One Identity Manager Reviews

We're using One Identity as the identity management solution for the staff of a large insurance company with around 50,000 employees globally. 

One Identity enables us to provide users with permissions for only the roles that they need. We can use segmentation to ensure that users don't have roles that can cause trouble in the business. It took a few years before we could fully realize the benefits of the solution. 

The solution helps us minimize gaps in governance coverage between test and production servers. We've customized the solution to give us consistency in security between privileged and standard users. You can define different policies for categories of users. For example, you can require safer passwords for users in critical roles or make them change passwords at regular intervals. 

One Identity streamlines application permission management. It also facilitates application compliance and auditing. It reduces the amount of work involved because we can automate a lot of the processes and guarantee that the company's rules are correctly implemented. 

One Identity is easy to integrate. It isn't easy to use, but it can be extended. It has out-of-the-box integration capabilities for small companies. It can be integrated with many different systems, such as SAP, and the out-of-the-box configurations offer extensive visibility. 

The solution provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts. That's the primary purpose of this product, and it works. 

With almost 10 years of experience with the product, I understand the product and how it works, but I cannot speak from the end-user perspective. However, we can customize the solution and do our best to make it user-friendly. It offers different levels of customization. Experienced developers can perform some advanced customizations, but it can also be customized on a very basic level. You can customize almost everything. 

I would like to integrate automated testing with One Identity, and it would be great to have some support from the vendor on here.

I have used One Identity for nearly 10 years.

One Identity is stable. 

One Identity is scalable. 

I rate One Identity support eight out of 10. We have premium support, which gives us more access to the vendor to change records, open tickets, etc. 

Positive

I used IBM Tivoli Identity Manager many years ago. This product no longer exists and hasn't been around for a long time. 

Our initial deployment was about 10 years ago, so I don't remember it too well, but there were always problems. The total deployment time is several months, and it requires around 10 people. We have a huge development team comprising around 50 development teams. We also have various other teams working on the project. Altogether, it's around 700 people. 

It manages our Active Directory and SAP user accounts according to HR data and assigns permissions via request or rules.

We create business roles with permissions in different systems and employees can either request those bundles or get them automatically via rules. User creation in all connected systems has been automated. Employees can request permissions through the IT Shop, their manager and permission owners approve the request and the system assigns it - we don't have to wrangle with excel lists of permission assignments anymore.

It is very flexible and adaptable to our needs and the ootb features are also quite comprehensive. The overview sheets are great.

Make logging and debugging easier to find, I never quite know which log to turn on for which use case (just for my tools, for the job service user, etc).

Setting up permissions inside the admin tools could be easier, maybe have some roles already created and configurable, like helpdesk needs to view persons, accounts, requests, but not change anything, maybe be able to set delegations etc. 

More than five years.

Had no major problems. Support is great and quick to help.

Technical support is usually great.

We had a vb script for Active directory user provisioning from HR data. It was outdated and prone to errors. We wanted one solution that could manage Active Directory and SAP accounts.

The initial setup was complex because the product is complex, there's usually more than one way of doing something. It's a steep learning curve. Our project didn't leave lots of time for our internal admins to familiarize themselves with the tools. Support was a great help in the first few months after it went live and without a consultant...

For the migration from 6.1.4 to 8.0.1 we used IT Concepts. Migration went smoothly as our expert and theirs worked closely together.

Provisioning users and permissions has been automated. The IT shop helps spread the load of permission requests and IT personnel can focus on other things than manually assigning those permissions in various systems.

We looked at a few different solutions. Most of them were better suited for only one target system and some had poor add-ons for the other targets we needed. OIM seemed the most balanced and also has connectors for other targets we were planning on using.

I am a consultant for One Identity Manager and implement it for clients. They use it for ordering permissions, attestation of permissions, and reporting on permissions.

Customers use One Identity Manager to manage SAP. SAP integration is very important because clients have critical business processes in SAP systems. Governance of SAP users and permissions is important.

One Identity Manager is a good solution for providing a single platform for enterprise-level administration and governance of users, data, and privileged accounts. You have a view of all the users, permissions, and connected systems, and you can have a whole range of connected systems such as Active Directory, SAP, Entra ID, Exchange Online and others. You can import identities from HR systems or create them manually and join them with their accounts and permission. It gives you a view of the permissions and roles people have in different target systems. You can combine that with roles that are automatically populated through inheritance. You can also combine it with attestation so that you have an approval process for those rights. You can basically check that they are not assigned forever or when not needed.

Customers use One Identity Manager's business roles to assign permissions based on membership in organizational structures, such as departments, locations, job functions. This functionality is very important because you can model your business as a hierarchy and inherit permissions and accounts along with this hierarchy. It is a good solution to assign permissions automatically. For example, if you have different locations for your business, you can model those locations in the business roles and assign people to those roles automatically through HR import. That makes life easy and gives you a graphical view of that structure in One Identity Manager. For people who are not too technical, it makes it easy to understand how permissions are inherited.

It gives an overview of licenses. For example, in One Identity Manager, you can have an overview of Office 365 licenses being used. Apart from that, you can see how many and which accounts are being used, but it is not a license management tool.

Attestations help you determine if someone should have a certain permission or not. You can also have recurring attestation where, for example, a manager can decide if certain permissions are needed for certain people. For compliance, you can implement segregation of duties where you can specify that if you have permission A, the users cannot have permission B.

For auditing, you can see the permissions and the accounts people have, but it is a view from a certain point in time. There might be some gaps or synchronization delays between One Identity Manager and the target system, such as SAP. For auditing or a tracing without any gaps, you need tools that monitor permissions in those systems in real-time, similar to Change Auditor from Quest.

It helps to create a privileged governance stance to close the security gap between privileged users and standard users. You can have different types of identities. You can have a person with a non-privileged identity and also a privileged identity. It helps to separate those, but at the same time, you can see what kind of permissions a person has in total. You have a view of both the non-privileged and privileged identities.

It is very comprehensive. There are a lot of features in the product. The strong points are that you can model your organization in One Identity Manager and create roles. There is a Webshop where end users can order permissions and accounts. These are its strong points.

What is missing is a mobile user interface for the end-users so that they can do simple things on their mobile phones on the go. 

The time it takes to synchronize a large target system is often significant, often taking multiple hours. That is something that could be improved. I am aware that it is often due to the performance of the target systems, but it is a problem in day-to-day operations to have slow synchronization.

I have been using it for 12 years now.

It is stable. I would rate it a nine out of ten for stability.

One Identity Manager has improved in terms of performance and added functionality. There is better stability. They have invested in more modern web interfaces and are moving to the cloud as well. You can run it on prem, in your own private cloud, or you can have a SaaS solution nowadays.

It is scalable. I would rate it an eight out of ten for scalability. I have seen it work well in large environments.

There are different support tiers, some with 24/7 support and a dedicated technical account manager.  

If you have outages or critical production problems, you can count on the manufacturer to help resolve the situation. Minor questions are not always treated as fast as one would wish, but for the critical stuff, you can rely on them.

Positive

Its implementation effort depends on what you want to achieve, but it is not straightforward. You need solid knowledge of One Identity Manager. You also need a good strategy and information about what you want to achieve with One Identity Manager, how you want to connect to your target system, and what kind of processes you want to have in One Identity Manager.

But you can rely on the manufacturer and partners to help you with that.

In terms of maintenance, you have to update it regularly to be in support. Otherwise, after some time, there would not be any support from the manufacturer. Also, the manufacturer is fixing bugs and extending the product, so it makes sense to be current with the software.

As a consultant, I help the in-house team deploy the solution.

It saves an enormous amount of time. If you do not see it as purely an Identity Management tool but as a possibility to automate processes in the company, it provides a huge amount of value. If you use it the right way and think of which processes in terms of Identity Management you can automate, it will save a whole lot of time. 

The time savings depend a bit on what you are automating. For example, if you can automate assigning accounts and permissions by making use of the organizational structure and let managers order permissions through the web shop, you accelerate your business processes and reduce the amount of manual labour involved. 

My clients have been using it for a long time now. They have looked at other products as well, so it seems worth the price.

One Identity Manager is the most complete offering because you have the connection to the target systems and you have inheritance, which is powerful and not something every other vendor has. They have a Webshop with approval processes for ordering accounts and permissions. It is a complete package, and you get all this in one product. In terms of functionality, it is very good compared to other products on the market.

If you are a user, it is not too difficult to get into it. You have to be familiar with the concepts of Identity Management, as well as inheritance of roles and permissions and how to use the tools. It is manageable. If you want to be a developer in Identity Manager, that is a different thing because it takes way longer to get into. For example, the new web portal has an Angular web front. If you have Angular web development skills, you can more or less get straight into it.

One Identity Manager has a certain complexity, and it is not always easy. From an end-user perspective, there is a web interface to request permissions, reset your password, or manage your account in some aspects. However, when you get into the management of One Identity Manager itself, you need some knowledge, and it is not always straightforward. It is complex.

When it comes to customization, the ease depends on what you want to customize. Certain aspects of the product are easy to customize. You do not need programming knowledge, or you can do it with minimal programming knowledge. For some aspects, you need programming expertise in Angular or other programming languages, such as .net. You need to have a good grasp of how the Identity Manager works.

My recommendation is to first determine your needs and then look for a product that addresses them. One Identity Manager is a big product that provides lots of functionality. If you do not need lots of features, you could go for a SaaS solution, maybe also from One Identity.

Set up a strategy and do a proof of concept. Validate some of the requirements to see if it is a good fit and implement One Identity Manager if you are satisfied with the PoC.

Overall, I would rate One Identity Manager a nine out of ten.

We utilize One Identity Manager to manage the employee lifecycle, provision user accounts, administer numerous systems, and maintain a web portal.

One Identity Manager's ability to consolidate tools helps simplify the administration process.

I would rate the UI nine out of ten. The performance and appearance have improved since the new portal was implemented.

With my experience and the help of the user community, customizing One Identity Manager is not difficult.

The business roles feature is easy to use.

We see the benefits of One Identity Manager within weeks of deployment.

One Identity Manager helps minimize governance gaps between test, development, and production servers. An administrator's experience typically correlates with increased ease of use.

One Identity Manager simplifies the process of determining application access. Integration is straightforward for standard systems like Active Directory or Exchange, but connecting custom web applications requires developing a connector, which is time-consuming but manageable for experienced programmers.

One Identity Manager is more reliable than other identity managers. The most valuable features are the behavior, configuration, and customization options.

Using dynamic business roles can degrade the performance of One Identity Manager.

I would like to have better documentation for configuring other Microsoft systems.

I have been using One Identity Manager for almost four years.

One Identity Manager is stable. If it crashes, it is due to human error, not the solution itself.

One Identity Manager's scalability depends on the use of other Microsoft systems, such as SQL and Windows servers.

The deployment is straightforward. The deployment takes between one and two hours and requires one engineer. The overall implementation requires a team consisting of an architect, an analyzer, one or two programs, testers, and an engineer.

We are integrators who implement One Identity Manager for our customers.

I would rate One Identity Manager nine out of ten.

In most cases, the customer doesn't need to do any maintenance.

I install it for other companies, and one of them uses it for custom processes.

Previously, one of our customers didn't have a way to manage their cases, so we created a custom solution for everything. And the best thing is that it's totally secure since it's based on the roles in the customer's Active Directory. It's based on the kinds of roles or groups they assign. It's about what kind of permissions a user has in the IT shop. For example, there are two big groups. One of them has access to critical information, and the other only has permission to read some information. With One Identity Manager, we were able to separate these roles and what each role can do.

And the fact that One Identity Manager helps consolidate procurement and licensing makes things easy.

In addition, it has definitely helped achieve an identity-centric Zero Trust model. If someone is entering the company, we need to make sure that they have the correct permissions, the exact information, and access to that information. It's a must.

The best feature is that it's customizable. For example, we can create any kind of product or custom service within an IT shop and customize it the way our customers need it. For the customers, it's the best. They are happy with it.

We can create a custom policy for a company. We can use a business role for access to a given product and determine what the next process is. For example, if someone requests access to something, the custom policy will show it to the supervisors at each location or redirect it to the user who is responsible.

Also, we use the solution's business roles to map company structure a lot. That's one of the parts that the customer really needed. They wanted a custom role for each of the cases they were creating. They wanted to assign users directly to a business role, and these roles can be assigned to other users in the directory. The business roles feature is critical.

One Identity has another model called Data Governance Edition. It's a very good solution for controlling and applying the concept of CIA (confidentiality, integrity, and availability). It's the best solution for that. We use One Identity Manager with Data Governance. There are shared folders, and a lot of people have access to them. With Data Governance, if someone requests access, based on the kind of permissions they have, Data Governance helps us make this kind of decision.

The user experience is good, but it can be improved. There are a lot of features in the administration part, and they need better documentation. For example, they need to explain the main reason for a feature, and what the tables are in the database. It needs better documentation about all the features that are in the solution.

They have a lot of documentation, not only about the installation processes, but also for the development side. For example, in the new IT shop that is using Angular, there are a lot of functions—more than 1,000—that don't have any information about what they do. The documentation is really important. 

Also, the documentation for the Data Governance Edition must be improved. 

In addition, when tasks are running in a tree, there should be an order. For example, if we have five tasks in a tree, we should be able to say this one is first, and the next is number two, then three, four, five. 

And it's important to have compatibility to use gMSA, group Managed Service Accounts.

I have been working on One Identity Manager for seven months.

It's stable.

It is scalable, for sure.

We use their standard support. They are nice and they are always on the edge, helping us. It's great support.

Positive

We did not have a previous solution.

The main solution takes about six months to deploy. When there are customizations, it takes more time. The amount of time depends on the kind of customization. I don't have an exact number, but we have a sprint every two weeks, and we do our best to deploy what the customers request. Our clients are enterprises.

For deployment, on our end, we require five people.

In terms of maintenance, the main solution is standalone, and there is no maintenance. Once it's running, there is no problem. But maintenance is necessary when a customer wants something else, a customization or a new product.

Our clients have definitely seen a return on investment.

The pricing is okay.

I totally recommend it. If you want to implement life cycle and governance, for sure, it's the best solution.

We using it internally. We are also offering it to our customers as a managed service.

I have heard that the overall security is much better, although we still have slow processes going on within the company. Internally, this is what I have heard, since I work more on the customer side.

Since we are ISO 27001 compliant and GDPR compliant, the product has probably helped with this.

It brings simplicity into complex matters.

I would like some access management features to be added. We have some customers with a small need to do authentication as a service, and there are other solutions on the market which offer this.

It is a large solution where you need to learn how to work in a certain way for it to provide the best benefit. On the other hand, it's really a structured way so you should work in a structure way, as it is a compliant to other frameworks.

I haven't heard any complaints regarding stability. 

There was some slowness when we implemented it, but I haven't heard anything since.

You can scale it quite big, which is good. It has good sizing. 

We have some smaller customers where the solution is too big, but that is an IAM world issue.

We have 15,000 people working for us.

I've been happy with the technical support. When I previously worked in another company implementing One Identity Manager, I was pretty happy with support.

The initial setup for us is quite simple, and we have done some measures internally to make it even easier.

We have used other partners to help with our own implementation. 

We're using it to monitor the customer environments, which has helped us increase employee productivity when it comes to provisioning users and systems.

It has helped to reduce help desk calls quite a lot, since not we are using the Access Manager which looks into our web services. 

I think it's one of the best solutions on the market.

It is a big task to implement alone, so ask a lot of questions if looking to implement.

You can see and do a quite a lot. It is really open in that way, but going out and trying to do stuff which it isn't meant to do, that's much harder. I wouldn't go there. However, it's gives you a good framework to work and build on.

The policy and role management features work. They are getting better all the time. I don't really have a better experience from other solutions.

I am just learning the privileged account governance features and how they work.

We don't have SAP internally. We offer it as a service, as a company, to our customers, but we don't use it.

We are managed service providers, so we cannot have our own private cloud.

We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.

In terms of what I found most valuable in  One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.

A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.

I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.

Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.

I've been using One Identity Manager since 2008.

One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.

Scaling up One Identity Manager is extremely easy.

I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.

We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.

In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.

How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.

I've seen ROI from One Identity Manager.

The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.

We evaluated SailPoint and Saviynt apart from One Identity Manager.

I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.

Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.

My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.

I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool,  the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.

My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.

We use it to control identity and access management in our company.

It has helped when people need access somewhere. It makes it much faster to grant user access. I used to be the one who gave everybody their rights and it took me a few days per week to do it. Now, it's just pressing a button. It's a huge time saver. I don't have to create the users in AD anymore.

All of the systems that we use are in Identity Manager, we didn't have that before. It was hard to even say what kind of systems we were using. Everybody had their own system. When somebody said, "I need to get access to that system," everybody often answered, "Oh, what system is that? Do we have a system like that?" Now, everything is in the same place and they can access so much more, and it's easier to get access.

The solution has also helped to very much simplify compliance. By law, once a year, we have to check what kind of access our users have. For compliance, they can look at everybody's rights because they can see them from Identity Manager. They can look at what kind of rights and access people have and get reports easily. It was very much harder before when we had to make Excel lists.

It has also helped to notably reduce helpdesk calls. Before we had Identity Manager, people called a lot. Now they don't call that much anymore about needing access to something. They can get access, themselves, from the IT shop.

Nobody has to put people in AD groups by hand anymore. It goes automatically and that's very good.

It's also very flexible. It's quite easy to customize and we have customized it a lot. There are many features already in it that you can choose from but you don't have to use everything. You can use just a few features and leave things out.

I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. 

For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.

It has been stable. We haven't had many technical problems at all. Maybe there have been some small issues, but not anything that has been affecting my work. The performance is okay. It works quickly and is stable.

We speak to our consultants. They are our technical support.

We had something we built ourselves, but it was not integrated with anything. It was mostly just a list. 

When the world is changing and getting more technical, people need more access and we needed the ability to check what kind of access people have. There are all the GDPRs and other things that involve our company. We also thought it would be nice to have some automation for AD. I was literally creating people in AD and giving them rights to different places, putting them in AD groups. It was wasting time and, when a person does it, there are probably mistakes and you're not always sure what's happened. There's no tracking of who did what. Now we can track everything.

That initial implementation was a long process. It took about two years from the time we decided to take the product until we had it in production. There was a lot of fixing and thinking and configuration.

Overall, there were about ten people involved in the implementation, but we have two developers who work actively in developing it at our company. And we have about two-and-a-half people who actually work with it.

Upgrades take a while. The last upgrade we did was from version 6 to 8, when we migrated. It wasn't that difficult. It took time but we prepared properly for it, so it went very smoothly. That migration took a weekend or three days, but the preparations were over the course of many months.

We had a lot of customization in version 6, and we had to clean that up so that version 8 would work smoothly and without problems. Then, we changed our consultants as well, so we had new consultants for version 8. They knew the code better and they told us we had a lot of faults in in version 6 that we needed to fix before version 8 because they wouldn't work in version 8 anymore. We cleaned up a lot of systems and users so that we wouldn't take a lot of garbage with us to the new version.

There were two people who did the migration and they had to learn a lot about how to do it. Then we did testing in version 8 to see how everything was working. In the future, the work involved in upgrading will probably be much less because there won't be that big of a gap. In this case we had to first migrate from 6 to 7 and then 7 to 8. It was a very long process, a big project. I don't think we will do that again. I think we will upgrade with smaller gaps in the future, to make it easier.

We looked at one other vendor, but it was some time ago. It might have been something from Microsoft. I don't think we looked at it that seriously because, as I remember, we decided on One Identity quite fast.

It's very good to have a system that handles access rights and a system that you can automate with a lot of other systems like with LDAP and Active Directory. You can probably integrate it with other things as well. For us, it has been a very nice product and we are very happy with it.

The advantages come with many other things that need to be done to use Identity Manager. It takes time to create things and get new systems and features running and to teach people how to use it.

We've heard about the privileged account governance features. We haven't yet started using them but I think we will soon.

Overall, I would rate it at nine out of ten. There are always things to improve on, nothing is ever perfect. I like the product and I think it's nice to work with, but I don't do that too much technical stuff. For everything I do with it, I think it works fine.