One Identity Manager Reviews

It manages our Active Directory and SAP user accounts according to HR data and assigns permissions via request or rules.

We create business roles with permissions in different systems and employees can either request those bundles or get them automatically via rules. User creation in all connected systems has been automated. Employees can request permissions through the IT Shop, their manager and permission owners approve the request and the system assigns it - we don't have to wrangle with excel lists of permission assignments anymore.

It is very flexible and adaptable to our needs and the ootb features are also quite comprehensive. The overview sheets are great.

Make logging and debugging easier to find, I never quite know which log to turn on for which use case (just for my tools, for the job service user, etc).

Setting up permissions inside the admin tools could be easier, maybe have some roles already created and configurable, like helpdesk needs to view persons, accounts, requests, but not change anything, maybe be able to set delegations etc. 

More than five years.

Had no major problems. Support is great and quick to help.

Technical support is usually great.

We had a vb script for Active directory user provisioning from HR data. It was outdated and prone to errors. We wanted one solution that could manage Active Directory and SAP accounts.

The initial setup was complex because the product is complex, there's usually more than one way of doing something. It's a steep learning curve. Our project didn't leave lots of time for our internal admins to familiarize themselves with the tools. Support was a great help in the first few months after it went live and without a consultant...

For the migration from 6.1.4 to 8.0.1 we used IT Concepts. Migration went smoothly as our expert and theirs worked closely together.

Provisioning users and permissions has been automated. The IT shop helps spread the load of permission requests and IT personnel can focus on other things than manually assigning those permissions in various systems.

We looked at a few different solutions. Most of them were better suited for only one target system and some had poor add-ons for the other targets we needed. OIM seemed the most balanced and also has connectors for other targets we were planning on using.

We utilize One Identity Manager to manage the employee lifecycle, provision user accounts, administer numerous systems, and maintain a web portal.

One Identity Manager's ability to consolidate tools helps simplify the administration process.

I would rate the UI nine out of ten. The performance and appearance have improved since the new portal was implemented.

With my experience and the help of the user community, customizing One Identity Manager is not difficult.

The business roles feature is easy to use.

We see the benefits of One Identity Manager within weeks of deployment.

One Identity Manager helps minimize governance gaps between test, development, and production servers. An administrator's experience typically correlates with increased ease of use.

One Identity Manager simplifies the process of determining application access. Integration is straightforward for standard systems like Active Directory or Exchange, but connecting custom web applications requires developing a connector, which is time-consuming but manageable for experienced programmers.

One Identity Manager is more reliable than other identity managers. The most valuable features are the behavior, configuration, and customization options.

Using dynamic business roles can degrade the performance of One Identity Manager.

I would like to have better documentation for configuring other Microsoft systems.

I have been using One Identity Manager for almost four years.

One Identity Manager is stable. If it crashes, it is due to human error, not the solution itself.

One Identity Manager's scalability depends on the use of other Microsoft systems, such as SQL and Windows servers.

The deployment is straightforward. The deployment takes between one and two hours and requires one engineer. The overall implementation requires a team consisting of an architect, an analyzer, one or two programs, testers, and an engineer.

We are integrators who implement One Identity Manager for our customers.

I would rate One Identity Manager nine out of ten.

In most cases, the customer doesn't need to do any maintenance.

I install it for other companies, and one of them uses it for custom processes.

Previously, one of our customers didn't have a way to manage their cases, so we created a custom solution for everything. And the best thing is that it's totally secure since it's based on the roles in the customer's Active Directory. It's based on the kinds of roles or groups they assign. It's about what kind of permissions a user has in the IT shop. For example, there are two big groups. One of them has access to critical information, and the other only has permission to read some information. With One Identity Manager, we were able to separate these roles and what each role can do.

And the fact that One Identity Manager helps consolidate procurement and licensing makes things easy.

In addition, it has definitely helped achieve an identity-centric Zero Trust model. If someone is entering the company, we need to make sure that they have the correct permissions, the exact information, and access to that information. It's a must.

The best feature is that it's customizable. For example, we can create any kind of product or custom service within an IT shop and customize it the way our customers need it. For the customers, it's the best. They are happy with it.

We can create a custom policy for a company. We can use a business role for access to a given product and determine what the next process is. For example, if someone requests access to something, the custom policy will show it to the supervisors at each location or redirect it to the user who is responsible.

Also, we use the solution's business roles to map company structure a lot. That's one of the parts that the customer really needed. They wanted a custom role for each of the cases they were creating. They wanted to assign users directly to a business role, and these roles can be assigned to other users in the directory. The business roles feature is critical.

One Identity has another model called Data Governance Edition. It's a very good solution for controlling and applying the concept of CIA (confidentiality, integrity, and availability). It's the best solution for that. We use One Identity Manager with Data Governance. There are shared folders, and a lot of people have access to them. With Data Governance, if someone requests access, based on the kind of permissions they have, Data Governance helps us make this kind of decision.

The user experience is good, but it can be improved. There are a lot of features in the administration part, and they need better documentation. For example, they need to explain the main reason for a feature, and what the tables are in the database. It needs better documentation about all the features that are in the solution.

They have a lot of documentation, not only about the installation processes, but also for the development side. For example, in the new IT shop that is using Angular, there are a lot of functions—more than 1,000—that don't have any information about what they do. The documentation is really important. 

Also, the documentation for the Data Governance Edition must be improved. 

In addition, when tasks are running in a tree, there should be an order. For example, if we have five tasks in a tree, we should be able to say this one is first, and the next is number two, then three, four, five. 

And it's important to have compatibility to use gMSA, group Managed Service Accounts.

I have been working on One Identity Manager for seven months.

It's stable.

It is scalable, for sure.

We use their standard support. They are nice and they are always on the edge, helping us. It's great support.

Positive

We did not have a previous solution.

The main solution takes about six months to deploy. When there are customizations, it takes more time. The amount of time depends on the kind of customization. I don't have an exact number, but we have a sprint every two weeks, and we do our best to deploy what the customers request. Our clients are enterprises.

For deployment, on our end, we require five people.

In terms of maintenance, the main solution is standalone, and there is no maintenance. Once it's running, there is no problem. But maintenance is necessary when a customer wants something else, a customization or a new product.

Our clients have definitely seen a return on investment.

The pricing is okay.

I totally recommend it. If you want to implement life cycle and governance, for sure, it's the best solution.

We using it internally. We are also offering it to our customers as a managed service.

I have heard that the overall security is much better, although we still have slow processes going on within the company. Internally, this is what I have heard, since I work more on the customer side.

Since we are ISO 27001 compliant and GDPR compliant, the product has probably helped with this.

It brings simplicity into complex matters.

I would like some access management features to be added. We have some customers with a small need to do authentication as a service, and there are other solutions on the market which offer this.

It is a large solution where you need to learn how to work in a certain way for it to provide the best benefit. On the other hand, it's really a structured way so you should work in a structure way, as it is a compliant to other frameworks.

I haven't heard any complaints regarding stability. 

There was some slowness when we implemented it, but I haven't heard anything since.

You can scale it quite big, which is good. It has good sizing. 

We have some smaller customers where the solution is too big, but that is an IAM world issue.

We have 15,000 people working for us.

I've been happy with the technical support. When I previously worked in another company implementing One Identity Manager, I was pretty happy with support.

The initial setup for us is quite simple, and we have done some measures internally to make it even easier.

We have used other partners to help with our own implementation. 

We're using it to monitor the customer environments, which has helped us increase employee productivity when it comes to provisioning users and systems.

It has helped to reduce help desk calls quite a lot, since not we are using the Access Manager which looks into our web services. 

I think it's one of the best solutions on the market.

It is a big task to implement alone, so ask a lot of questions if looking to implement.

You can see and do a quite a lot. It is really open in that way, but going out and trying to do stuff which it isn't meant to do, that's much harder. I wouldn't go there. However, it's gives you a good framework to work and build on.

The policy and role management features work. They are getting better all the time. I don't really have a better experience from other solutions.

I am just learning the privileged account governance features and how they work.

We don't have SAP internally. We offer it as a service, as a company, to our customers, but we don't use it.

We are managed service providers, so we cannot have our own private cloud.

We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.

In terms of what I found most valuable in  One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.

A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.

I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.

Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.

I've been using One Identity Manager since 2008.

One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.

Scaling up One Identity Manager is extremely easy.

I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.

We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.

In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.

How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.

I've seen ROI from One Identity Manager.

The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.

We evaluated SailPoint and Saviynt apart from One Identity Manager.

I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.

Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.

My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.

I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool,  the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.

My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.

We use it to control identity and access management in our company.

It has helped when people need access somewhere. It makes it much faster to grant user access. I used to be the one who gave everybody their rights and it took me a few days per week to do it. Now, it's just pressing a button. It's a huge time saver. I don't have to create the users in AD anymore.

All of the systems that we use are in Identity Manager, we didn't have that before. It was hard to even say what kind of systems we were using. Everybody had their own system. When somebody said, "I need to get access to that system," everybody often answered, "Oh, what system is that? Do we have a system like that?" Now, everything is in the same place and they can access so much more, and it's easier to get access.

The solution has also helped to very much simplify compliance. By law, once a year, we have to check what kind of access our users have. For compliance, they can look at everybody's rights because they can see them from Identity Manager. They can look at what kind of rights and access people have and get reports easily. It was very much harder before when we had to make Excel lists.

It has also helped to notably reduce helpdesk calls. Before we had Identity Manager, people called a lot. Now they don't call that much anymore about needing access to something. They can get access, themselves, from the IT shop.

Nobody has to put people in AD groups by hand anymore. It goes automatically and that's very good.

It's also very flexible. It's quite easy to customize and we have customized it a lot. There are many features already in it that you can choose from but you don't have to use everything. You can use just a few features and leave things out.

I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. 

For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.

It has been stable. We haven't had many technical problems at all. Maybe there have been some small issues, but not anything that has been affecting my work. The performance is okay. It works quickly and is stable.

We speak to our consultants. They are our technical support.

We had something we built ourselves, but it was not integrated with anything. It was mostly just a list. 

When the world is changing and getting more technical, people need more access and we needed the ability to check what kind of access people have. There are all the GDPRs and other things that involve our company. We also thought it would be nice to have some automation for AD. I was literally creating people in AD and giving them rights to different places, putting them in AD groups. It was wasting time and, when a person does it, there are probably mistakes and you're not always sure what's happened. There's no tracking of who did what. Now we can track everything.

That initial implementation was a long process. It took about two years from the time we decided to take the product until we had it in production. There was a lot of fixing and thinking and configuration.

Overall, there were about ten people involved in the implementation, but we have two developers who work actively in developing it at our company. And we have about two-and-a-half people who actually work with it.

Upgrades take a while. The last upgrade we did was from version 6 to 8, when we migrated. It wasn't that difficult. It took time but we prepared properly for it, so it went very smoothly. That migration took a weekend or three days, but the preparations were over the course of many months.

We had a lot of customization in version 6, and we had to clean that up so that version 8 would work smoothly and without problems. Then, we changed our consultants as well, so we had new consultants for version 8. They knew the code better and they told us we had a lot of faults in in version 6 that we needed to fix before version 8 because they wouldn't work in version 8 anymore. We cleaned up a lot of systems and users so that we wouldn't take a lot of garbage with us to the new version.

There were two people who did the migration and they had to learn a lot about how to do it. Then we did testing in version 8 to see how everything was working. In the future, the work involved in upgrading will probably be much less because there won't be that big of a gap. In this case we had to first migrate from 6 to 7 and then 7 to 8. It was a very long process, a big project. I don't think we will do that again. I think we will upgrade with smaller gaps in the future, to make it easier.

We looked at one other vendor, but it was some time ago. It might have been something from Microsoft. I don't think we looked at it that seriously because, as I remember, we decided on One Identity quite fast.

It's very good to have a system that handles access rights and a system that you can automate with a lot of other systems like with LDAP and Active Directory. You can probably integrate it with other things as well. For us, it has been a very nice product and we are very happy with it.

The advantages come with many other things that need to be done to use Identity Manager. It takes time to create things and get new systems and features running and to teach people how to use it.

We've heard about the privileged account governance features. We haven't yet started using them but I think we will soon.

Overall, I would rate it at nine out of ten. There are always things to improve on, nothing is ever perfect. I like the product and I think it's nice to work with, but I don't do that too much technical stuff. For everything I do with it, I think it works fine.

We use it to give the right access to the right resources.

It has made us much more effective and efficient in providing access to users and in managing certain processes. It has definitely helped to increase employee productivity when it comes to provisioning users and systems. It's difficult to estimate how much their productivity has increased because we already had some identity management systems. I don't know how much this solution has helped us compared to the other systems, but it has definitely helped.

Workflow management is an important feature. With other identity management products, there was no workflow management so we had to build it ourselves. That's one of the reasons we selected One Identity.

We have also found the solution to be flexible. We can customize a lot of things and arrange most things within the product.

It has also definitely helped simplify compliance.

I would like to see a lot more integration with our platforms, more on the connector side. We are still using version 7.1. There are a lot of new features in 8.1, so we will look forward to using that.

The product is good, it's stable.

I'm relatively new in this role and I haven't figured out how scalable it is. That's one of the use cases I'm working on with my engineers right now.

Technical support is good.

We were using several solutions for access and we finally selected One Identity as the best solution for our purposes. We had a home-grown identity management solution, but because of the complexity of it we selected One Identity Manager as our future-looking identity management product. 

The setup was complex but it was mostly because of our environment. We have a very complex environment. We have a lot of ancient systems.

All the big ones were on our list. We chose One Identity because of the possibilities that were already present in the system. There were more than in the other ones.

It's a good product which provides great opportunities.

Regarding the policy and role management features, I hear they're good. I don't know that part as well, but I have heard from the engineers they're pretty okay.

We have integrated One Identity Manager with SAP, but we're moving from SAP as an HR system to the Workday system. We're in the middle of that integration right now. The original integration with SAP was done before I started using the product, but I from what I heard it was pretty okay. But you have to have a lot of knowledge of One Identity Manager before you can start implementing it, and knowledge of it is a bit of a problem.

The solution hasn't yet impacted our cloud strategy because we are not working hard on cloud strategy right. We're thinking about moving some pieces but we have not yet implemented it.

We know that version 8 is much better than the version 7 we use. But the version we use is about a seven out of ten because we have had some real difficulties with the integration part, from the old systems.

The primary use case for One Identity Manager is for managing identities.

One Identity Manager helps with role-based access and compliance. These are the two main advantages of One Identity Manager. In addition to identity governance, One Identity Manager supports attestation, filtration, and auditing.

One Identity Manager is very customizable. We are able to customize it as per the customer's requirements. However, when you have a lot of customization, it requires a skilled resource with a coding background. I would rate it an eight out of ten from that aspect.

It has enabled application owners or line-of-business managers to make application governance decisions without IT. Each application or role is tagged with an owner, and this owner has the privilege to manage.

We use business roles to map company structures for dynamic application provisioning. This capability is very important for us.

We have integrated the solution with AWS. This integration is very important because the infra of the organization is managed on the cloud.

One Identity Manager is very customizable to meet customer requirements. We can write custom code as per customer requirements.

Role-based access is also very valuable.

The implementation of the tool and management on the infra side is a bit difficult. They can simplify implementation and management, making it easier for more customers. Other market tools have better implementation capabilities.

I have been using One Identity Manager for three and a half years.

The stability of One Identity Manager is very good. I would rate it a ten out of ten for stability.

I would rate it a seven out of ten for scalability.

Our clients are medium-sized businesses, but we have had organizations with 1,00,000 users.

I would rate their support a seven out of ten. There are other vendors in the market that provide better support. We use regular support.

Neutral

I have used other vendors like SailPoint. One Identity Manager stands out in customization compared to SailPoint, but SailPoint is better in terms of implementation.

The initial setup was mostly straightforward. Only in certain areas, it was complex.

The deployment duration depends on the organization and the customization they want. It usually takes three to four months for a standard deployment without any customizations.

It requires maintenance on a regular basis. Mostly, it requires monthly maintenance.

I would recommend this solution depending on the environment and customization requirements of users. I would recommend it only if it meets the requirements of an organization.

I would rate One Identity Manager an eight out of ten.