Not every startup manages to reach — or exceed — $100 million in financing. Those that do join an exclusive group of fundraisers and can enjoy a massive vote of confidence from the venture capitalists and angels who help put them there.
As of this morning, OneLogin is the latest to join the club. The San Francisco cloud-based identity and access management provider today announced that it has secured $100 million in a Series D round led by Greenspring Associations, with contributions from existing investors Charles River Ventures and Scale Venture Partners. It’s very much justified: OneLogin now counts more than 2,500 enterprises among its clients, including California’s Bay Area Rapid Transit, Airbus, British Red Cross, Change.org, Fujitsu, Indeed, Nasa, Pandora, Softbank, and Broward College. And it has more than tripled its annual recurring revenue (ACR) over the past three years.
OneLogin raised $22.5 million in June 2018 as part of an extension of its Series C round, following $10 million and $25 million raises in May 2017 and December 2014, respectively. The Series D brings its total capital raised to more than $170 million.
OneLogin says that the influx of cash will be put to “accelerat[ing] adoption” of new product offerings, such as multi-factor authentication; better serving its enterprise customers; and extending access management to networks and devices using cloud infrastructure. It also says the funds will be used to increase OneLogin’s North American and European footprints and to build out the startup’s 250-person team “across levels and disciplines” and further expand in Europe.
OneLogin, for the uninitiated, provides a suite of tools that help organizations manage distinct app environments, networks, and devices in a unified fashion. Its cloud-based solution — appropriately dubbed Unified Access Platform — offers features such as single sign-on, compliance reporting, and a centralized cloud directory that collates directories from G Suite, Workday, and other providers. It taps machine learning to detect high-risk login attempts and trigger additional authentication factor requests, in part by taking into account the networks users are connected to and the devices they’re using. And its mobile identity management product enables one-click access to web enterprise apps through a smartphone or tablet device.
Last year saw the launch of OneLogin access, a new iteration of OneLogin’s Web Access Management product that offers a single tool for managing identities across on-premises applications and public cloud environments. It’s a capability that sets OneLogin apart from some of its competitors, some of which don’t offer comparable on-premise integrations.
OneLogin has been largely frugal with its money so far, save a few strategic acquisitions to bolster its portfolio. It bought CafeSoft, a web access management startup, in 2015 and in June 2016 acquired Portadi, a San Jose startup that built a framework for creating custom connectors to third-party enterprise apps. A few months later, it picked up Square Secure Workspace, which engineered a lightweight virtual mobile container solution that isolates employees’ work content from their personal content.
There’s been a bump or two along the way to OneLogin’s Series D, to be sure. In May 2018, an attacker managed to break into one of its Amazon Web Services accounts, which mean swapping out every security certificate connected to services its customers used with OneLogin’s platform. Unsurprisingly, second-quarter revenue took a hit, and OneLogin lost employees and customers.
OneLogin CEO Brad Brooks took the incident as a challenge to improve the company’s security practices. There was another upside, he believes: Emerging from a breach relatively unscathed made OneLogin a more appealing vendor. Indeed, Airbus — one of OneLogin’s marquee clients — announced after the hack occurred that it would adopt OneLogin.
“There are some customers that did leave us. They said, ‘You know what, [we] can’t handle it’,” he told VentureBeat in an earlier interview. “Most of them stayed with us … [That breach] has made us who we are. It didn’t kill us, but it certainly made us stronger.”
There are more hurdles on the horizon. OneLogin faces stiff competition from the likes of Okta, Ping, and Centrify, not to mention behemoths such as Microsoft, Oracle, and IBM. In the last fiscal quarter, Okta’s subscription revenue grew 59 percent year-over-year to reach $76.8 million.
But OneLogin’s investors aren’t worried.
“I’m happy to say I still feel I get to be in one of the top two — or maybe three, if you count Microsoft — players in the space,” Rory O’Driscoll, a partner with Scale Venture Parters, told VentureBeat in an earlier interview.
OneLogin recently opened offices at the Georgia tech accelerator Atlanta Tech Park and a development center in Seattle. Its goal, Brooks told VentureBeat earlier this year, is to hit $100 million in ACR within the next two and a half years.