Omada Identity Reviews

Omada is used for identity access management. I previously worked as a database specialist but switched jobs when I switched companies. I joined this company because I connected personally with the company culture. As part of my new role, I received training on Omada Identity Cloud, which was being taught to new hires. During my first six months with the company, I worked from the Omada office, explicitly focusing on Kubernetes to gain a technical understanding of the system.

Developing new solutions and processes within the system can be very challenging for our customers, and it often requires highly qualified professionals to assist with the process. This is why companies typically hire consultants when they need to change their systems. I started as a consultant and am now a full-time employee. As such, I can leverage my expertise to provide valuable guidance and support to our clients needing assistance with their systems.

We have just under 3,000 users spread out across multiple locations in Denmark. Departments across the county can access the system from the cloud. 

Omada streamlines onboarding by automatically granting employees access to various IT systems. We can remove an employee's access immediately after they leave the company. It improves our security because people who have left can no longer access sensitive information, such as our finances and tax data.
We have also had cases where people continued receiving a salary after they quit. Previously, someone needed to remove the employee's access manually. Now, it is done automatically.  

It also helps us with internal and external audits. The auditors ask us why users can access particular systems, and we can produce reports for them. It saves us time because we don't need to spend hours looking through various systems to determine who has been given access. Omada documents who has requested or approved access. You can see when access stopped and why. 

Omada's surveys have simplified the process of assigning roles. We know that if we send 200 questions to one manager, he will accept everything. I don't have time to review 200 permissions. Based on the questions sent to one manager, we try to minimize that by grouping them as roles. You only have to approve six roles instead of 200 granular permissions. Omada has helped us to do that. 

We have to do this a few times every year. If we add a new role or access within a role, it must be approved by the access owner. We have fixed rules that every access has to be reviewed at least once a year. Some are done every three months. We prefer role-based access control, but you also need to do some at the granular level. However, we want to wrap everything into roles if we can. It makes things easier for the managers to understand. 

Omada worked well when I started at this company, but now we are provisioning identities even more efficiently. At other companies where I've worked, getting the proper access might take up to two weeks. Here, everything works on the first day. 

Omada's user interface is elegant and easy to work with. I like Omada's ability to automatically generate accounts for new hires and allow them access to all required systems by established policies. Around 80 percent of workers can start working immediately on their first day without requesting further access. 

No two-week waiting period is required to obtain the proper accounts and memberships in various AD groups. Many clients are unaware of our behind-the-scenes work because the system functions effortlessly, making us an indispensable partner.

Omada provides a clear roadmap for additional features. We use it to plan for the future and align it with our internal roadmap. We integrate many systems with Omada and need to plan for integrating new ones. They introduced advanced reporting and analytics in the latest version, but we're behind and haven't implemented that yet.

When making a process, you should be able to use some coding to do some advanced calculations. The calculations you can currently do are too basic. I would also like some additional script features. 

I have been using Omada Identity Cloud for approximately five years.

Omada is stable. It's always running, but I think we share resources with other customers. One resource pool is in Azure. It's slow at times but never crashed. 

I believe Omada is scalable. The product has had built-in connectors for integrating with our solutions for many years. The new ones may lack some features that you might require. It depends on the age of the implementation. We've had situations where we couldn't use the out-of-the-box connector because it was too simple, so we built our own. 

I rate Omada's support a nine out of ten. They respond in under an hour if we have a serious issue. 

Omada's solution is in the cloud, but it integrates with an on-prem agent. It was deployed when I joined the company, but I was told that a new Omada project can take one or two years. 

The integration is potentially complex because you might need to connect it with hundreds of other systems. However, you can quickly migrate data from your HR system and connect it to your Active Directory. The standard installation is straightforward but grows in complexity with each new system you integrate.

After deployment, the only maintenance is regular system updates. You can schedule those with your sales team. I prefer the cloud version because the on-prem solution requires you to do everything yourself. You have detailed knowledge of databases, operating systems, and communication between the various servers. 

We messed up the data a few weeks ago, but restoring a backup snapshot from the previous hour was easy. We rolled back the database by an hour and were up and running in under 30 minutes. It's easy and convenient for us.

I rate Omada Identity Cloud an eight out of ten. In most cases, whenever I have an issue with Omada or a feature I would like to see, I check the roadmap and realize it's already in the pipeline. Omada is constantly improving, so I give it an eight. 

They listen to their customers. You can submit a suggestion to their ideas portal, and other customers can vote it up. They prioritize new features based on the users' votes. 

I advise new Omada users to understand your data before implementing the solution. When you put people on the project, it should be people who know the HR data and the internal architecture.

When we decided to implement Omada, our main goal was to establish it as our central identity management system. We wanted to be able to plan and automate our entire user and permission management process, including things like introducing business roles, access request workflows, and user lifecycle management. These are core functionalities for us.

Moreover, consolidating access management systems is important to us. We're optimistic about its potential.

The combination of features and the amazing support team are definitely valuable to use. The customer success and support teams have been crucial.

Omada provides a clear roadmap for additional features. We've already received some information about the product roadmap for 2024.

User lifecycle management is a key element of our new setup. Omada automatically removes employee access when they leave the company.

Moreover, Omada saves time when provisioning access for new identities. Automating user account provisioning across various systems should save us significant time and money.

Omada helps automate access request reviews and route them to the appropriate people. That's a common use case for their certification feature.

If I had to name one thing, it would be the user interface (UI). They're already working on improvements, but it could be a bit more user-friendly. It's on their roadmap though.

We just started using this solution because we just began implementation in August last year.

Everything works perfectly for us.

For our use case, we had no problem.

For the comprehensiveness of the model out-of-the-box connectors for the applications that we use, all the applications we wanted to integrate into our first wave. We had a few custom connectors for the out-of-the-box ones and for the ones we're missing, the REST connectors where we have flow.

And also, currently, Omada is developing a lot of new connectors, and the amount of connectors is currently growing, so this would be maybe also a good point.

With our customer success manager (CSM), we have a monthly meeting. So anytime we have some questions on each help, I can contact our CSM, and then he tries to help us, and until now, it's worked very, very well. Also, the technical support was very fast and already provided us with a solution.

Positive

We've got a bit of an old, self-coded solution based on MIM, and we're really looking to replace it. It's become a bit of a burden to manage.

The initial setup is definitely on the complex side. The topic, because of the different interfaces in many, many different systems. It is due to a complex environment. It's not due to Omada.

The deployment is done partly by our staff and partly by an external implementer. We have, some persons responsible for the application side of the system we want to connect to, but the core team has five to eight people.

We opted for an external implementation partner for internal reasons, not because of Omada's services. Although, a 12-week deployment is possible.

The pricing is okay.

First, definitely define your exact requirements. Then, maybe do a proof of concept. Try connecting the first application and gain some familiarity with Omada's expertise.

So far, we're very happy. No real negatives or drawbacks yet. So, for me, it is a ten out of ten.

We wanted a solution that could help us make HR the master of identities. We wanted a solution that could take that data and direct it into all our other directories and Active Directory.

We have Omada set up to remove an employee's access as soon as the employee leaves. When we started to do this, we saw that quite a few of our accounts were actually removed, meaning we had holes in our security. There were too many active accounts, compared to what should be active. That was one of the first things we saw.

Now, everybody is really aware that when a user leaves, the account should be disabled and accesses should be removed. People are getting more used to seeing that. It does something for the entire security culture, around identities, in our company.

The solution has also definitely helped us save time when provisioning access for identities. We don't have to go in and do a lot of the work that we did before. It may have saved us somewhere in the range of 10 to 30 percent of the time we spent on provisioning access.

In addition, before Omada, we used many systems and now we are using just this one system. Currently, we are mostly concerned about AD applications, but in the next year our plan is to incorporate all the systems, like our ERP. It will help us consolidate. The consolidation we have seen so far has helped reduce the time it takes to give people the access they need, but not that much, perhaps 10 percent. It's mostly AD groups at the moment. We will probably see a better number for that next year.

At a high level, the areas of the solution that are most valuable are the 

• provisioning engine
• access request.

And, of course, all of the identity-handling capabilities are the most important to us. 

Other very good aspects include the

• interface, which is easy and intuitive
• review access handling.

There are some technical bits and pieces that we have looked at that could be better. For instance, when you do a recalculation of an identity, it's hard to understand what was incorrect before you started the recalculation, and which values are actually updated.

Right now, all you see are all the new fields that are provisioned, instead of seeing only the fields that are changed. This makes it hard to understand the situation before you started it, compared to after. This is one of the key features that I'm really missing.

Also, the onboarding of applications could be easier. There could be workflows to go through the entire process of onboarding a new system or application, instead of having to go to three places to do it. 

Those are the two key improvements needed.

Also, the connectors for the applications that we use are good, but not fantastic. This is constantly improving. Recently, they added a ServiceNow integration, so there are still new connectors coming. But there are a few systems that I would like to see on the list, systems that are not there today. We have two ERP systems: SAP and something called Infor M3, and the latter is not there. It's okay, though. Maybe some of the other companies we evaluated have even more connectors, but Omada was good enough for us.

We have been using Omada for two years.

We haven't had any incidents so far. It has been extremely stable.

It's at least scalable for what we need. We are now running a few systems on it with no problems so far. It has been scaled and that was fantastic. When we start to implement more and more systems, I hope it will continue to scale just as well as it has up until now.

For us, their technical support has been fantastic.

Also, Omada definitely provides us with a clear roadmap for additional features that will be deployed. I'm so lucky that I'm part of the board that looks at new features coming out. We are among a few customers that are invited to see the roadmap, for clarity. So I really do have a good overview of what's coming in the products.

It might sound strange, as we have been using it for a couple of years already, but we are not there yet when it comes to utilizing all of the new features. There are still so many basic features that we need to implement in our organization. For example, I have looked at the analytics and we have used them a little bit. But right now, it's not a key function area for us. Going forward, I definitely think we will use it more and more.

Another example is Omada's certification surveys to recertify roles or to determine if roles are relevant. We are starting to use that now but we have not done it at the scale that you might imagine. We are at the very beginning of that process. By the time another half a year has passed, we will have done quite a lot on that.

Positive

We used a self-developed solution that was based on a lot of scripts and different GUIs and interfaces. But it wasn't a product, it was just something that we put together.

The initial deployment was straightforward. The setting up of the solution was done by Omada and it only took a couple of days. Then they came with a good description of what we needed to do and we were complete within the first week. Everything was up and running. Then we started building the business logic. That took some more time, but the actual setting up of the entire environment and having everything connected took just a few days.

Omada helped us to deploy IGA within 12 weeks. The first phase took eight to 10 weeks. When we started, it was much more about an HR product than an IT project. It was to get the organization to understand that HR needs to be the master of identities. After that, we needed a solution to take that data and turn it into something productive, and that's where we saw the first benefits of Omada.

It is implemented as a global solution. We have Omada running in the cloud. Then we have a VPN collection set up to Omada. And we have different HR systems running in our company and all of them are synchronizing their data on a daily basis to Omada through connectors. And we control AD, Azure, et cetera by the data that we receive.

On our side, there were four or five people involved from different teams. And the team from the Omada side had three people plus a project manager.

From an administrative point of view, there are 10 to 15 people using Omada. Eventually, I hope all our users will go into and do something. For now, we have 500 to 1,000 users who are doing something in the solution. This will increase more and more over time, as more accesses are ordered by the employees.

In terms of maintenance, there are always new things that we do in the system, but Omada takes care of everything when it comes to patching and upgrading the environment. The only thing that we do is upgrade it when there's a new version out. We just have to go into an admin site and say, "Now we want to do the upgrade," and it's one click of a button and it's done.

We evaluated six or seven products, including One Identity Manager, SailPoint IdentityIQ, 365 Identity, and we also had a quick look at Microsoft Identity Manager, but that was not a full solution.

Among the reasons we chose Omada was that they had the identity process framework. When we started this, we were very immature in our identity journey, and having this identity process framework was a good way for us to get started. It was very clear what we needed to do.

Also, with Omada, you bought a license and you had everything. With a lot of the other products, you had to buy X, and then you had to buy Y if you wanted to implement a new feature. And there would be another cost if you wanted to implement another feature. Omada's model was very easy for us to understand: If you buy it, then you get the entire solution. That made it easy to see what the cost was going to be in the coming years.

Also, we had direct contact with Omada and we used their consulting department to help us onboard it. This was very good because we had people sitting close to the product group, in case there were questions. And they were building it correctly from the start, instead of having some local contractors coming in to help us. That was also something that was really good.

On the negative side, some of the other products might be more developed and have more features. But, Omada was very good for us to get started with.

I would definitely recommend Omada. It's a good product that absolutely does what you need. I would suggest reading through the identity process, the framework that they have created, to get an understanding of what you need to have in place before starting this project. For us, it was a long road to work with HR to get everything implemented. Having that understanding before you start is really key to a successful implementation.

We use Omada to control access and identities throughout the employee lifecycle. Omada is deployed throughout the organization. We have about 16,000 active users. Around 30 people in our IT department use Omada daily, but roughly a hundred people have access to the solution. 

We used to have a problem where an employee's access wasn't terminated when they left the company. Now, we have much better visibility into and control over who has access. 

We didn't have a solution before, so everything is an improvement. Granting and removing access involved a lot of manual processes. Everything is automated now. Omada is a 100 percent improvement over previous access provisioning methods. Previously, everything was manually added or deleted. We saved a lot of time and effort by using Omada.

We currently use policy assignments, but we're in the process of implementing role-based access control. 

The entire process is smooth, from importing the HR data to provisioning user access. We are still relatively new to Omada, so we still haven't explored all of the features. They provide us with a clear roadmap of new features, and our customer success manager has been very helpful. The roadmap helps us plan ahead and decide what should be our focus. We're satisfied with the out-of-the-box connectors Omada provides. 

I would like more training. As someone who is new to this world, I don't feel that the courses Omada provides are good enough. They should also improve the documentation. It is difficult to learn how to use the solution by yourself. In general, the user interface isn't user-friendly or intuitive. In some cases, it's extremely easy to delete critical information. You don't know that you need to select this gray box before you can access a particular object. 

We have used Omada since June 2021. 

Omada is a stable product. 

Omada is scalable.

I rate Omada support a seven out of ten. Sometimes it takes them too long to get back to us regarding smaller issues, and the feedback isn't always great. However, they are always attentive when we have an actual crisis, and our customer success manager is excellent. 

Neutral

We used a solution called Opus and Active Directory. That was before I started working for the company, so I don't have any experience.

Omada is a cloud-based solution. Omada helped us deploy IGA within 12 weeks by focusing on fundamentals and best practices. From what I hear, deployment was a straightforward process, and the company completed it in a couple of weeks. We have a small IT team. Only four people are in charge of administering Omada, updating the platform, and responding to error messages. We've had some problems during patches and cloud updates, but most of our issues involve errors when importing data. 

I rate Omada Identity an eight out of ten. I would recommend Omada if they can improve their documentation and training materials. 

We use Omada Identity Cloud to onboard and offboard user accounts and manage permissions. We are using the cloud version.

We are able to onboard new user accounts much faster by automating the process and standardizing our operations globally. Previously, there were many individual processes and manual admin interactions. We also see a lot of cost savings and benefits because of automation and standardization. 

It decreases the work for admins while boosting user productivity. I would estimate that we've reduced admin work by about 30 percent. Omada's identity analytics also help us make informed decisions more efficiently and reduce the cost of our IGA program a little. We can also automate the disabling of user accounts when employees leave to prevent unauthorized access.

Process automation is the most valuable feature.

Omada could communicate better with us about the product roadmap. We haven't gotten any updates about it. The user interface is often a bit difficult to understand. It isn't optimized for small screens, so it doesn't display all of the information clearly, so users need to scroll a lot. 

The configuration could also be simpler for our admins. For example, it could have some configuration assistance or preset out-of-the-box functionality because it's complicated to enable new features. 

I have been using Identity Cloud since January 2022.

Omada is somewhere in the middle in terms of stability. Generally, all the services are running well, but we've had a few serious issues that had a significant impact on our company. I would rate them six out of 10 for stability.

I rate Omada eight out of 10 for scalability. There are many connectors to services, so it's good to have them. At the same time, configuring these connectors requires more effort than expected.

We rate Omada support 7 out of 10

Neutral

The initial setup is highly complex. Full deployment took around a year. Including preparation, planning, design, and implementation, it was about a year and three months.

We were supported by the Omada project team.

We haven't seen much cost savings yet, so the return on investment could be better. We still have many issues with the IdM system and high consulting costs to maintain and administer this tool.

We did a market study and also checked out some competitors, including Sailpoint and Saviynt. 

We rate Omada Identity Cloud six out of 10. Overall, it's a good solution, but you need to be aware of the effort it takes to implement and maintain the system. We recommend carefully estimating and considering the cost of the implementation and maintenance, to allocate enough resources.
You need to carefully plan and test before going live.

Companies I work with use Omada Identity for compliance and governance purposes. They use the solution to have control over all of their business processes in terms of access control.

For me, the best feature of Omada Identity is its web interface because it's really easy for users to understand.

Omada Identity has two main issues that need to be solved or improved the most. One is its setup or installation process because it's complex and cumbersome. I'm talking about the process for on-premises deployment because I've never tried the cloud version of Omada Identity. Setting up the cloud version should be much easier.

The second area for improvement in Omada Identity is that it's piggybacking on Microsoft's complex way of having all kinds of add-ons, extensions, or setups, whether small or large, such as the new SQL Server, and it's cumbersome to make sure that everything works. Omada Identity is a complex solution and could still be improved.

What I'm expecting in the next version of the solution is a makeover of its user interface. It's supposed to be available in the new version of Omada Identity.

As for additional features, what I'd like to see in the future from the solution is a visual designer of all processes, for example, a visual designer of all the task mappings. I've seen it in Novell Identity Manager before, and it was way easier to understand.

I've been using Omada Identity since 2018.

Omada Identity is a stable solution.

My company had no problems with the scalability of Omada Identity. I've experienced it in a large-scale setting, and the solution works.

My team contacts Omada Identity technical support whenever there's an error or a hiccup. There's a ticketing system you can use for raising issues. On a scale of one to five, where one is bad and five is excellent, my rating for Omada Identity support overall is a four.

The company I first worked with in 2018 looked into the Gartner reports and saw that Omada Identity was good in both of the required categories, plus the solution was under a Danish company and my client was Danish which was a plus, so the company went with Omada Identity.

Omada Identity has a complex setup. How long the deployment takes would depend on how you planned the installation. My best experience was when everything ran smoothly after I had been very thorough and I've taken care of requirements. If you do the planning upfront, the process of installing Omada Identity is rather quick, and you don't get errors, and deployment would take a week or so.

You need to make sure that everything works. Often, when I install the solution, there's more than one system such as the production environment, the test environment, the development environment, the education environment, etc., so planning the setup of Omada Identity takes a long time, but that's okay, and in larger organizations, you're often not alone when installing the solution.

Planning the installation of Omada Identity is mandatory because then you need to have the SQL team working on the databases, the network team handling the firewalls, the web team taking care of the information server, etc., so a lot of people are often involved in larger organizations.

My client deals directly with the Omada Identity team in terms of licensing. I never look at pricing, so I'm not aware of how much the solution costs, but it's worth the money. Often, when you begin to use Omada Identity and it takes a while to set up, it'll be irreversible, and you'd depend on and focus more on the functionality of the solution, rather than its price tag.

I'm a consultant, and the company I'm serving right now uses Omada Identity version 12. I do have hands-on experience with the solution, from version 11 to version 14.

The two companies I serve that use Omada Identity deployed it on-premises.

My client has more than 6,500 hundred users of Omada Identity.

My advice to anyone interested in using Omada Identity is to first contact a consultant who can help you decide on how you'll use the solution. Will you deploy it on the cloud or on-premises? Which systems will be onboarded? What's your workflow and how will you map tasks? How will you define events? You'll have a lot of decisions to make and if you're not knowledgeable about Omada Identity, it'll be hard for you to make the right decisions. You need to know about the product before you can gain the full advantage from it.

If I would rate my overall experience with Omada Identity, I'd give it an eight out of ten. I'm not giving it a ten because it's too complex as a solution, though it does what it intends to do.

I'm a partner of Omada Identity.

We are using it for rights and roles of our users. When we hire a new employee in our municipality, we have their information exported to Omada and, based on which department they are hired for, they will get roles and rights for the IT systems. That's what we use it for right now. We have plans to do more with it, but identity management is a life-long task to enjoy.

The solution is on-premises.

When it comes to IT audits and reviews, before we had Omada there were a lot of findings about employee accounts that were not properly shut down. They were not in the municipality anymore, but they still had an account that was active. And as soon as the auditor found one, he would go further and dig more. Every time he was here, he found something. We had to spend a lot of energy trying to make this situation better. But as soon as we got up an IDM system that automatically shuts down the Active Directory accounts of people who are not employees anymore, this problem totally went away. We don't have this as an issue anymore. And the auditor is very pleased when he hears that we have an identity management system that automatically closes down these accounts.

The solution has helped to reduce the number of helpdesk tickets and requests. While I don't have exact numbers, our statistics show that the number of tickets is going down. However, that's not only because of Omada. There are other areas where we have improved and become more professional and have helped our users.

The most valuable functionality of the solution for us is that when employees stop working for the municipality, they are automatically disabled in Active Directory. Omada controls that 100 percent. They are disabled for 30 days, and after that time Omada deletes the Active Directory account. The same type of thing happens when we employ new people. Their information is automatically imported to Omada and they are equipped with the roles and rights so they can do their jobs. Those are the two main benefits we have at the moment.

The identity governance and administration features are also really good in Omada. There are a lot of possibilities for controlling access rights. We are only using a little bit of all the possibilities in the platform right now, but of course we want to go further and use more of the functionality.

Generally, I find the whole solution to be very good. But the way errors in the system are handled could be improved. If you find an error and you need it fixed, you have to upgrade. It's not like they say, "Okay, we'll fix this problem for you." You have to upgrade. The last time we upgraded, because there was an error in a previous version, we had to pay 150,000 Danish Krone (about $24,000 at the time of this review) to upgrade our systems. This is a very big issue for us because 150,000 Krone is a lot of money. And because we have production, test, and developer environments, we had to upgrade them all. The fact that we can't have an error fixed but, rather, we have to upgrade, annoys us a little. That means that we have to pay to get errors fixed that Omada has made in programming the system. I hope they change this way of looking at things.

We have used Omada Identity since 2018.

We are now at 14.0.6 and its runs very good, - we have no problems.

The scalability of the solution is fine. There are a lot of possibilities to scale from a small business to a big business. You can use part of the system or use the more advanced functionality for creating roles.

We currently have 5,633 employees in the system, and there are 59,000 citizens in our municipality.

We're looking to expand our use of Omada Identity by providing more functionality to the users and the managers in our municipality. Right now, Omada is running in the background. Nobody actually knows that it's there. It's doing its job and people are happy, but no one in our business has access to the platform. We want to make it more visible and to exploit some functionality for the managers, for example, so that they can do more themselves. We also want to have managers do access reviews for all roles they are responsible for. That way, they can say, "Okay, this employee has access to this, this, and this, which is okay. But he also has this right of access and he doesn't need it anymore." This type of access review is something we are still planning to implement, but we are not there yet.

Before Omada, we had a solution called NetIQ. That platform was very expensive and there were modules that we didn't buy. If we were to continue with that system, first we would have had to upgrade it, and that would be very expensive, and we would also have had to buy some extra modules, which were very expensive. So instead of just blindfolding ourselves and ordering an upgrade, we examined the market for IDM systems. We took the best-known and looked at their ratings in industry reviews to see which were at the high-end. We invited them for an interview and a demo of their systems, and Omada scored the highest. That's why we choose them.

When we started with this system, it was Omada that hired some temporary project managers to implement the solution at our place, and they did not do a good job. We found out later that something was just not implemented. For example, if we rehire a former employee, we have no process to handle that in the system. We only found out about this after the original implementation. Today, they use their dealers to implement the system. I don't think Omada itself implements nowadays. Maybe it's better that way, but we were not satisfied with the way that it was implemented originally.

Our deployment was a long story because, in the middle of the implementation, Omada gave up and said, "You can go further with a dealer called ICY Security." They handed over the implementation to this dealer. It's difficult to say exactly how long it took, but if I have to give you a number, we are talking about between six and eight months.

Up until now, it has been our dealer, ICY Security, that has maintained the system. We recently took over maintenance of the system and the databases ourselves. But if there is development needed, it will still be our dealer that helps us with this. The whole area of identity management is complex, but ICY Security is doing a good job to help us grow in this system.

It's a fair price for the on-premises system. Compared with what we had before, it's much cheaper and we get all the modules in one. 

We tried to go with the cloud, but it was far too expensive. We calculated the costs and to go cloud, it would mean four times the expense for us. That was more than we could get budget for. We have had meetings with Omada to tell them that we want to go cloud, because that's our strategy in many other fields, but that the price is way too expensive. We have told them they have to reconsider the price for it because they will never get any customers to go cloud when it's that expensive.

Among the solutions we looked at were SailPoint IdentityIQ, Micro Focus NetIQ, KMD IDM, Ca and 2ndC/Atea.

In scoring the solutions, we focused on user-friendliness. The NetIQ system that we had before was very fixed. You couldn't design it as you wanted. If you adjusted a screen the way you wanted it, there was often something that didn't function. We didn't have the ability to customize it the way we wanted. As a result, the usability of the system was very bad. It was so bad that we couldn't give it to our managers and say, "Here's a platform you can use for self-service." That's why user-friendliness was a significant part of our scoring.

We also wanted to be able to adjust the system ourselves without having to hire consultants. With NetIQ, we had no clue how to do stuff in the system. It was so difficult that we had to call external help every time, and that was not for free. We had to pay every time. Our wish was that, in the next system, we would be able to do minor adjustments ourselves.

And, of course, price was also an issue, not that we needed to buy the cheapest one, but pricing was a parameter that we were looking at. In terms of a reduced total cost of ownership as a result of choosing Omada, I don't have a specific number. Some things are difficult to put a value on. But for sure, we have a better system, a more user-friendly system, and the cost for licenses is much lower. Also, the way that Omada sells the system is that you get the whole package. It's not that you have to buy a module here, and if you need more functionality, you have to buy another module there. You get it all in one purchase. That has also reduced the total cost because we have all the modules.

As for the time it took to get up and running with Omada compared to NetIQ, it's a hard thing to compare because NetIQ was our first IDM system. Before the NetIQ deployment, we had to do a lot of preparation to go into identity management. Implementing Omada was easier, but mostly because we knew more about identity management at that point compared to when we implemented NetIQ.

Finally, identity governance and administration functionality are a lot easier to manage in Omada than in NetIQ. Much easier.

Make sure that all processes are dealt with in Omada. We had some processes that were not described and, therefore, we had problems afterward. The implementation of the system is very important. For example, be sure to have valid and correct data. Garbage in, garbage out. All the work before you push the "Go" button is very important. I think we may have underestimated that when we were implementing Omada.

Our primary use case is for the lifecycle management of employees. In addition to that, we use it to provision accounts and authorizations to target systems. We can do segregate of duties checks based on those authorizations.

The previous tool we had was an old-fashioned, highly customized tool, and their self-service management was a little bit difficult. With Omada, it's a lot easier to give responsibility to the business instead of IT, and that's one of the big changes that it has made. It's not implemented fully, because there is also a cultural change needed in our company, but Omada does make it possible and we are working on it. That's one of the biggest changes.

Before Omada, we only had SAP and one or two cloud tools but now we have around 50 cloud tools. The whole playing field has changed dramatically. The cost of ownership since we started using Omada has increased, but the landscape has changed a lot also, so it can't be compared with the costs of our old solution. 

I don't know how many audit findings, in total, we have been subject to, but Omada reduced that number. I am aware of at least one big finding that Omada helped resolve. 

The landscape is much more complex than it used to be. We had one data center, now we have multiple clouds and we have a lot more tools in the cloud. Everything is
at least in the public cloud. The landscape has changed a lot and things have become much more difficult. If we didn't change to Omada, the help desk cost would be a lot higher. That's one thing for sure.

The thing that I find most valuable is that Omada consists of building blocks, which means that you can configure almost anything you want without using custom code, making it pretty easy to do. It's possible to connect to multiple target systems and to create one role that consists of different permissions in the different target systems. So one role in Omada can make sure that you have an account in three different systems.

We can do more with Omada than the business could have imagined, especially in the area of security. There is a lot of functionality for the segregation of duties. We can make things safer. The hire-to-retire process is also implemented pretty well. With Omada, we can deliver the functionality that the business requires at the moment. In addition, we will probably be able to handle whatever the business may come up with in the coming years.

The backend is pretty good, but the self-service request access screen, the GUI, needs improvement. It's an old-fashioned screen. Also, Omada has reports, but I wouldn't dare to show them to the business because they look like they're from 1995. I know they are working on these things and that’s good, because they’re really needed.

In addition, Omada needs to invest more in its APIs because a lot of companies have API-first strategies. Although it's not Omada's main priority, the APIs they now have are too limited. They need to invest more in making their solution accessible through APIs.

I have been using Omada since August 2017. 

Omada consists of components, some of which are very stable and some that are not. For example, Omada calculates each identity, each persona, to see what they have access to, and that's quite stable. Their import mechanism; however, is too slow and it's too fault intolerant. It crashes once in a while for various reasons. It cannot always handle wrong data input.

You can of course accept a certain error rate or fault rate, but still, sometimes if one thing fails, if there's one wrong object, all the other functionalities are also aborted, which is frustrating if you have 20 new employees starting.

We're on-prem, so scalability in the sense of plugging in extra memory is something we need to do ourselves. For the scalability of its functionality, it's pretty good. You can add new target systems, for example, and new applications. If you want to use new functionality, you can build your own processes that work well.

The only problem with its scalability is the import part because an import for a target system can take quite some time, up to three or four hours. In the end, we can run into an issue where there is more imports to be done than hours we have in a day. But overall, it's pretty scalable.

We have 6,000 employees and we now have around 800 to 1,000 external people who are not in our HR system; they are contractors. We are also managing 64 technical systems from Omada and behind that are around 500 to 600 applications.

In terms of administering Omada, we do almost everything ourselves with two to three FTEs. It's not only operations, but it's also the development of Omada. That is always ongoing because we bring on new target systems that we need to onboard into Omada. We also get different requests for new processes in Omada. We have a partner who helps us at some points, but their role is mostly QA.

If we ask for technical support, it is more because of an incident or things that are not documented properly. If we want to implement something new which isn't documented, our partner might be unable to help because of that. Then we go to Omada. 

If you are contacting them for a major issue, the support is good. If it is a more simple question, it could take up to months to be resolved.

It also depends on us. If we formulate the question correctly, in an extensive way, then most of the time we get an answer pretty quickly. But if we're a little bit vague, they don't know what to do with it and they keep it on the backlog because we don't have a service level agreement on that.

In general, support has improved and evolved in the last couple of years but a big downside of Omada is that if you have, for example, Okta, SailPoint, or Azure AD, you can Google it and find people who ask questions about it. If you Google for anything about Omada, you won't find anything. There isn't a big community. Omada introduced its hub, where you can ask questions, but it's limited to registered users. There are also different hubs for partners, customers, and Omada employees, so not all the information and all questions can be found in one place.

We used a tool called UMRA, User Management Resource Administrator. It's a tool from 2004, and it's a brilliant tool, but it's a little bit outdated. It was a custom tool with everything customized for us, and is fine if you only use Active Directory. But we now have 64 technical systems connected and it wouldn’t be possible for UMRA to handle them, or at least not as quickly as Omada can.

The initial setup should have been straightforward, but because of the SAP implementation at our company, it was still pretty complex. The initial step in the implementation was to hook up our SAP systems to Omada, set up the identity life cycle management and to connect the access rights for SAP systems. Our SAP systems are quite complex and had some technical depth to them, which we needed to solve via Omada, which was horrible. Even though it was a simple setup, it still became pretty complex.

We have seen ROI because we moved to Omada in 2018. We had a new policy that was more cloud-native, and if we did not have Omada we wouldn't have been able to facilitate that. Omada facilitated our company's move to the cloud.

In the past, each tool was the same, they all were custom-built tools, as were UMRA and Omada. But they all evolved or they created new tools. I don't have enough experience with other tools, only a little bit of experience with Okta, and there's a big difference between Okta and Omada. Okta is an authentication tool and not an Identity Governance tool. It's trying to be that, but it's not as far as Omada, it cannot do what Omada can.

My advice would be to put good people from your company in Omada because it is a complex tool and you can do a lot with it, but you won't get all the benefits out of it unless you invest in it on the technical side. Then, on the other end, the business needs to be responsible for IGA.

In general, it doesn't matter which tool you take, it doesn't matter if you take Okta, SailPoint, or One Identity, your business needs to be responsible for IGA. It is important to invest in your IT team so that they can configure Omada because that will give you faster value from the product.

The tool alone is not the solution for everything. You need to have dedicated IT guys on it who can configure it.

What I see with Omada, but also with other companies, is that IGA is falling somewhere between IT and business. A business could be responsible and have no IT guys involved or the other way around. IGA is a complex landscape where the business is responsible for authorizations and segregation of duties and the lifecycle management, but on the other hand, the configuration of IGA tools, like Omada, also gets pretty complex.

When moving to the cloud, you need to have a faster time to market. Identity is the new security parameter and the core security parameter. You need to have people at your company who know what they are doing with Omada and who know how to configure it. They also need to know how to resolve issues if somebody gets hacked. Invest in your people to bring identity at the IGA level of your IT, and also of your business, to a higher level.

Omada offers training and they have documentation of the application on their hub, their community site. I don't think they provide certification, at least not the classic type where you can do an exam. But they have added a lot of training in the last one or two years. They didn't have a lot and now they have a lot more, so that's growing. 

I would rate Omada an eight out of ten.