One Identity Manager Reviews

We implement One Identity Manager for our customers.

It has helped to simplify compliance. We have multiple customers who now have a full overview of their accounts and users. They can use the reporting for GDPR compliance or accounts retention.

Flexibility: It has many features which can be combined and configured in a great way, then put together in projects and ways that developers didn't think were possible, which has been great.

The policy and role management features are very powerful and useful for our customers. You can do anything there.

The privileged account governance features are great from the overall governance look, the things which you can do with it, and the results that you can achieve from it.

The UI and user experience side of things needs improvement.

It is very stable. It has been running for years (for our customers). Even if it bugs up at some point, it is rather fast to fix and easy to get going again.

The scalability is very good. It scales well for companies, from small companies to very big ones worldwide.

The German technical support is great. We are a German partner, and we find them knowledgeable and fast, as they do their thing.

The complexity of the initial setup depends. While it's fast and easy to set up initially, the complexity can come once the solution starts to grow.

We have implement the following for our customers:

• SAP
• Cloud IT strategy.

Compare all the solutions and all the things that you can do on them: How easy you can set it up and how fast it can grow. Because identity management will grow with you, and you have to have a product which can grow with your organization.

The primary use case for us is to follow the identity lifecycle, starting from feature improvement up to many accounts along with targeted systems.

It has improved the way of operations functions. 

It has partly helped with GDPR, especially with HR.

The most valuable features of this solution are its handling and that it is easy to maintain and manage the data.

The solution is flexible in connection with the controls. For example, it's easy to implement, easy to handle, and understandable to configure.

The user interface needs improvement.

I would like a secondary account approach out-of-the-box, as this would be really useful. Additionally, it would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes. 

The stability has improved over time. 

It is easy to scale up. However, obtaining additional resources additional are an issue.

We have not been much in touch with their technical support, which is a good sign for the product, since it mostly working.

Our previous solution (IBM) was outdated.  

The complexity of the initial setup varies. The Active Directory may be considered less complex then connecting a SAP system.

We have a consultant, who helps us in wrapping up solutions and connecting the current systems to one another.

This solution helped us to increase employee productivity when it comes to provisioning users or systems. It is what the solution was designed for. In some cases, it has gone down from days to hours/minutes.

To a certain extent, it has helped us reduce help desk calls by five to ten percent.

It helps us save on licenses for applications because we are following the account lifecycle, as well as account reactivation.

We had a shortlist of three vendors: SailPoint IdentityIQ, IBM, and One Identity. We looked at functionalities, what came out-of-the-box with each product, and what needed configuring.

The product is a nine out of ten because 80 to 90 percent of our requirements are out-of-the-box.

Consider the speed of implementation, amount of customization, and the authentications if you are comparing between tools. Operations is also a topic: Is it easy to operate and is there a dedicated operational team? 

We have integrated with SAP because SAP has connected systems.

I like the integrated approach of the privileged account governance features. 

The use case is like any other identity management solution: to provision and de-provision software accounts and entitlements for new hires and terminations, and to update name changes, leaves of absence, and those kinds of business cases. The goal of the tool is to automate processes of updating or modifying user access.

One Identity Manager is going to improve your CIS standards, or any other security framework, because it going to help automate account management and entitlement management. It's going to help organizations run a certification campaign and implement role-based access processes.

It also helps consolidate procurement and licensing. You can configure the tool to track cost-center expenses or licenses of software assigned to users' workstations. Typically, One Identity Manager is not used for that purpose, but it has those capabilities.

Another benefit is that it helps streamline application access decisions, application compliance, and application auditing. You can implement a request process for onboarding of any application, meaning a user can request access to an application and it will follow a workflow approval process and the request can be approved or denied. Once access is granted, One Identity Manager will provide access automatically to the target system. You can also define certification campaigns to recertify access for users. On top of that, you can configure segregation-of-duty rules.

In addition, if the application owner has all the information or the criteria to make a decision—i.e. all these users need access to my application, and all these users don't need access—we can integrate that application within One Identity Manager and enable a request engine process for that application. For example, if a new employee needs access to that application, they need to submit a request for access and the approval process will be directed to the application owner. The application owner can approve or deny access for that person. In that way, the entire decision process belongs to the application owner and not the IT department.

One Identity Manager can also help achieve an identity-centric Zero Trust model. You can configure the tool to identify the different departments, call centers, and locations to give them the minimal permissions necessary to perform a task. Furthermore, if you have critical access or entitlements that need to be recertified, you can run a certification campaign against an Active Directory group or Google group or SIP entitlement to recertify that these entitlements in Active Directory, for example, are assigned to these 20 users. You can then ask someone to certify this critical group and determine if all 20 users are still needed. If the decision-maker denies access to some of those users, the tool can remove the access automatically. It definitely gives you that flexibility.

It helps in managing SAP. There is a connector that you configure with the tool and it helps to provision accounts and assign roles or permissions in SAP. If there is a disconnected SAP application and you want to bring it on board, One Identity Manager gives you the tools to do so.

One Identity Manager connects SAP accounts to employee identities under governance. Although each organization is different, what is typical in some organizations is that it is important for them to meet security compliance regulations like CIS controls. They use the solution to meet those requirements.

In addition, healthcare companies have to be HIPAA compliant. One of the HIPAA rules is related to terminations. They need to make sure that every user or employee who is terminated is denied access within 24 hours. One Identity Manager helps you to implement that kind of case. If we connect One Identity Manager with the human resources system, we can read the employee's end date and automatically disable access for that user in less than 24 hours. In fact, we can disable the employee, once we have connected to Active Directory, in five minutes or less.

One Identity Manager doesn't have a privileged access management model but we can create one. A robust solution is based on the Windows platform. To address this use case you need a SQL Database and Microsoft Internet Information Services. If your organization is a Windows environment, One Identity Manager is a good option for your company.

In terms of the user interface, Quest, the vendor, follows up-to-date web standards for development. Currently, they are moving to implement Angular as a framework to implement end-user UIs. As a result, end-users will see a pretty nice website, a web portal where users can approve requests, submit password changes, or submit new requests. Also, if there is a certification campaign running, the web portal is very user-friendly. The manager can log in and see items that need approval or denial. The current version is designed to support mobile, tablets, and web browsers.

We also make use of One Identity's business roles to map company structures for dynamic application provisioning. That is a very important feature because most companies want to implement role-based access. Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments. For example, if you know all the people in your sales department, you can configure a business role so that anybody who is a new hire in that department will get certain accounts or certain access or certain groups in different applications. Doing that in One Identity Manager is a very simple task and it is very well organized.

The product can also be extended to support any of the SaaS or PaaS applications on the cloud. Nowadays, identity manager solutions are focused more on managing of identities and entitlement access on-premises. But companies are moving to the cloud and it has become very critical for solutions to start handling user accounts and permissions in the cloud. One Identity Manager is specifically a product that is moving in that direction and providing connectors to the cloud. It's a gap that needs to be closed and not many providers are investing in that. I've been implementing One Identity Manager for 12 years and I still haven't seen any other company doing cloud identity management, 100 percent. Hopefully, next year and in the following years, more companies are going to start adopting that technology.

And whenever you implement test, dev, and production servers, it will help minimize gaps in governance coverage among them. Using the solution you can connect and configure users in production, but if you configure dev or test instances, you should absolutely be able to handle ID and governance access for those applications.

End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes.

There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.

I have been implementing the solution for about 12 years.

I don't use the solution as an end-user, I just implement it as a consultant for multiple companies. When a company wants One Identity Manager, I gather requirements, do the design, implement the solution, and train people on how to use it.

The product is very stable and performs well for medium-sized organizations with fewer than 200,000 users. For organizations with over half a million identities, there are some performance issues that have been found in previous versions, issues that affect the end-user experience. For example, if you run an attestation cycle or a request for a deployment with half a million identities, the system becomes a little slow in processing end-user requests to refresh a page, because of the amount of data.

Once you go into production and you have a stable system, you have it for a year or two, as long as there is no major issue that you find in your deployment, something that can be fixed in the next release. Typically, customers have the same version for one or two years before they decide to do an upgrade. Going through an upgrade to the next version means a lot of production testing of your current implementation.

The scalability is very good. You can scale the application job servers or web servers. They are very easy to scale. Once you have identified your gap or your need for scaling in your current deployment, it's just a matter of adding a new server, configuring it, and you're done. It's highly scalable.

The only advantage of their Premier Support is that you have an agent from the vendor assigned to your account, someone you can contact for any kind of product updates or fixes. That person will also tell you, "Hey, the next release is coming and these are the new features, these are the hotfixes." You get the added value that if you open a support ticket with them, your Premier Support agent will try to get a response a little sooner than usual.

Neutral

The deployment is in between easy and difficult. On a scale of one to 10, where 10 is "easy," it's an eight. It's not difficult to implement and use the out-of-the-box functionality. I can have a company running in two weeks, including connecting the tool with Active Directory and creating and updating users.

When a company wants more customization, that is when it starts getting more complicated. But if a company is looking for basic use cases and not too much customization, from the start of gathering requirements, though deployment in production and Active Directory, could take three to four weeks. That is fairly simple.

You have the option of deploying the solution on-premises or in the cloud or using Quest's cloud. The solution requires application or database servers in a web server. You can deploy it on-premises or, if you have Amazon or Azure components, you can deploy the solution there. And Quest, as a company, offers cloud services, where you pay for a One Identity Manager instance with the number of users you need, and they will do the installation and configuration for you, and they will take care of all the technology. You then just need to implement your use cases. So there are three options: On-premises, where the customer handles all the servers, in the cloud, where the customer handles all the servers, or through Identity Manager on Demand, where Quest manages all the infrastructure and servers and the customer just implements the business cases.

The number of people involved in an implementation depends. I have led teams of two people and teams of 20 people. I have implemented the solution for companies with 10,000 users and I have done an implementation for a major company with about half a million identities. For that instance, we had 10 dev servers and 20 people involved, including developers, testers, project managers, et cetera.

At the very least, when the vendor releases hotfixes every three or six months, you will need to do maintenance if there is an issue with your implementation that has been addressed in that release. Typically, customers do upgrades once a year to the next version. But the solution doesn't require a lot of attention.

My advice is to review your business cases and try to use most of the out-of-the-box features of the product, instead of asking a consulting company to customize the solution. Adding customizations will add some burden when you need to upgrade to the next version or make changes. They will increase the chances of failure and your progression and smoke testing. Try to reduce the amount of customization with this tool.

When it comes to customizing One Identity Manager for particular needs, it's like any other tool. When the tool is implemented we try to push customers to use all of the functionality. If there is a need to customize, on a scale of one to ten, where ten is easy, customizing it is a seven.

And as a tool, on its own, it does not create a privileged governance stance to close the security gap between privileged users and standard users. It needs to be integrated with another product. One Identity Manager does the user provisioning, de-provisioning, and access requests and management. But if you want a full integration with a PAM solution, Quest has a different solution called One Identity Safeguard. Safeguard is the solution for privileged access management and can be connected with One Identity Manager. By connecting the two tools, you can keep track of the submission of requests with One Identity Manager and the fulfillment of the requests in the privileged access management tool, which is Safeguard.

We use it to control identity and access management in our company.

It has helped when people need access somewhere. It makes it much faster to grant user access. I used to be the one who gave everybody their rights and it took me a few days per week to do it. Now, it's just pressing a button. It's a huge time saver. I don't have to create the users in AD anymore.

All of the systems that we use are in Identity Manager, we didn't have that before. It was hard to even say what kind of systems we were using. Everybody had their own system. When somebody said, "I need to get access to that system," everybody often answered, "Oh, what system is that? Do we have a system like that?" Now, everything is in the same place and they can access so much more, and it's easier to get access.

The solution has also helped to very much simplify compliance. By law, once a year, we have to check what kind of access our users have. For compliance, they can look at everybody's rights because they can see them from Identity Manager. They can look at what kind of rights and access people have and get reports easily. It was very much harder before when we had to make Excel lists.

It has also helped to notably reduce helpdesk calls. Before we had Identity Manager, people called a lot. Now they don't call that much anymore about needing access to something. They can get access, themselves, from the IT shop.

Nobody has to put people in AD groups by hand anymore. It goes automatically and that's very good.

It's also very flexible. It's quite easy to customize and we have customized it a lot. There are many features already in it that you can choose from but you don't have to use everything. You can use just a few features and leave things out.

I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. 

For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.

It has been stable. We haven't had many technical problems at all. Maybe there have been some small issues, but not anything that has been affecting my work. The performance is okay. It works quickly and is stable.

We speak to our consultants. They are our technical support.

We had something we built ourselves, but it was not integrated with anything. It was mostly just a list. 

When the world is changing and getting more technical, people need more access and we needed the ability to check what kind of access people have. There are all the GDPRs and other things that involve our company. We also thought it would be nice to have some automation for AD. I was literally creating people in AD and giving them rights to different places, putting them in AD groups. It was wasting time and, when a person does it, there are probably mistakes and you're not always sure what's happened. There's no tracking of who did what. Now we can track everything.

That initial implementation was a long process. It took about two years from the time we decided to take the product until we had it in production. There was a lot of fixing and thinking and configuration.

Overall, there were about ten people involved in the implementation, but we have two developers who work actively in developing it at our company. And we have about two-and-a-half people who actually work with it.

Upgrades take a while. The last upgrade we did was from version 6 to 8, when we migrated. It wasn't that difficult. It took time but we prepared properly for it, so it went very smoothly. That migration took a weekend or three days, but the preparations were over the course of many months.

We had a lot of customization in version 6, and we had to clean that up so that version 8 would work smoothly and without problems. Then, we changed our consultants as well, so we had new consultants for version 8. They knew the code better and they told us we had a lot of faults in in version 6 that we needed to fix before version 8 because they wouldn't work in version 8 anymore. We cleaned up a lot of systems and users so that we wouldn't take a lot of garbage with us to the new version.

There were two people who did the migration and they had to learn a lot about how to do it. Then we did testing in version 8 to see how everything was working. In the future, the work involved in upgrading will probably be much less because there won't be that big of a gap. In this case we had to first migrate from 6 to 7 and then 7 to 8. It was a very long process, a big project. I don't think we will do that again. I think we will upgrade with smaller gaps in the future, to make it easier.

We looked at one other vendor, but it was some time ago. It might have been something from Microsoft. I don't think we looked at it that seriously because, as I remember, we decided on One Identity quite fast.

It's very good to have a system that handles access rights and a system that you can automate with a lot of other systems like with LDAP and Active Directory. You can probably integrate it with other things as well. For us, it has been a very nice product and we are very happy with it.

The advantages come with many other things that need to be done to use Identity Manager. It takes time to create things and get new systems and features running and to teach people how to use it.

We've heard about the privileged account governance features. We haven't yet started using them but I think we will soon.

Overall, I would rate it at nine out of ten. There are always things to improve on, nothing is ever perfect. I like the product and I think it's nice to work with, but I don't do that too much technical stuff. For everything I do with it, I think it works fine.

We use it to make requests and show the information that the users have, as well as for attestation.

It saves us time and has increased employee productivity when it comes to provisioning users or systems. It has changed the way things are done, and people who had been doing manual work are doing something else at the moment.

We now have standard processes, the whole flow when a new user comes in; what happens and when. It's always done in exactly the same way. We know that it goes from start to finish in a certain way and we can be sure that it's done in the correct way when it's automated. The master data is always used in the same way.

It has also impacted our cloud IT strategy because we have to be there to manage the user accounts and all, in that environment. That's on-going work at the moment. We haven't implemented or started any processes in production yet.

In addition, it has helped to reduce helpdesk calls, according to the information that we have seen.

For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems.

We are familiar with the policy and role management features and we are using some of them. They are very hard to define, but they are also very powerful in a way. You have to define them clearly before you start using them.

One Identity Manager is also flexible. If it doesn't have a feature that you want, out-of-the-box, you can customize it by creating scripts or modifying the schema. But you usually need consultants to do the job.

This is getting at really detailed functionality, but the system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people. That's an issue for us at the moment.

I would like the ability to have different user accounts and to have a flexible way to order things. For example, if you have a domain with a lot of sub-domains, for the end-user it should be easy to order to these other environments. But you would have to have sub-identities. We have tried to create different kinds of solutions for this.

This version, version 8 has been working fine. Version 6 was horrible for us. The performance wasn't good at all, but our experience now with performance and stability is good. We are happy now.

When it comes to adding other users or a growing environment we haven't had any issues. At the moment, at least, we have been able to add features and functionality, and everything has worked fine.

We have only used technical support through our partner/consultant company. We haven't been in direct contact with One Identity. Everything has been okay. 

We had a solution that was built in-house before we migrated to One Identity. The old solution didn't have the automation features and provisioning features the way that this product does. The old solution was more manual with a lot of built-in scripts. It was hard to maintain or to create extra features.

Our initial setup was about three years ago, but we did the migration from version 6 to 8. That was almost the same. It was a really big project, or it felt like it.

The initial go-live for the product overall was over one weekend, but the work before that took a year. There were ten people involved during that weekend. We had some time-outs during that year though, because there were some other big projects.

The setup was complex because we did a lot of things. It wasn't only our project, because it was HR and the organization. It was not only the technical part, "next, next, next." It included changing the processes and standards in the company overall.

In terms of our implementation strategy, we added a totally new HR program, to get the master data up and running and correct. And then, of course, we had to work on how the organization is defined and have master data for that, and the roles to be used and the master data for that. And we had to get overall processes standardized.

There are two-and-a-half people working on the solution now, doing daily maintenance.

We had a partner, Infragen, do the integration. Our experience with them was good. They did good work and we had good cooperation, overall.

The managers are satisfied when things are automated, when people are coming in or going out, because they don't have to do the work. They just contact HR and it's automated from there. People know that it's one place where you can do everything: make the request, the attestation side, and compliance is also automated and in one place. That's what people want.

Microsoft was one of the solutions we looked at, as well as some small Finnish companies. We went with One Identity because of the features. Somebody had already made the stuff that we needed, the functionality that we needed was there and didn't require so much customization. And the partner that was able to give us the solution was also a factor in our decision to go with One Identity.

Keep the scope small in the beginning, so you don't do too much. Go live and then add more features on the way because, otherwise, it can go on for years, and you never get anything done. Also, don't start to customize features too much. Try to use what comes out-of-the-box and try to implement it that way. Somebody has thought of these things already. In most companies, a lot of these things are probably done in the same way.

I would rate One Identity Manager at eight out of ten. There's always room for improvement, but I'm pretty satisfied.

We want to bring our on-premise systems under our control, then our cloud solutions under our control.

With this product, we been able to bring together HR, IT, and lifecycle management. It is very helpful for managing the Joiner/Mover/Leaver process. We also use it for compliance on all the audits which are around.

We have integrated the solution with SAP, which has governance. We need to manage the Visual Administrator and One Identity Manager. The integration is pretty straightforward. There were some bugs with version 6 which are being removed with version 8, which is good. The platform is progressing. Though, some parts of SAP are not covered yet, like GRC.

The tool is like a big Lego in which you can use the parts that make sense for your organization.

It has several components out-of-the-box.

The solution is flexible, in general. You can define the parts of the solution that you want to use, and it won't affect the price. 

I would like the sync editor to be able to change labels because currently our concurrent development cannot work on this.

Self-service is important for our end users. However, after three years, people continue calling the help desk, and the help desk is using this solution to make its requests.

The web front-end definitely needs improvement.

Once the solution is configured, the stability is good.

We are an organization with 10,000 employees. This means 100,000 accounts or an account in group tables or approximately one million. We are not really big. It works okay for us as long as we fine tune some parts in the web design. 

The technical support is non-existent. It is not worth talking about.

We used a homemade solution, which was AD-based. It was a layer on top of AD with Java and Oracle Database in the background, but we had to move to something that can also manage could cloud, which was why we switched.

If you have consultants who do not know the solution nor the target systems, the initial setup is hard. It is my impression that if you are some very huge organization. One Identity will send the best people. If you are unimportant, then you get people who are seeing this application for the first time. This is the only way that I can explain what happen to us in the past.

We used someone at first, who was definitely not good. Then, we used Deloitte France, who was also not good. Then, we use Deloitte Germany, and the solution finally worked. That was three attempts. It was really hard to find good people.

On deprovisioning, when somebody leaves the organization, it allows us to better cut access to everything that they had.

The finalists were SailPoint IdentityIQ and One Identity. The reason that we chose One Identity was due to the logic of the connectors that they have. From those, we understood that this solution contained expertise on target systems.

If you want real-time management, it can be done within three to five working days with this product. That is how we do things today, so we have a process in place and do it with internal resources.

Bring your processors in under your control. Define what you want and when it works in Excel, then you are ready to buy the solution. It doesn't really matter which solution you would buy, as long as you have things under control.

The policy and role management features are very powerful, but it is hard to make the organization use them in the proper way.

We have not implemented the privileged account governance features.

From the back-end perspective (provisioning engine), I would give it a nine out of ten. However, from the web front-end, I would give it a five out of ten.

Our primary use case is to control access to our open source Unix and the app store games. This is a banking organization, so you don't want to give all of the rights to one person.

Using this solution means that our engineers do not need to log in to a domain controller as frequently. Rather, they can log in using One Identity and perform all of the administrative tasks. This is beneficial from a security perspective, and also helps to complete the task in the least amount of time.

It provides Authentication services and integrates Active Directory for open source operating systems.

The most valuable feature for me is the built-in security, which is the best that I have seen. The interface is also very good.

My only complaint about this solution is the price, as I think that the cost of the full user license is a little high.

A feature that I would like to see is a mobile app that provides users the ability to make changes or add users to the Active Directory on the fly.

Three to five years.

I would rate the stability of this product a nine out of ten. This is the only tool that will comfortably help you work with Active Directory in other solutions. 

It is scalable across infrastructures. It works with Windows, open source operating systems, and covers almost everything that you need. We have more than 4,000 users in this solution. Our organization keeps growing, so our base will forever be increasing.

To this point, we have not had to reach out to the solution's technical support.

Prior to using this solution, everything was done manually. Security was at risk of breach and we thought that we needed to be compliant.

The setup of this solution was simple and straightforward. Any admin can do it by looking at the whitepaper.

The process of deployment took approximately one month. However, that is not because the process is complicated or time-consuming. In our case, being in banking, there are a lot of policies and processes that have to be followed before implementing a new solution.

One Identity does what we need it to do, so we do not require any other plugins or packs to run our solution. 

One Identity sells everything that is required to deploy. We directly deal with them and do not use a vendor or a consultant.

There is a one-time licensing cost, and there is also a yearly subscription fee. The fee is related to the number of users and is perhaps $6 or $7 per license per month. 

We did look at other options, but it boiled down to choosing One Identity with no second thought.

My advice is to try this product first and then decide. In organizations with a large footprint of open source operating systems, such as Unix or Linux, security for them is a bigger concern, especially for banking. They should take advantage of using the evaluation version.

Overall, I would rate this product eight out of ten.

We have this process of provisioning and non-provisioning users, depending on our SAP HR database.

The most important thing is that we don't have bad users in our systems anymore.

We no longer keep users who shouldn't exist.

It is flexible with APIs and the customizing of a portal.

I would like to have more extensive out-of-the-box reports.

The stability is great. We haven't had any problems. It keeps on working.

We can expand as much as possible. It will meet our needs going forward. We have already expanded a lot of times. The only issue with expansion is the cost of licensing.

I have only had one experience with the technical support, and it was okay.

We were not using another solution prior to this one (not in this scope).

The initial setup is mostly straightforward, but you still need to customize some things.

It has helped to reduce the paperwork of the help desk. There is a lot less paperwork, which has increased employee productivity, allowing them to be assigned to additional projects. 

We were also looking at the Microsoft Identity Manager. However, we decided on One Identity Manager because it has a wider coverage of different products.

Implementation and integration with SAP went well from the Identity side, but we have had internal problems with the data. However, we have been solving that for four years now.