roadmap uncertainty to negotiate aggressively at signing.

5.Vendor tier reference

TierPer-user (USD/mo)Features
Basic$3Unlimited SAML/OIDC SSO + MFA; identity lifecycle limited to 5 apps
Essentials$6Adds advanced directory + broader lifecycle automation
Business$10Adds SmartFactor auth, custom branding, advanced policies
EnterpriseQuoteQuote-only — Desktop MFA, threat-aware MFA, custom SLA