It manages our Active Directory and SAP user accounts according to HR data and assigns permissions via request or rules.
The solution is flexible. It can do almost anything.
Pros and Cons
- "The business role management feature is pretty good because we have a lot of dynamic roles, and you can configure it with the filters."
- "The solution does lots of things that we did manually before."
- "Make the logging and debugging easier to find, because I'm always confused, "Where do I have to go to turn this log on if I want to see it?""
What is our primary use case?
How has it helped my organization?
We create business roles with permissions in different systems and employees can either request those bundles or get them automatically via rules. User creation in all connected systems has been automated. Employees can request permissions through the IT Shop, their manager and permission owners approve the request and the system assigns it - we don't have to wrangle with excel lists of permission assignments anymore.
What is most valuable?
It is very flexible and adaptable to our needs and the ootb features are also quite comprehensive. The overview sheets are great.
What needs improvement?
Make logging and debugging easier to find, I never quite know which log to turn on for which use case (just for my tools, for the job service user, etc).
Setting up permissions inside the admin tools could be easier, maybe have some roles already created and configurable, like helpdesk needs to view persons, accounts, requests, but not change anything, maybe be able to set delegations etc.
Buyer's Guide
One Identity Manager
December 2024
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
Had no major problems. Support is great and quick to help.
How are customer service and support?
Technical support is usually great.
Which solution did I use previously and why did I switch?
We had a vb script for Active directory user provisioning from HR data. It was outdated and prone to errors. We wanted one solution that could manage Active Directory and SAP accounts.
How was the initial setup?
The initial setup was complex because the product is complex, there's usually more than one way of doing something. It's a steep learning curve. Our project didn't leave lots of time for our internal admins to familiarize themselves with the tools. Support was a great help in the first few months after it went live and without a consultant...
What about the implementation team?
For the migration from 6.1.4 to 8.0.1 we used IT Concepts. Migration went smoothly as our expert and theirs worked closely together.
What was our ROI?
Provisioning users and permissions has been automated. The IT shop helps spread the load of permission requests and IT personnel can focus on other things than manually assigning those permissions in various systems.
Which other solutions did I evaluate?
We looked at a few different solutions. Most of them were better suited for only one target system and some had poor add-ons for the other targets we needed. OIM seemed the most balanced and also has connectors for other targets we were planning on using.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Specialist at a retailer with 10,001+ employees
The solution is stable, but slow
Pros and Cons
- "We have seen a slight reduction in help desk calls, as this solution is a self-service product."
- "The initial setup was complex. It is an extremely complicated thing to replace an entire self-built solution."
- "The tool to develop the web portal needs improvement."
What is our primary use case?
The primary use case is to handle identities.
How has it helped my organization?
We have seen a slight reduction in help desk calls, as this solution is a self-service product.
What is most valuable?
- To get an overview.
- To get a good structure.
- To get a good automation process.
What needs improvement?
The tool to develop the web portal needs improvement.
We are pushing out a cloud strategy, but running this on-premise solution, and do not know what steps to take.
For how long have I used the solution?
Still implementing.
What do I think about the stability of the solution?
The stability depends a lot on the infrastructure, but it is pretty slow. For us, it is stable, but slow.
How are customer service and technical support?
I haven't used the technical support yet.
Which solution did I use previously and why did I switch?
We are using a self-built solution. It would cost too much to get that up to the standard of what we need. In the long-term, it is cheaper to buy a solution that has what we need. Though, we are still running the previous solution, as we are still in the implementation phase. One Identity Manager is very limited in what we have live; we are not using it fully yet.
How was the initial setup?
The initial setup was complex. It is an extremely complicated thing to replace an entire self-built solution.
What about the implementation team?
We are using an implementer for the deployment.
What other advice do I have?
Think through what is most important and your strategy, especially your cloud strategy. Look at the different competitors in the market, including this one.
Our cloud strategy is impacting what we decide to roll out.
We have not implemented the privileged account governance features yet.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
One Identity Manager
December 2024
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Principal Consultant at a tech services company with 1,001-5,000 employees
It has many features which can be combined and configured in a great way
Pros and Cons
- "It has many features which can be combined and configured in a great way, then put together in projects and ways that developers didn't think were possible, which has been great."
- "The UI and user experience side of things needs improvement."
What is our primary use case?
We implement One Identity Manager for our customers.
How has it helped my organization?
It has helped to simplify compliance. We have multiple customers who now have a full overview of their accounts and users. They can use the reporting for GDPR compliance or accounts retention.
What is most valuable?
Flexibility: It has many features which can be combined and configured in a great way, then put together in projects and ways that developers didn't think were possible, which has been great.
The policy and role management features are very powerful and useful for our customers. You can do anything there.
The privileged account governance features are great from the overall governance look, the things which you can do with it, and the results that you can achieve from it.
What needs improvement?
The UI and user experience side of things needs improvement.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
It is very stable. It has been running for years (for our customers). Even if it bugs up at some point, it is rather fast to fix and easy to get going again.
What do I think about the scalability of the solution?
The scalability is very good. It scales well for companies, from small companies to very big ones worldwide.
How are customer service and technical support?
The German technical support is great. We are a German partner, and we find them knowledgeable and fast, as they do their thing.
How was the initial setup?
The complexity of the initial setup depends. While it's fast and easy to set up initially, the complexity can come once the solution starts to grow.
What about the implementation team?
We have implement the following for our customers:
- SAP
- Cloud IT strategy.
What other advice do I have?
Compare all the solutions and all the things that you can do on them: How easy you can set it up and how fast it can grow. Because identity management will grow with you, and you have to have a product which can grow with your organization.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Solution Designer at a manufacturing company with 10,001+ employees
It helps us save on licenses for applications because we are following the account lifecycle
Pros and Cons
- "The most valuable features of this solution are its handling and that it is easy to maintain and manage the data."
- "It would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes."
What is our primary use case?
The primary use case for us is to follow the identity lifecycle, starting from feature improvement up to many accounts along with targeted systems.
How has it helped my organization?
It has improved the way of operations functions.
It has partly helped with GDPR, especially with HR.
What is most valuable?
The most valuable features of this solution are its handling and that it is easy to maintain and manage the data.
The solution is flexible in connection with the controls. For example, it's easy to implement, easy to handle, and understandable to configure.
The user interface needs improvement.
What needs improvement?
I would like a secondary account approach out-of-the-box, as this would be really useful. Additionally, it would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes.
What do I think about the stability of the solution?
The stability has improved over time.
What do I think about the scalability of the solution?
It is easy to scale up. However, obtaining additional resources additional are an issue.
How are customer service and technical support?
We have not been much in touch with their technical support, which is a good sign for the product, since it mostly working.
Which solution did I use previously and why did I switch?
Our previous solution (IBM) was outdated.
How was the initial setup?
The complexity of the initial setup varies. The Active Directory may be considered less complex then connecting a SAP system.
What about the implementation team?
We have a consultant, who helps us in wrapping up solutions and connecting the current systems to one another.
What was our ROI?
This solution helped us to increase employee productivity when it comes to provisioning users or systems. It is what the solution was designed for. In some cases, it has gone down from days to hours/minutes.
To a certain extent, it has helped us reduce help desk calls by five to ten percent.
What's my experience with pricing, setup cost, and licensing?
It helps us save on licenses for applications because we are following the account lifecycle, as well as account reactivation.
Which other solutions did I evaluate?
We had a shortlist of three vendors: SailPoint IdentityIQ, IBM, and One Identity. We looked at functionalities, what came out-of-the-box with each product, and what needed configuring.
What other advice do I have?
The product is a nine out of ten because 80 to 90 percent of our requirements are out-of-the-box.
Consider the speed of implementation, amount of customization, and the authentications if you are comparing between tools. Operations is also a topic: Is it easy to operate and is there a dedicated operational team?
We have integrated with SAP because SAP has connected systems.
I like the integrated approach of the privileged account governance features.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager / IAM Evangelist at a tech services company with 201-500 employees
Helps streamline application access decisions, and when granted, access is automatically provided to target system
Pros and Cons
- "Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments... Doing that in One Identity Manager is a very simple task and it is very well organized."
- "End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes."
What is our primary use case?
The use case is like any other identity management solution: to provision and de-provision software accounts and entitlements for new hires and terminations, and to update name changes, leaves of absence, and those kinds of business cases. The goal of the tool is to automate processes of updating or modifying user access.
How has it helped my organization?
One Identity Manager is going to improve your CIS standards, or any other security framework, because it going to help automate account management and entitlement management. It's going to help organizations run a certification campaign and implement role-based access processes.
It also helps consolidate procurement and licensing. You can configure the tool to track cost-center expenses or licenses of software assigned to users' workstations. Typically, One Identity Manager is not used for that purpose, but it has those capabilities.
Another benefit is that it helps streamline application access decisions, application compliance, and application auditing. You can implement a request process for onboarding of any application, meaning a user can request access to an application and it will follow a workflow approval process and the request can be approved or denied. Once access is granted, One Identity Manager will provide access automatically to the target system. You can also define certification campaigns to recertify access for users. On top of that, you can configure segregation-of-duty rules.
In addition, if the application owner has all the information or the criteria to make a decision—i.e. all these users need access to my application, and all these users don't need access—we can integrate that application within One Identity Manager and enable a request engine process for that application. For example, if a new employee needs access to that application, they need to submit a request for access and the approval process will be directed to the application owner. The application owner can approve or deny access for that person. In that way, the entire decision process belongs to the application owner and not the IT department.
One Identity Manager can also help achieve an identity-centric Zero Trust model. You can configure the tool to identify the different departments, call centers, and locations to give them the minimal permissions necessary to perform a task. Furthermore, if you have critical access or entitlements that need to be recertified, you can run a certification campaign against an Active Directory group or Google group or SIP entitlement to recertify that these entitlements in Active Directory, for example, are assigned to these 20 users. You can then ask someone to certify this critical group and determine if all 20 users are still needed. If the decision-maker denies access to some of those users, the tool can remove the access automatically. It definitely gives you that flexibility.
What is most valuable?
It helps in managing SAP. There is a connector that you configure with the tool and it helps to provision accounts and assign roles or permissions in SAP. If there is a disconnected SAP application and you want to bring it on board, One Identity Manager gives you the tools to do so.
One Identity Manager connects SAP accounts to employee identities under governance. Although each organization is different, what is typical in some organizations is that it is important for them to meet security compliance regulations like CIS controls. They use the solution to meet those requirements.
In addition, healthcare companies have to be HIPAA compliant. One of the HIPAA rules is related to terminations. They need to make sure that every user or employee who is terminated is denied access within 24 hours. One Identity Manager helps you to implement that kind of case. If we connect One Identity Manager with the human resources system, we can read the employee's end date and automatically disable access for that user in less than 24 hours. In fact, we can disable the employee, once we have connected to Active Directory, in five minutes or less.
One Identity Manager doesn't have a privileged access management model but we can create one. A robust solution is based on the Windows platform. To address this use case you need a SQL Database and Microsoft Internet Information Services. If your organization is a Windows environment, One Identity Manager is a good option for your company.
In terms of the user interface, Quest, the vendor, follows up-to-date web standards for development. Currently, they are moving to implement Angular as a framework to implement end-user UIs. As a result, end-users will see a pretty nice website, a web portal where users can approve requests, submit password changes, or submit new requests. Also, if there is a certification campaign running, the web portal is very user-friendly. The manager can log in and see items that need approval or denial. The current version is designed to support mobile, tablets, and web browsers.
We also make use of One Identity's business roles to map company structures for dynamic application provisioning. That is a very important feature because most companies want to implement role-based access. Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments. For example, if you know all the people in your sales department, you can configure a business role so that anybody who is a new hire in that department will get certain accounts or certain access or certain groups in different applications. Doing that in One Identity Manager is a very simple task and it is very well organized.
The product can also be extended to support any of the SaaS or PaaS applications on the cloud. Nowadays, identity manager solutions are focused more on managing of identities and entitlement access on-premises. But companies are moving to the cloud and it has become very critical for solutions to start handling user accounts and permissions in the cloud. One Identity Manager is specifically a product that is moving in that direction and providing connectors to the cloud. It's a gap that needs to be closed and not many providers are investing in that. I've been implementing One Identity Manager for 12 years and I still haven't seen any other company doing cloud identity management, 100 percent. Hopefully, next year and in the following years, more companies are going to start adopting that technology.
And whenever you implement test, dev, and production servers, it will help minimize gaps in governance coverage among them. Using the solution you can connect and configure users in production, but if you configure dev or test instances, you should absolutely be able to handle ID and governance access for those applications.
What needs improvement?
End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes.
There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.
For how long have I used the solution?
I have been implementing the solution for about 12 years.
I don't use the solution as an end-user, I just implement it as a consultant for multiple companies. When a company wants One Identity Manager, I gather requirements, do the design, implement the solution, and train people on how to use it.
What do I think about the stability of the solution?
The product is very stable and performs well for medium-sized organizations with fewer than 200,000 users. For organizations with over half a million identities, there are some performance issues that have been found in previous versions, issues that affect the end-user experience. For example, if you run an attestation cycle or a request for a deployment with half a million identities, the system becomes a little slow in processing end-user requests to refresh a page, because of the amount of data.
Once you go into production and you have a stable system, you have it for a year or two, as long as there is no major issue that you find in your deployment, something that can be fixed in the next release. Typically, customers have the same version for one or two years before they decide to do an upgrade. Going through an upgrade to the next version means a lot of production testing of your current implementation.
What do I think about the scalability of the solution?
The scalability is very good. You can scale the application job servers or web servers. They are very easy to scale. Once you have identified your gap or your need for scaling in your current deployment, it's just a matter of adding a new server, configuring it, and you're done. It's highly scalable.
How are customer service and support?
The only advantage of their Premier Support is that you have an agent from the vendor assigned to your account, someone you can contact for any kind of product updates or fixes. That person will also tell you, "Hey, the next release is coming and these are the new features, these are the hotfixes." You get the added value that if you open a support ticket with them, your Premier Support agent will try to get a response a little sooner than usual.
How would you rate customer service and support?
Neutral
How was the initial setup?
The deployment is in between easy and difficult. On a scale of one to 10, where 10 is "easy," it's an eight. It's not difficult to implement and use the out-of-the-box functionality. I can have a company running in two weeks, including connecting the tool with Active Directory and creating and updating users.
When a company wants more customization, that is when it starts getting more complicated. But if a company is looking for basic use cases and not too much customization, from the start of gathering requirements, though deployment in production and Active Directory, could take three to four weeks. That is fairly simple.
You have the option of deploying the solution on-premises or in the cloud or using Quest's cloud. The solution requires application or database servers in a web server. You can deploy it on-premises or, if you have Amazon or Azure components, you can deploy the solution there. And Quest, as a company, offers cloud services, where you pay for a One Identity Manager instance with the number of users you need, and they will do the installation and configuration for you, and they will take care of all the technology. You then just need to implement your use cases. So there are three options: On-premises, where the customer handles all the servers, in the cloud, where the customer handles all the servers, or through Identity Manager on Demand, where Quest manages all the infrastructure and servers and the customer just implements the business cases.
The number of people involved in an implementation depends. I have led teams of two people and teams of 20 people. I have implemented the solution for companies with 10,000 users and I have done an implementation for a major company with about half a million identities. For that instance, we had 10 dev servers and 20 people involved, including developers, testers, project managers, et cetera.
At the very least, when the vendor releases hotfixes every three or six months, you will need to do maintenance if there is an issue with your implementation that has been addressed in that release. Typically, customers do upgrades once a year to the next version. But the solution doesn't require a lot of attention.
What other advice do I have?
My advice is to review your business cases and try to use most of the out-of-the-box features of the product, instead of asking a consulting company to customize the solution. Adding customizations will add some burden when you need to upgrade to the next version or make changes. They will increase the chances of failure and your progression and smoke testing. Try to reduce the amount of customization with this tool.
When it comes to customizing One Identity Manager for particular needs, it's like any other tool. When the tool is implemented we try to push customers to use all of the functionality. If there is a need to customize, on a scale of one to ten, where ten is easy, customizing it is a seven.
And as a tool, on its own, it does not create a privileged governance stance to close the security gap between privileged users and standard users. It needs to be integrated with another product. One Identity Manager does the user provisioning, de-provisioning, and access requests and management. But if you want a full integration with a PAM solution, Quest has a different solution called One Identity Safeguard. Safeguard is the solution for privileged access management and can be connected with One Identity Manager. By connecting the two tools, you can keep track of the submission of requests with One Identity Manager and the fulfillment of the requests in the privileged access management tool, which is Safeguard.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Systems Specialist at a financial services firm with 501-1,000 employees
Automates assignment of users to AD groups and brings all our systems together in one place
Pros and Cons
- "Nobody has to put people in AD groups by hand anymore. It goes automatically and that's very good. It's also very flexible. It's quite easy to customize and we have customized it a lot."
- "One of the things we would like is the ability to have more than one system role manager. That would be nice. For example, when people are on vacation, sometimes it gets a little hard to administrate system roles."
What is our primary use case?
We use it to control identity and access management in our company.
How has it helped my organization?
It has helped when people need access somewhere. It makes it much faster to grant user access. I used to be the one who gave everybody their rights and it took me a few days per week to do it. Now, it's just pressing a button. It's a huge time saver. I don't have to create the users in AD anymore.
All of the systems that we use are in Identity Manager, we didn't have that before. It was hard to even say what kind of systems we were using. Everybody had their own system. When somebody said, "I need to get access to that system," everybody often answered, "Oh, what system is that? Do we have a system like that?" Now, everything is in the same place and they can access so much more, and it's easier to get access.
The solution has also helped to very much simplify compliance. By law, once a year, we have to check what kind of access our users have. For compliance, they can look at everybody's rights because they can see them from Identity Manager. They can look at what kind of rights and access people have and get reports easily. It was very much harder before when we had to make Excel lists.
It has also helped to notably reduce helpdesk calls. Before we had Identity Manager, people called a lot. Now they don't call that much anymore about needing access to something. They can get access, themselves, from the IT shop.
What is most valuable?
Nobody has to put people in AD groups by hand anymore. It goes automatically and that's very good.
It's also very flexible. It's quite easy to customize and we have customized it a lot. There are many features already in it that you can choose from but you don't have to use everything. You can use just a few features and leave things out.
What needs improvement?
I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice.
For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
It has been stable. We haven't had many technical problems at all. Maybe there have been some small issues, but not anything that has been affecting my work. The performance is okay. It works quickly and is stable.
How are customer service and technical support?
We speak to our consultants. They are our technical support.
Which solution did I use previously and why did I switch?
We had something we built ourselves, but it was not integrated with anything. It was mostly just a list.
When the world is changing and getting more technical, people need more access and we needed the ability to check what kind of access people have. There are all the GDPRs and other things that involve our company. We also thought it would be nice to have some automation for AD. I was literally creating people in AD and giving them rights to different places, putting them in AD groups. It was wasting time and, when a person does it, there are probably mistakes and you're not always sure what's happened. There's no tracking of who did what. Now we can track everything.
How was the initial setup?
That initial implementation was a long process. It took about two years from the time we decided to take the product until we had it in production. There was a lot of fixing and thinking and configuration.
Overall, there were about ten people involved in the implementation, but we have two developers who work actively in developing it at our company. And we have about two-and-a-half people who actually work with it.
Upgrades take a while. The last upgrade we did was from version 6 to 8, when we migrated. It wasn't that difficult. It took time but we prepared properly for it, so it went very smoothly. That migration took a weekend or three days, but the preparations were over the course of many months.
We had a lot of customization in version 6, and we had to clean that up so that version 8 would work smoothly and without problems. Then, we changed our consultants as well, so we had new consultants for version 8. They knew the code better and they told us we had a lot of faults in in version 6 that we needed to fix before version 8 because they wouldn't work in version 8 anymore. We cleaned up a lot of systems and users so that we wouldn't take a lot of garbage with us to the new version.
There were two people who did the migration and they had to learn a lot about how to do it. Then we did testing in version 8 to see how everything was working. In the future, the work involved in upgrading will probably be much less because there won't be that big of a gap. In this case we had to first migrate from 6 to 7 and then 7 to 8. It was a very long process, a big project. I don't think we will do that again. I think we will upgrade with smaller gaps in the future, to make it easier.
Which other solutions did I evaluate?
We looked at one other vendor, but it was some time ago. It might have been something from Microsoft. I don't think we looked at it that seriously because, as I remember, we decided on One Identity quite fast.
What other advice do I have?
It's very good to have a system that handles access rights and a system that you can automate with a lot of other systems like with LDAP and Active Directory. You can probably integrate it with other things as well. For us, it has been a very nice product and we are very happy with it.
The advantages come with many other things that need to be done to use Identity Manager. It takes time to create things and get new systems and features running and to teach people how to use it.
We've heard about the privileged account governance features. We haven't yet started using them but I think we will soon.
Overall, I would rate it at nine out of ten. There are always things to improve on, nothing is ever perfect. I like the product and I think it's nice to work with, but I don't do that too much technical stuff. For everything I do with it, I think it works fine.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Systems Specialist at a financial services firm with 501-1,000 employees
Flexible solution you can customize by creating scripts or modifying the schema
Pros and Cons
- "For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems."
- "The system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people."
What is our primary use case?
We use it to make requests and show the information that the users have, as well as for attestation.
How has it helped my organization?
It saves us time and has increased employee productivity when it comes to provisioning users or systems. It has changed the way things are done, and people who had been doing manual work are doing something else at the moment.
We now have standard processes, the whole flow when a new user comes in; what happens and when. It's always done in exactly the same way. We know that it goes from start to finish in a certain way and we can be sure that it's done in the correct way when it's automated. The master data is always used in the same way.
It has also impacted our cloud IT strategy because we have to be there to manage the user accounts and all, in that environment. That's on-going work at the moment. We haven't implemented or started any processes in production yet.
In addition, it has helped to reduce helpdesk calls, according to the information that we have seen.
What is most valuable?
For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems.
We are familiar with the policy and role management features and we are using some of them. They are very hard to define, but they are also very powerful in a way. You have to define them clearly before you start using them.
One Identity Manager is also flexible. If it doesn't have a feature that you want, out-of-the-box, you can customize it by creating scripts or modifying the schema. But you usually need consultants to do the job.
What needs improvement?
This is getting at really detailed functionality, but the system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people. That's an issue for us at the moment.
I would like the ability to have different user accounts and to have a flexible way to order things. For example, if you have a domain with a lot of sub-domains, for the end-user it should be easy to order to these other environments. But you would have to have sub-identities. We have tried to create different kinds of solutions for this.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
This version, version 8 has been working fine. Version 6 was horrible for us. The performance wasn't good at all, but our experience now with performance and stability is good. We are happy now.
What do I think about the scalability of the solution?
When it comes to adding other users or a growing environment we haven't had any issues. At the moment, at least, we have been able to add features and functionality, and everything has worked fine.
How are customer service and technical support?
We have only used technical support through our partner/consultant company. We haven't been in direct contact with One Identity. Everything has been okay.
Which solution did I use previously and why did I switch?
We had a solution that was built in-house before we migrated to One Identity. The old solution didn't have the automation features and provisioning features the way that this product does. The old solution was more manual with a lot of built-in scripts. It was hard to maintain or to create extra features.
How was the initial setup?
Our initial setup was about three years ago, but we did the migration from version 6 to 8. That was almost the same. It was a really big project, or it felt like it.
The initial go-live for the product overall was over one weekend, but the work before that took a year. There were ten people involved during that weekend. We had some time-outs during that year though, because there were some other big projects.
The setup was complex because we did a lot of things. It wasn't only our project, because it was HR and the organization. It was not only the technical part, "next, next, next." It included changing the processes and standards in the company overall.
In terms of our implementation strategy, we added a totally new HR program, to get the master data up and running and correct. And then, of course, we had to work on how the organization is defined and have master data for that, and the roles to be used and the master data for that. And we had to get overall processes standardized.
There are two-and-a-half people working on the solution now, doing daily maintenance.
What about the implementation team?
We had a partner, Infragen, do the integration. Our experience with them was good. They did good work and we had good cooperation, overall.
What was our ROI?
The managers are satisfied when things are automated, when people are coming in or going out, because they don't have to do the work. They just contact HR and it's automated from there. People know that it's one place where you can do everything: make the request, the attestation side, and compliance is also automated and in one place. That's what people want.
Which other solutions did I evaluate?
Microsoft was one of the solutions we looked at, as well as some small Finnish companies. We went with One Identity because of the features. Somebody had already made the stuff that we needed, the functionality that we needed was there and didn't require so much customization. And the partner that was able to give us the solution was also a factor in our decision to go with One Identity.
What other advice do I have?
Keep the scope small in the beginning, so you don't do too much. Go live and then add more features on the way because, otherwise, it can go on for years, and you never get anything done. Also, don't start to customize features too much. Try to use what comes out-of-the-box and try to implement it that way. Somebody has thought of these things already. In most companies, a lot of these things are probably done in the same way.
I would rate One Identity Manager at eight out of ten. There's always room for improvement, but I'm pretty satisfied.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT Business Process Specialist at a manufacturing company with 5,001-10,000 employees
The web front-end needs improvement, but it is very helpful for managing the Joiner/Mover/Leaver process
Pros and Cons
- "With this product, we been able to bring together HR, IT, and lifecycle management. It is very helpful for managing the Joiner/Mover/Leaver process. We also use it for compliance on all the audits which are around."
- "The tool is like a big Lego in which you can use the parts that make sense for your organization."
- "The technical support is non-existent. It is not worth talking about."
What is our primary use case?
We want to bring our on-premise systems under our control, then our cloud solutions under our control.
How has it helped my organization?
With this product, we been able to bring together HR, IT, and lifecycle management. It is very helpful for managing the Joiner/Mover/Leaver process. We also use it for compliance on all the audits which are around.
We have integrated the solution with SAP, which has governance. We need to manage the Visual Administrator and One Identity Manager. The integration is pretty straightforward. There were some bugs with version 6 which are being removed with version 8, which is good. The platform is progressing. Though, some parts of SAP are not covered yet, like GRC.
What is most valuable?
The tool is like a big Lego in which you can use the parts that make sense for your organization.
It has several components out-of-the-box.
The solution is flexible, in general. You can define the parts of the solution that you want to use, and it won't affect the price.
What needs improvement?
I would like the sync editor to be able to change labels because currently our concurrent development cannot work on this.
Self-service is important for our end users. However, after three years, people continue calling the help desk, and the help desk is using this solution to make its requests.
The web front-end definitely needs improvement.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
Once the solution is configured, the stability is good.
What do I think about the scalability of the solution?
We are an organization with 10,000 employees. This means 100,000 accounts or an account in group tables or approximately one million. We are not really big. It works okay for us as long as we fine tune some parts in the web design.
How are customer service and technical support?
The technical support is non-existent. It is not worth talking about.
Which solution did I use previously and why did I switch?
We used a homemade solution, which was AD-based. It was a layer on top of AD with Java and Oracle Database in the background, but we had to move to something that can also manage could cloud, which was why we switched.
How was the initial setup?
If you have consultants who do not know the solution nor the target systems, the initial setup is hard. It is my impression that if you are some very huge organization. One Identity will send the best people. If you are unimportant, then you get people who are seeing this application for the first time. This is the only way that I can explain what happen to us in the past.
What about the implementation team?
We used someone at first, who was definitely not good. Then, we used Deloitte France, who was also not good. Then, we use Deloitte Germany, and the solution finally worked. That was three attempts. It was really hard to find good people.
What was our ROI?
On deprovisioning, when somebody leaves the organization, it allows us to better cut access to everything that they had.
Which other solutions did I evaluate?
The finalists were SailPoint IdentityIQ and One Identity. The reason that we chose One Identity was due to the logic of the connectors that they have. From those, we understood that this solution contained expertise on target systems.
What other advice do I have?
If you want real-time management, it can be done within three to five working days with this product. That is how we do things today, so we have a process in place and do it with internal resources.
Bring your processors in under your control. Define what you want and when it works in Excel, then you are ready to buy the solution. It doesn't really matter which solution you would buy, as long as you have things under control.
The policy and role management features are very powerful, but it is hard to make the organization use them in the proper way.
We have not implemented the privileged account governance features.
From the back-end perspective (provisioning engine), I would give it a nine out of ten. However, from the web front-end, I would give it a five out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
Microsoft Entra ID
SailPoint Identity Security Cloud
Omada Identity
Fortinet FortiAuthenticator
ForgeRock
Microsoft Identity Manager
Oracle Identity Governance
SAP Identity Management
OneLogin by One Identity
NetIQ Identity Manager
EVOLVEUM midPoint
Symantec Identity Governance and Administration
RSA Identity Governance and Lifecycle
OpenIAM Identity Governance
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which one is best: Quest One Identity Manager or Forgerock Identity Management
- Looking for an Identity and Access Management product for an energy and utility organization
- Which Identity and Access Management solution do you use?
- Sailpoint IdentityIQ vs Oracle identity Governance
- OpenIAM vs Ping identity
- Which is the best legacy IDM solution for SAP GRC?
- What are some tips for effective identity and access management to prevent insider data breaches?
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- How to convince a client that Identity and Access Management (IdAM) is essential for risk elimination?
- What access management tools would you recommend to help with GDPR compliance?