One Identity Manager Reviews

One of the key use cases is certifications for SOX applications. Another is centralized onboarding and offboarding. Another use case is the Self Service using the IT Shop, which gives us a repository of entitlements that people can request and then have the approval workflows, and document the approvals for SOX and other regulatory requirements.

The appliances we use for this solution are VMs. We went with that version because we're forced to. We're not allowed to use physical hardware. Our infrastructure group requires us to use VMs.

The process prior to One Identity was very manual for certification for SOX applications, using Excel spreadsheets etc. We were able to automate that process. Right now we're doing approximately 250,000 automated attestations every quarter. The time it takes to do those is greatly reduced. For example, with our financial system, reviews used to take two-and-a-half months to complete and now we have 90 percent compliance within two days. 

When it comes to onboarding and offboarding, prior to our launching of One Identity Manager, users were provisioned disparately across the globe in all of our offices. There was no consistency or structure. We have centralized that and it's based on the HR data for new hires. And more importantly for "leavers" — and that was always an audit point, for not catching the leavers — we have a feed from Oracle as well that promptly disables access on the user's last day of work. That is a key use case.

In terms of integrations, we have a custom connector with our ERP system, JD Edwards. The process to build the connector was lengthy. It took us about six months. It was not easy. But with it in place, we improved the time for doing the recertifications. Once they saw the efficiency of the attestations for that, everyone was wanting to get on board with other apps as well.

The most valuable features include the 

• automated attestations or recertification
• IT Shop, which reduced calls to the help desk by 60 percent from users not having to contact someone to request access to something. Now, they go to the Self Service portal. 

Those two are the biggest wins.

In addition, when it comes to usability and functionality, users are always the most difficult to please. But when we went to version 8, we actually had zero negative feedback. We had people who were praising the UI of the new version. It was very well received. We had no pushback or anything negative that we had to address.

Another huge win is that a lot of our producers and salespeople are constantly on the road, and making them log into a portal for approval was very difficult. Once we implemented the approval feature, those users were extremely happy with it. It saves time and helps the end-users to become productive sooner because they can do the approvals.

There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking. 

Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.

We've been using One Identity Manager since 2013.

Once we went to version 8 it became very stable. Version 6 had a lot of issues with performance. But all of those were resolved with the new infrastructure and table structures. We are never down. We are 99.999 up.

One of the reasons we bought One Identity was for scalability because we grow through acquisitions. We have about 40,000 internal users currently, but two years ago we only had 20,000. We knew that we would grow and would have to have something that would grow with us.

We have really good support. We tend to deal with one support person in particular, so he knows our environment well. We have a great relationship with their support in general.

Avatier was our previous solution. It couldn't scale with us. It was for a company with one domain, but we have about 12 domains and one forest. Even though it sat on a .NET framework, we could not do our own development so we were constantly going back to the vendor for enhancements.

The initial setup was straightforward. It's really easy to install. The out-of-the-box functions really are out-of-the-box. You're not having to do a lot of custom development. 

This is our second-generation tool, our first generation being Avatier. With our use cases already defined in that — and that's probably the longest thing that it will take to get done to get across the finish line — we had One Identity up and running within less than three months.

Because we have multiple divisions around the world, we broke up our implementation by region and then by division within those regions. We would launch a division and then leave a week between and then launch the next one so that we always had time in between. That's one of the things that I tell people: Do not do a big-bang launch because it will not be successful. You have to do a rolling launch, in my opinion.

When it came to training, we broke it up into the various populations. We did end-users, we did managers, and we did requesters. We developed that training internally. We did on-demand training modules as well as live training. From an engineering perspective, I did send engineers to One Identity. However, out-of-the-box, it was pretty straightforward. Based on the knowledge transfer from Professional Services, they were able to adequately manage the tool.

For our initial implementation, we used One Identity's Professional Services. Our experience with them was good. They knew the system and they were able to deploy our use cases.

Our migration project with iC Consult happened about two years ago. We were on version 6 and we had just started to undertake a move to version 7 but 8 had come out. We decided to go ahead and jump from 6 to 8. The reason we decided to do so was that that migration took nine months and, while version 7 did not have a UI change, 8 was going to have a UI change and we could not put our users through two upgrades. We had to think about our end-users and jumped straight to 8.

But iC Consult is phenomenal. I recommend them a lot. Many of their consultants and engineers came from the original Volcker Informatiks, which created the tool that we see today. Their employees have fundamental, foundational knowledge of the tool inside and out. They had the scripts, they knew the tables that needed to be restructured, inside and out. It was just an amazing, smooth process. I have colleagues who have fired up to three partners, in trying to get themselves migrated off of 6 to 7, because they were not successful. They are still on 6 and are trying to get funding — because they've thrown away so much money — so they can get iC Consult to come in because iC Consult just knows its stuff around the tool so well.

Our experience with iC Consult was outstanding. They were very involved. During our go-live weekend, Ulli, who is CEO of the Americas now, was pulled onto another project. They felt confident we would get through it without him, but at their own cost they sent another engineer to the US to be here during the migration. They were always very thoughtful around making sure that it would be successful and that we felt confident that the right resources were available.

Because of their knowledge, the iC Consult consultants were able to hit the ground running. So many consulting companies will come in and it takes them a while to get the lay of the land. They've got junior people on the account. We did not have that experience, thank goodness. I had come from a consulting company that was renowned for just not putting the best resources on projects and thus it stumbled and failed. The iC Consult consultants' maturity levels and their knowledge around the tools allowed them to hit the ground running with no issues.

We were completely satisfied. We have used them continuously since then. I have a very lean team — I only have three engineers to handle the global program. So iC Consult will do special projects that we just don't have the time to focus on. They can go off, uninterrupted, and handle those for us.

We have seen return on our investment with this solution, especially, as I mentioned, regarding the attestation recertification. The time that people have to focus on their real jobs and not spend it doing recertifications is huge.

We had gone into PoC, originally, with Avatier, CA, and Quest. But Volcker had been purchased by Quest soon after. We liked Quest, we liked our salesperson and when the tool began to grow and when we re-org'd and I was allowed to choose a different tool, we decided to do a PoC.

From a cost perspective, One Identity has the biggest bang for the buck. We do not have a large team and I cannot spend a lot on services. I wouldn't even look at the likes of IBM and Oracle because I know how expensive they would be.

It isn't just this product. IAM projects never come in on time or on budget. It's just the nature of the beast. But definitely have your use cases thoroughly defined. If you have those, the configuration will come rather easily.

Even though customization is available, you need to be aware of the dependencies and the other features that may be negatively impacted if you don't do best practices. You want to make sure that you're using best practices and not just configuring something because that's the way it's done in your company. That could negatively impact the other features that do adhere to best practices.

We are tech consultants who deploy One Identity for our clients. Our clients use One Identity for provisioning and deep provisioning users. It is also used for the recertification process and access review. We have integrated One Identity for 15 to 20 clients. Soon, we expect to deploy it for another five to 10. 

The performance could be better. I also think One Identity could improve its documentation for developers. Many of One Identity's features aren't fully documented. We don't have enough information on how to use them.

I have used One Identity Manager for the past six years.

I rate One Identity nine out of 10 for stability.  We haven't seen any downtime. It has worked smoothly since it went into production. 

Deploying One Identity can be straightforward or complex depending on the environment. The time needed to deploy varies with the scope of the project.

We typically have some meetings with the client to understand what they need to integrate with One Identity. We develop custom connectors and move to the production stage if everything is working. 

I rate One Identity Manager eight out of 10. My recommendation to new users is to be patient because it's hard to understand without adequate documentation. It gets easier with time and practice. 

My company has a lot of use cases for One Identity Manager. In my previous company, I've been maintaining the tool, so I used to go to clients who needed improvements and support in terms of provisioning, and I provided those services. Now, in my current company, I'm in the Identity Management team, and my company is using its old Identity system with One Identity Manager, particularly for provisioning, access management, compliance, and certification, apart from identity management.

In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a really stable system which I like.

Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out.

The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager.

I've been using One Identity Manager for three and a half years.

Stability is one of the main qualities of One Identity Manager. It could run even if people go on a holiday for weeks, and nobody would be worried about the tool breaking down. One Identity Manager could work for months even if you don't look at it or check it. It's a well-designed tool.

One Identity Manager is a scalable tool and its scalability is one of the reasons why my company chose it. The tool is capable of evaluation, and it has a lot of different connectors that come out of the box, so as soon as you know what you're doing, it's easy to extend the parameter and add new target systems to it. With One Identity Manager, you can have systems ready for future use. My company has never reached a point where it says: "Okay. There's nothing more you can do with this tool."

I've contacted the support team for One Identity Manager several times. For level one support, particularly when something is broken and I need help, the team's been really quick and accurate. Most of the time, I get the first answer or first contact resolution in less than half an hour as written in the contract, and the support team has really found a quick solution. Every time I face an incident, the team finds a solution to it within an hour. Sometimes it could take a few hours to resolve which is when the One Identity Manager support team provides new patches to implement, for example, the issue started at seven at night and patching would be done at eight in the morning the next day.

For major incidents, I would rate support a five out of five, but if it's just a little incident that does very little harm and is in development, issue resolution would take longer. The support team for One Identity Manager handles major incidents perfectly, so I have no complaints, but if you just have a little incident that appears on your development system and is not really that important, it could take days and days before a technician is sent onsite. This is why my company prefers to work with a partner that is more open to decision, and though the One Identity support team is really there to save your life, it's not there for every incident or situation that you come across.

My company decided to use One Identity Manager because of the large variety of connectors available that lets you connect everything you need, even for future use, as well as the reputation of One Identity Manager in terms of stability. Another reason for choosing the tool is the online forum and YouTube channel that allow engineers to learn more about One Identity Manager without the need to ask a partner each time, so you can be independent of the vendor or partner. The support you get is also another reason my company went with the tool.

Whether the initial setup for One Identity Manager is easy or difficult is hard to say because of other systems that have less functionality but are easier to deploy, and you won't face the same challenges that you'd face when setting up One Identity Manager. It's recommended for you to have knowledgeable engineers who can support you during the setup, especially if you don't have the knowledge on how to set the tool up. Setting up the tool may not be as easy, but considering all the things One Identity Manager can do for you, it's not such a big deal.

If you just want to basic features to be up and running with One Identity Manager, deployment could take a few weeks, for example, if you just want to use an authoritative source and have provisioning, active directory, exchange, and other basic features set up in your company. For a company that has really stable jobs to provision, with role mining that isn't difficult, the tool could be ready and working within a few weeks, but for a large company with a really, really large variety of jobs and regulations, deployment of One Identity Manager could take a few months.

You can get ROI from One Identity Manager. It's worth the money because my company wants to be agile, and if tomorrow, the head of the company says, "Okay, let's open a new area," with One Identity Manager, I can say, "Okay. If you say there'll be three hundred people, tomorrow, I'm able to create accounts with the rules needed for those to work, and it won't be a mess."

With One Identity Manager, even inexperienced people in the team can easily understand how each role works, and if you have a great conception of each role, you can just hire or transfer within days without being worried about whether or not each person has everything he needs to work.

I'm unable to discuss licensing costs for One Identity Manager.

I'm using the latest version of One Identity Manager.

In my company, the tool is still in the deployment stage, but within a few months, all people in the company will be users of One Identity Manager, particularly the portal. There'll be about five thousand users of the tool within my company.

My advice to anyone using One Identity Manager for the first time is to make an audit on your company with an independent partner to be sure if you need the tool because One Identity Manager won't be worth it for every company. You have to match it to your needs, or else you'll never get your money's worth. For example, in a stable company or one that has similar jobs, the tool won't be used a lot. If you have three to ten job types and all of those would be the same after many years, One Identity Manager won't be the tool you need. You can just go for a cheaper tool that can do the job for you, but if you have a complex company and you have to face a lot of regulations, and if you want to adapt more quickly, One Identity Manager is a good choice.

I'm rating One Identity Manager nine out of ten because it fits my need, and though it's complex, it's a learnable product. It also helps my company become more agile and also helps it face new challenges. One Identity Manager is the tool I need, and I like it. The tool helps my company and also helped the previous company I worked for, so I have no complaints about it. It's a tool I like working with.

I didn't give One Identity Manager a perfect score because the connection with ServiceNow isn't there yet, so that's an area for improvement. When you send in an incident or put in a request that's not a standard request on One Identity Manager, you have to make an exception in the way your company should work, and this is another area for improvement in the tool that I also don't like. My company came up with a workaround or a solution to this, but a company such as One Identity should be able to propose a solution out-of-the-box.

My company is both a customer and a partner of One Identity Manager. I say partner because a representative from One Identity comes to my company every two months and listens to feedback about the pros and cons of the tool. I say customer because my company pays for the One Identity Manager license, and if there's an issue, my company makes a request and lets the support team know what makes us unhappy.

One Identity Manager is a central identity provider and authorization provider, and I've been using it for multiple customers who use it as a central identity provider.

In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager.

The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager.

What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself.

I've been working with One Identity Manager and its predecessor Quest since 2014.

One Identity Manager is a stable solution, although like any vendor bugs occur. It is frustrating there's no bug tracker available of known issues. It would be very helpful to know what bugs are currently acknowledged to prevent continuity issues and wasted troubleshooting time. 

In terms of the scalability of One Identity Manager, I mostly had experience with companies that had five to ten thousand identities in place, and now, I've been working with a setup in a larger enterprise environment with tens of thousands of users, and my impression is that everything is going much slower than what I was used to on the smaller scale, but I'm not completely familiar how it was set up. I know too little about the setup to judge the scalability of One Identity Manager.

I've contacted the technical support team for One Identity Manager multiple times. Sometimes support is excellent, and sometimes, it's just okay. Support asks for a lot of information that's not always necessary.

Neutral

Installing One Identity Manager nowadays is getting more and more straightforward, but in terms of configuration and setup, that's complex.

The time it takes to deploy the solution would depend on the organization. I've been involved in multiple projects and there were projects where One Identity Manager was deployed faster than others, so deployment time would depend a bit on the complexity of the organization and internal processes, but in theory, you could set it up within a week. Mostly it would take companies months to get the solution up and running.

I'm aware there's a license cost for One Identity Manager, but I'm not part of the team who handles licensing, so I'm unable to give pricing information.

I'm a freelancer, so I work for multiple customers and I work for three customers that are using One Identity Manager, so I can't give the exact number of users, but big teams use it.

I'm using One Identity Manager because it's what my customers selected.

My advice to anyone looking into using One Identity Manager is to start playing around on the virtual setup to get familiar with it, in particular, make a small domain, set some target systems up, and get familiar with the setup.

I would rate One Identity Manager eight out of ten because it's very stable and very customizable. For the last two years, the solution has improved and cut back on technical depth, and it can stand on its own two feet, but there's still space to improve. Overall, One Identity Manager is one of the best in the market.

I'm an identity and access management consultant, so I'm not a partner or a reseller of One Identity Manager.

We use the solution for creating and completing enhancements and other features. Personally, I have experience working as a .NET developer and working with the SQL server database. When I joined Wipro, I worked mainly with One Identity Manager tool as a developer. In addition, I do web design and object browsers, job queues, and use other tools.

The best feature is the security of the solution. 

The solution can be improved from a front-end point of view. It slows the portal down. The tool is too customized in our organization, and we face many challenges with the portal. We were able to make some improvements performance-wise to the portal slowness. It is particularly slow if you are using it in a large organization.

We have been using this solution for more than two years. We are currently using version eight, which is deployed in cloud.

This solution is stable when we are using all its features. However, when we customize the solution, it becomes difficult to use.

This solution is scalable.

When we cannot resolve issues with the tool, the technical support team assists us by proposing solutions based on the tool requirements. They consistently respond to us and help us resolve any issues we encounter while using the tool. I rate the technical support a ten out of ten. 

Positive

The initial setup process was easy. However, it took between 30 to 60 minutes to deploy the solution. 

One Identity Manager is very efficient for a limited amount of users. It is easy to use and handle. The license price is based on user capacity. However, I cannot speak about the exact costs.

Our company takes on projects for different types of clients, so we chose this solution because our clients had this solution implemented. Therefore, selecting this option made managing things more efficient.

I rate this solution a six out of ten.

This solution creates the roles for the NDSS, including onboarding of accounts. It's an end-to-end solution in that the customer will request some permissions, and it will enter treatment for that user, then push the data or automatically onboard admin accounts for that user.

The most valuable features are that it has a lot of capabilities, can integrate with a lot of systems, including automated onboarding like CyberArk, and allows you to integrate different entities.

One area that could be improved is the speed of performance - it's often a bit slower because of the size of its database.

I've been using this solution since 2017.

It's a stable solution.

OIM can be scaled.

We subscribe to premium support from Dell IBM. It's pretty good but can take a while to respond with a solution, sometimes up to a week if it's a major issue.

It depends on the expectations and scope, but OIM is easy to deploy and can be completed for a medium organization in six months to a year.

I used a consultant integrator for deployment.

Licenses are available on a three or five-year basis.

I would recommend OIM to other users and would score it seven out of ten.

We use it to manage all identities within the company. We use it to monitor users when onboarding and offboarding. We also use it for all the related accounts, such as SAP accounts and AD, to give permissions to our employees within these systems.

We do all the privileged management as well within One Identity Manager, which mainly consists of monitoring and control of users, especially who's changing what.

There are users within SAP, the so-called "firefighters," who need to have a little bit more access to SAP. They are the ones who are allowed to switch down modules, put down the systems, and so on. They require high-privilege access. One Identity helps us to monitor those activities and ensure that we make the changes that are required so the users will have those permissions.

When we have a request from HR for onboarding a new employee, before having One Identity, we had all manual processes. If the user was going to be assigned to a specific application, we needed to contact the responsible person on that team to open multiple tickets, multiple requests. Today, those activities, are completely managed by the Service Desk. That means we have reduced the time it takes for the onboarding process enormously. It used to take two or three weeks to do a full onboarding, but today we can do it in two or three days, providing access to the systems.

The solution has reduced Service Desk calls by 75 to 85 percent. In terms of automation with this system, we now have 94 percent coverage of our users and systems. That means we increase security as well, and not only reduce calls to the Service Desk.

In addition, when it comes to compliance, One Identity is used to cross-reference between the identities and accesses. This has improved the detection time of security events and has helped us with both data protection and compliance. One Identity is a main driver and helper in improving this area.

It's the automation. With One Identity you can have multiple accounts and everything is managed in the same system. You don't need to manage different systems at different times. With just one, you can do everything. It saves a lot of time for us and simplifies things.

In terms of the policy and role management features, through the automation that we have within the system, we are able to simplify those processes. The role management is really a great solution because we assign and define roles within the system and then apply them to the identities that we create for our employees.

It is definitely a flexible solution. The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc.

We are currently on an old system, an old version. We're working on upgrading to the latest version. So when it comes to cloud-IT strategy, for example, at the time we implemented this version it was not yet a consideration. We are now starting to develop this area, and One Identity will play a key role in our cloud strategy.

Most of the issues that we are suffering from today will be fixed with the new version.

The more we have integrations with other systems, for creation of user accounts for different applications, the simpler the scalability and the usability of the system will be. That's what will make our lives easier.

I've seen that in the new version we're going to have connectors related to ServiceNow. That's a huge feature that will be important for us because we're using that system. Salesforce integration, more integration with SAP and with the internet of things would be good.

We also have system devices that we could manage as identities, so that would be a feature to add.

Three to five years.

The system we are using is five years old and we have had no issues at all. It is fully stable.

It's scalable. We grew over the last year. We integrated companies within the group, which included creating more and more users in the system. Scaling is pretty simple. We didn't have to make major changes to the system itself. It was something that the system could support easily, especially from a functional point of view. 

It can scale vertically and horizontally without any problems. With the upgrade, we are scaling up technically, adding more servers, and it's pretty easy as well.

We are working with a One Identity partner. This is really important. One of the most important things to do when going with One Identity is to choose a partner wisely. We are currently working with a partner and we're still evaluating that. It needs to be assessed a little bit better and to ensure that they can support us. It has nothing to do with One Identity support itself. The important thing is ensuring that the partner is able to support requests. That's what we are currently assessing and evaluating.

We are working with IPG because our headquarters are based in Germany. We have a history with them. We are currently ensuring that they are capable of providing the support that we require, and especially provide us the agility and flexibility we need.

The partner is important because the implementation of the systems and the configuration of the systems are done by the partner. It is key for One Identity to ensure that the partners can do the work properly.

We had nothing before using One Identity.

We implemented One Identity in 2015 with the main goal of controlling SAP access and users, especially the privileged access in SAP and the segregation of duties. That's what we wanted to control. One Identity was the best system at the time, with really exceptional out-of-the-box functionality. It was mainly done, at that time, for SAP. It was a risk and compliance issue that was fixed with One Identity.

We are seeing return on investment although I can't quantify it. If we just think about the reduction in the onboarding time which is impacting other teams, that is an area of ROI. And especially with the Service Desk, there has already been a benefit and a return of investment in terms of resources.

The tool is one of the best tools, out-of-the-box. It has great integration, especially for companies using SAP. On the other side, choose the right partner and don't look at only one system, but other systems as well. If a company is looking for a system to control SAP, don't focus on your SAP. Look at one system which is able to manage in general, and with good integrations. One identity is one of those systems.

It is also important to have a defined process. We establish it and then, with the use of the tool, we apply it.

I would rate the solution at nine out of ten. I like the out-of-the-box functionality. You don't need to do specific customizations; you can quickly use the system as it comes. And the solution has flexibility.

We manage companies identities and different legal bodies in it from all over Europe.

With One Identity Manager, we were able to get a lot of processes digital. A few years ago, we started to give all of our colleagues who were working in the retail stores their own smartphones, so they could use some of these processes. For this, it was key to have a good identity management system, where they could do all that. 

Before that, we were using this tool for shared account management. We were able to do that pretty smoothly, and get everyone a personal account, which was pretty impressive.

We have integrated the solution with SAP. All our retailers can order their own goods for their stores and have access rights. Without this, it wouldn't be possible for everyone to manage their own stuff. We are local decentralized. We are only able to do this because we have the role management input and access rights in the SAP systems.

With GDPR, a lot of colleagues in my company were using this product last May. Especially for GDPR, things weren't that clear, so we built stuff that wasn't really necessary. 

This solution has helped reduced help desk calls. We still could get way better; perfect.

It's a huge toolkit, and you can do a lot of stuff with it. You can extend nearly everything, so if you want to build something that may not have been though of by the vendor. You can do this with a partner, as we have done in the past. There is also support for these processes. Compared with other distributors who design their products to certain specification, you can put in your own processes, because not all companies function the same. You can write what you want, and the process should be like that.

The policy and role management features are huge. We have had some problems getting our colleagues onboard using these features. They are used to IT setting up everything. The features in the software are good, but there is a lot of transition you have to do inside a company to get these features working.

The solution is flexible. You can customize everything. You can do what you want in it. Sometimes, it is not unwise to do everything on your own, but you can.

We had to customize some stuff in the SAP system, because over the years there has been a lot of customizing in the Identity Manager. It works well, but some features that we would want or that our colleagues are operating and running with the SAP system, we can't really provide, or we have to develop on our own, with One Identity Manager. SAP works well with it, but it could be better.

I would like them to add some lifecycle management features. 

They could improve the support.

When you look at the connectors to Microsoft Edge, we think that maybe it could work. However, when we build a hybrid environment, you can't really use the tools that One Identity Manager is providing. 

They could make the product more user-friendly. It takes a lot of work to build technical and business cases with the product. The solution is more complex than you think to use.

The API server needs improvement.

The stability is mostly pretty good. Now, we are having some issues with the version 8, where we can get the system to a stage where its not really working anymore. We wonder sometimes, why this box still in the software, and are we the only customers that are using it? Sometimes, we feel as if we are the first one using this product in production. Then, we speak with other customers, and they'll say that they have the same issues. Identity Access Management is middleware and should be top-notch. It can't fail. It has to work on peak performance at the times. When you find errors in the box, then it is a big problem. Even if it's not that important. Our standards are really high for a solution like this.

Before the tooling there were around 80 peoples in IT at the company. Now, we're over 800. In IT and workers everywhere, identities have grown enormously, so there are more help desk calls, but there are now a lot of more identities.

Sometimes, it's really good and fast. Sometimes, you make a service request and don't get an answer. Sometimes, you have to use management to get support for a really urgent problem. So that's not always good. Overall, its pretty good, but when you work with the product, you find bugs, and normally, they're fixed. Sometimes, we don't get a response that we want, and it's frustrating. I also see peak times, where it is pretty slow, then the support is really good and pretty fast.

The initial setup was ten years ago. Back then, we had to do a lot of stuff on our own. Therefore, it was not that easy. I think it never is, because a lot of business policies have to change. 

If you were to take the software, and start with it, in a company where you don't really have anything, then I believe it would be pretty easy.However, in a global company, that is using an SAP system or an AD for around 10 years or longer before you even think about getting One Identity Manager, then it gets really hard.

We have had a lot people over the years, like Computer Center and IGF. Some experienced, and some who were not so experienced.

This solution has helped to increase employee productivity when it comes to provisioning users in our systems. This solution has been really effective with our retail workers. It wouldn't be possible to onboard and manage our 40,000 store employees without it. The management of the solution is pretty automated.

Don't work too much in the beginning. Focus on what's really necessary and important. Forget the luxuries you have. There are old processes that are really great for some people and look like pieces of artwork. However, the maintenance of them is really expensive. So, know what you really need, what is your business case, and what is important for you. Keep it simple and structured. Then, you will be happy with a solution like One Identity Manager. 

You have to understand the concepts of the software. Then, you can be productive and be happy with it.

We were able, with this solution, to go pretty fast from an on-premise AD and Exchange environment to a hybrid setup with a lot of stuff in the cloud. 

Right now, we're not really using the privileged account governance features. It looks promising. In our organization, it looks promising, but we're not going to go there right now because its another responsibility for someone else in the company. So, while it looks good, we don't have the capacity to go there now.