NetIQ Identity Manager Reviews

I am an independent training provider. I'm teaching this application. It was originally made by a company named Novell. I have used the Novell XML, which is the origin of Identity Manager. I think they did that in '96 or '97. I was a certified Novell trainer, and I was training those applications myself. I started the first testing center for Novell products in Europe in '92. I have a long history because I started with those basic products in '83 and did 10 years of training for those products. I've also been using them for my employers or for the customers as a consultant. Now, I'm doing training again but in schools. I am teaching adults so that they can change their careers or start a career in cybersecurity or IAM.

I always try to use the latest versions. In terms of deployment, you can call it cloud, but it's a VMware environment.

I like the eDirectory feature.

It needs some modern features. They should improve and modernize their management interface. It has been created over years and by different persons. You can see different applications, different management consoles for different things. There should be an integrated interface.

It should also be easier to install. There should be an easier testing system for applications for students or consultants to try it themselves. The system to download or get your applications for testing is not so easy.

They can clarify how to install it for different Linux versions as well as how to use it for local private cloud use and public cloud use. It seems that you have to install many incarnations of basically the same product.

They should make it free for schools for teaching purposes. Their competitors are giving it for free. By not doing that, they are losing market to competitors.

I've been using it since '83. I've been working for companies that have been using this application. I've been in consultancy implementing this application to customers, and now, I am teaching this application.

It is stable, but its implementation is hard. After that, it runs.

I haven't dealt with it, but I would like to have a channel. 

Its implementation is hard. It should also be easier to install. There should be an easier testing system for applications for students or consultants to try it themselves. If we are doing just testing, it's complicated because they are basically supporting SuSE and Red Hat. If we are doing testing, we don't want to pay for the server systems. There is no documentation and information about how to install it with some other Linux versions. There is no documentation for implementing it on other systems.

The deployment duration depends on what we are doing. We are not doing production systems. We are doing production-like teaching environments. We are basically running systems that can be production but the use is just for training purposes. Later this year, we are doing production environments. We are doing the whole process of how to create implementation, how to implement it with some applications for IDM, some applications with access management and SSO, and so on.

It would easily help them in getting more market and more customers if more consultants knew about their software. If they could keep it free for schools for teaching purposes, it would be good. I had to pay myself to get it and use it for training. Their competitors are giving it for free. I had to pay for it myself. They are losing market to their competitors.

I would advise others to read the manuals carefully and do the testing systems first. That's because it has all the bells and whistles when it comes to features, but they are not so easy. It is a full package for everything, but it is not so easy to implement. You should basically clarify things because there are different kinds of doors for different kinds of things.

I would rate this solution an eight of 10.

We provision accounts and access through NetIQ. Lifecycle events are triggered by our HCM system which feeds Identity Manager. Identity Manager then feeds other downstream systems such as Active Directory and ServiceNow. We also have NAM (Novell Access Manager) for single sign-on but I did not include that in this review as it is a separate product.

We learned a lot about what not to do when we implement our next solution. We were implementing an HCM solution at nearly the same time as NetIQ so that was definitely something I would not recommend doing if at all possible.

The identity vault, password syncing and self service Password Reset. As seen in another review, I will concur that NetIQ does a good job with password syncing among directories.

Be more honest about how poorly it runs on Windows servers. It is optimized for Linux. Just because you can install and run it on Windows doesn’t mean you should, at all. It is a recipe for disaster.

Yes, it does not run well on Windows servers. It is meant to run on a Linux platform.

Yes, it does not scale well and licensing is very expensive. Again, does not run well on Windows so upgrades were a nightmare.

Very poor. We ended up having to contract for support from two other service providers since NetIQ’s support was so poor.

This was our first IAM solution.

Very complex. Again, it does not run very well on Windows and we required a lot of customization to meet our business objectives.

A vendor team helped us through our implementation from Deloitte & Touche Consulting. I wasn't quite as involved with the implementation but have been supporting the solution for about 4 years now so I can't speak to their level of expertise.

Very expensive licensing. Definitely review support and licensing contracts with an attorney to get language less ambiguous and redline accordingly.

We did. We evaluated CA, IBM, Novell (now NetIQ) & Oracle.

Get executive buy-in and know that a tool isn’t going to fix bad processes.

We did an exercise, but it was a long time ago. I know that we had a lot of manual work that we saved by using the product. So on a monthly basis, we would hire ten or so users per day, ten times, over twenty days, so two hundred in total.

Each user would take between ten and fifteen minutes, so let's say two hundred times twenty minutes, is four thousand minutes, or sixty-six hours. There were more functions that we'd do as well.

I would say you would save like around one-hundred person-hours, per person per month. That's big savings.

It's a very flexible tool, so you can synchronize multiple sources of data and you have multiple connections to various kinds of systems.

The most valuable features are that it's a very flexible tool and it's connected to multiple and various data sources.

The product, the technology itself, is really good.

The problem is the ecosystem. There's not a lot of people that know the product, so it's hard to find someone to work with the product. Sometimes you need to deploy something that's a little different. It requires development, and it's just hard to find people. It requires training, because, in each event, you need to learn the specific language that the product speaks. So it's a directional language and you need someone with some knowledge with it to deploy it.

They have graphical interfaces and you can get away with the basics, but it gets a little bit more complicated once it's a little bit more customized. If it could be operated in such a way that anybody could use it, with just the user interface, and there's no need for programming, then that would be a great improvement.

They need to go to a cloud service solution because everyone's looking forward to the cloud now. Everything that I worked with was on-prem system deployments. 

The stability is solid. You don't touch it. Once you deploy it, it just works.

In terms of scalability, it depends on how much you want to spend to scale because they charge for connectors. You can connect virtually everything to it. They have connectors for most of the systems in the market including databases, cloud solutions, etc.

The company just launched an update so they are upgrading. They need to connect to the new SAP version. They were planning on connecting to the latest version of existing systems. 

Technical support was good. I had to use them a few times and they were very knowledgeable and they were quick. I always had a quick turn around from support.

The initial setup has medium complexity. It depends. The previous version was more complex. Now they've made it better. They knew that the tool was complex so they tried to enhance and simplify the installation. I would say it's not too hard today to get you going on the basics. The more approvals and workflows and the more components you add to it, the more complicated it gets and you need more specialized people. You just make sure that you train your personnel.

If this product was more widespread and people knew more about the language then you wouldn't have this issue about when you need to add people to the system.

I wasn't there when the implementation took place, but I think services were from the actual vendor, Micro Focus, itself.

Some products, typically security products, the moment they're implemented, their ROI is instant because you know security is invaluable and data loss is something that needs to be halted right then and there. Your return is guaranteed because the product saves so many person-hours over the years.

I'm not sure of specific pricing, but I know they have different licensing, depending on your organization. Governments, for example, have special pricing. Education would have different pricing because it's more like a sector.

There might be additional costs too, and it depends on which system you are integrating. So let's say user x needs one AD account or an Oracle or SQL. You would have the base license plus per connector. You just need to be aware that the more systems you connect, the more license fees you have to pay.

The way it was implemented for the company was mostly for HR integration. So we would synchronize data from SAPHR to an Active Directory. So all the new hiring, all the user provisioning was made by HR on the SAP system. This system was responsible for creating the accounts on the network and mailboxes and all that from that system. So no one has ever created a user manually in AD. It's all automatic.

It's a solid product, it's a mature product. You just need to make sure that your IT personnel is properly trained. When you purchase a license, make sure you have support engaged as part of your contract and you'll get your team trained.

I would also recommend a proof of concept for sure. That way you can show clients how flexible the product is.

I would give the solution a rating of nine out of ten.

The Role Based Provisioning Module feature is by far the best thing about the product; using roles and entitlements for access and provisioning makes old group based obsolete.

It has reduced time and resource costs due to automation of previously hand-managed tasks like provisioning, granting access, distribution and access to different enterprise connected applications.

Definitely documentation is among the most lacking features of the product. Also, the ability to run all components on Windows OS is needed.

I've used it for one year in different customer environments and licenses.

Deployment is pretty easygoing, though some trouble might arise if the customer's security policy is overly strict or the infrastructure has a bad design.

Stability wise I would rate the product 8 out of 10. Some known quirks and bugs give unwanted resource hogs that can be a headache at the wrong moment.

No major problems as of yet.

Scalability becomes an issue if the vision changes from the initial implementation. Not being flexible and having to rewrite quite a bit of code for even a simple added feature makes it difficult.

9/10.

8/10.

We previously used Microsoft Forefront Identity Manager.

Initial setup is straightforward if done by vendor requirements.

We used a vendor team, and their level of expertise is 9/10.

• Four hours for installation
• Development hours vary
• Two hours weekly maintenance and check-ups

We also looked at Quest OneIdentity, Oracle Identity Manager and Tivoli Identity Manager.

• It is a money saver in the long run
• As long as you set your requirements from the get-go there won't be overhead further along

We use this solution for Directory and Password Synchronization, as well as SQL updating for ERP.

Has facilitated the synchronization from eDirectory to AD and helped with Automating some SQL tasks.

The most valuable features are Password Reset Alerts, Password Sync, and SQL connectors.

The interface is old and outdated, and the design software seems archaic.

Event driven provisioning and powerful Development and documentation tool - Designer are the most valuable features on NetIQ Identity manager

Identity and access management processes have developed to become automatic and fast. While the source of identity information is the HR data, user rights can reflect the user role(s) in an organization.

The UI for requesting and approving rights have been a little outdated, however, in the most recent version that has been addressed. Also, the amount of work from box to production has been improved a lot during the years, but for sure - there is always a need for a capable project team to fit the product to the processes of an organization.

12 years.

High amount of skill with the product and overall knowledge of IAM are useful to avoid issues on IAM deployment. The issues are normally due to data quality, which can be fixed with the products Analyzer application.

Product is stable. At certain points, there have been bugs - but NetIQ Support has been able to help with those kind of situations

Product is very scalable. It is matter of optimizing the rules used during the integration process.

7/10.

9/10.

No previous solution used.

IM products are someway framework solutions. Deploying a solution to an organization requires co-operation with many stakeholders and knowledge on the systems to integrate.

With a normal integration, for example with AD, it's a matter of configuration, but integration with the HR system it's a matter of designing processes - for example if the system is not a standard out of the box system.

I have been a consultant on customer implementation projects.

• Sell the idea at the CEO level
• Get sponsors for a project
• Get a capable project team
• Choose a consultant who knows the product and not only the IDM processes.

Its reliability when it comes to synchronizing directories is the most valuable feature. It is very safe to be based on events.

For many years we had Novell eDirectory as the main directory, to which was added LDAP, AS400, Active Directory, Google, and SAP.

The greater strength was to keep the identities synchronized without failures in both attributes and passwords. The provisioning of identities at reasonable times greatly reduces the time of a new user's registration.

The Operations and Information Security.

We have been using this solution for 15 years, i.e., since its inception and the time it was called Novell NDS for NT.

There were no stability issues, IDM is one of Novell's most stable products. Errors are human, just be careful in its use.

There were no scalability issues. In fact, we have incorporated many users by acquisitions and it is safe to climb; your performance does not degrade.

Technical support is very good, but in my country the ecosystem of consultants is scarce. In Argentina, in addition to Micro Focus (previously Novell), there are only two or three partners whose focus is IDM. But the few that are there, they possess very good technical level, generally ex-Novell.

A few years ago, I had the opportunity to analyze its competitors. IBM and Oracle and both were horrible; especially Oracle as it is difficult to implement, has unfriendly interfaces, there is an absence of connectors, and there are almost no specialists in the region. Oracle did not even work.

Given that identity management is itself an IT specialization that requires a lot of knowledge, the implementation is simple. That is to say, if it is clear that the tool is intended, sinceneeds can vary from a simple synchronization of keys to a complete and automated process.

IDM licensing has accessible values even for installations of thousands of users. Once the input values were not so cheap, but the annual maintenance is very accessible. The ROI is seen in the hours saved in provisioning.

We first had IDM for several years and then, compared it to IBM and Oracle against aggressive bidding; these were not worthwhile though.

Analyze if you want to unify the keys of different identities of the same user or if you want to propagate an identity in several platforms. The latter option is recommended, although it demands more effort.

Go little by little. Install the core in a new metadirectory, separate from the production one, and implement the one-to-one connectors. This is advisable because the impact on the end user is high (in the positive sense) since it is still a change. Then, take advantage of all of its functionalities, as it is common to see that after installation, several connectors do not use other parts of the tool. For example, the role-based authorization flows, circuits to request a device, or automation of response by the loss of passwords.

Do not confuse identity management with single sign-on. This is another discipline and there are other products for it.

We use NetIQ Identity Manager for identity management.

The most valuable feature of this solution has been the ability for us to integrate a lot of external systems, and the automatic transfer of a lot of identity information. Additionally, the customization is very good.

NetIQ Identity Manager could improve by updating the user portal, it is out of date.

I have been using NetIQ Identity Manager for approximately 15 years.

The solution is stable.

NetIQ Identity Manager is very scalable and complete. It covers all the areas we need it to.

The technical support has been good.

For us the installation was easy. However, we are an IT company that understands what we are doing. I would consider the solution not to be easy to install if someone does not have the experience.

The price of the solution is a bit high and could be reduced.

I would recommend this solution to others.

I rate NetIQ Identity Manager a nine out of ten.