One Identity Manager Reviews

We are a system integrator and used One Identity Manager for our client.

One Identity has many built-in features. It's a highly suitable platform for enterprise-level organizations to integrate with existing systems for complete account management and other related functions.

Although someone new to One Identity may initially find it a little difficult, the intuitive interface is easy to navigate for experienced users.

Due to its many built-in features, customizing the solution to meet our customers' specific needs is straightforward. With sufficient knowledge of the platform and tool, we can easily tailor the solution according to our customers' preferences. Simply exploring the available features will help us uncover the possibilities.

Without One Identity Manager, we would need multiple platforms to connect our source and target identity systems. However, One Identity allowed us to consolidate role management, access management, identity management, and other functions into a single platform, significantly streamlining our processes.

One Identity Manager simplifies application governance by streamlining access decisions, ensuring compliance, and facilitating auditing. Previously, users required individual interactions with application teams to gain access. However, with One Identity integrated into multiple applications, users can now submit access requests through a dedicated portal. This initiates an automated workflow that grants access directly through One Identity, significantly reducing users' and administrators' time and effort.

We successfully implemented an identity-centric zero-trust model, but its effectiveness depends on the people and the architecture used to implement the solution. The platform provides the necessary tools, but the success of its application hinges on the users' ability to leverage its features effectively within their specific use cases. If users can successfully implement these features, One Identity proves to be a valuable platform. However, the underlying architecture within the platform and our processes also play a crucial role in overall success.

One Identity Manager provides a wide range of features that enable connection to numerous target systems. It also includes built-in capabilities to automate user onboarding and offboarding processes.

One Identity Manager offers numerous features, including role management. We can create custom bot-specific roles, integrate with external systems, and grant users access upon onboarding within our system. The tool's automation capabilities are particularly valuable. They allow us to schedule tasks for execution at specific times, eliminating the need for manual intervention.

The platform's user experience presents several challenges. Its complex features and numerous tools make it difficult to understand without significant effort. The web portals and documentation are also not user-friendly, hindering knowledge acquisition.

We must create business roles specifically for the platform rather than due to architectural requirements. While this is unnecessary additional work, it is mandated by the platform. We believe utilizing system roles to grant application access would be more efficient. However, the platform necessitates the creation of business roles on top of system roles for access control, which we find challenging.

The documentation I found in their repository is neither interactive nor engaging. They should include simple examples or sample use cases demonstrating how to use the product for specific features.

For most applications, we must configure connections. One Identity Manager lacks a robust built-in connection system or connectors for diverse target systems. This area could be improved. Consequently, for built-in applications, we must define connections ourselves.

We are using an on-demand version for our client and have encountered some database agent issues. Therefore, the number of database agent issues needs to be reduced.

I have been using One Identity Manager for one and a half years.

The stability of One Identity Manager hinges on the project's specific implementation or architecture. We must analyze project requirements to select the appropriate One Identity version; in this case, the on-demand version is necessary due to our high user count. This choice will help maintain platform stability. While One Identity itself is not inherently flawed, its success relies heavily on the architecture team's design.

One Identity Manager's scalability depends on the specific implementation or architecture.

SailPoint is a platform similar to One Identity Manager that we also use, both offering identity management solutions. While One Identity Manager offers more features, making it a strong choice for us given our expertise, it has limitations regarding target system integration and user interface. One Identity should expand its default integration options to include popular systems and enhance the user interface with a more intuitive and visually appealing design to maximize its potential, improving the overall user experience for extended work sessions.

We engaged our One Identity Partner, Quest Global, to provide post-implementation support, and we are pleased with their responsiveness. The issue's priority level determines their response time. High-priority issues receive immediate attention with a scheduled troubleshooting call, while medium-priority issues are addressed within hours. Lower-priority issues will also be resolved promptly. Overall, we are satisfied with their support.

I would rate One Identity Manager eight out of ten.

I participated in a one-week training session provided by the partner, and it was exhausting because we had to listen to the trainer for eight hours each day and then work.

The support that our One Identity partner provides is valuable.

Due to our implemented automation, One Identity Manager requires ongoing maintenance. Constant monitoring is necessary to ensure the workflow operates as intended. This monitoring demands individuals with expertise in the tool to comprehend the process and identify potential issues.

Our One Identity partner helped us implement the customized features that our client required.

We currently have 100,000 users and have connected with around 15 target systems.

I recommend One Identity Manager to others. I suggest the on-demand version for organizations with a high user count.

Currently, we are using the One Identity Manager solution for user feeding from the HR database to target systems such as Microsoft Active Directory, Microsoft Exchange, and other protocols and servers. In our organization, One Identity's main use case is user feeding, user onboarding, and user offboarding.

We have created job flows for users, and One Identity listens to our HR database to see if there are any changes. It detects any changes and then synchronizes with the target systems or feeds the target systems. We have created a custom workflow based on our organization's requirements, and then we are managing our users with One Identity.

One Identity has a single sign-on solution. If you want to use single sign-on or auth providers in your organization, you can use it, but currently, we are not using it for the single sign-on features. We are using it for privileged accounts. We have created custom rule sets for access reviews, attestation, etc. We have also created flows for the segregation of duties and job rotations. We are handling these operations or regulations with One Identity.

We are completely working with an on-prem solution. As per Turkish financial regulations, we can't use cloud services for financial services. That's why we didn't test any scenarios related to the cloud and any software on the cloud. We are currently using its latest version.

It's very easy to implement for privileged accounts and for our regulations. It's a competent solution that we can use for our regulations and requirements.

We use its business roles to map company structures for dynamic application provisioning. We are implementing and developing our business roles for business needs. One Identity mainly manages our business roles to do all the business and use financial tools in our bank. It's critical for our business. If this solution is not working properly, our main functions and our main operations will not continue because all access rules are managed with One Identity. Some roles will not be able to do their daily tasks. Currently, One Identity is managing the roles for credit approval, credit preparation, and credit final approval. Without it, they cannot do their daily tasks, and they cannot approve credit.

For IM services, we are completely working with One Identity auto-flow jobs. Our help desk, or our user administration teams, are not involved in any subsidiary company's employees' processes. We delegate activities related to user onboarding and offboarding to their HR teams. They start the onboarding process with their own portal running on One Identity, and then, auto tasks and auto flows are managing the operations to the target systems. Our operations teams are not involved in this process, so there is no overhead in managing users.

We have many regulations for access reveal, user onboarding, user offboarding, user rotation, and user re-organization tasks. For example, if users move to another department, One Identity manages the activities for data operations, such as removing some groups and adding new groups. It happens automatically with One Identity. We need to meet these regulatory requirements, and it helps with that.

We can also see historical operations and modification logs with One Identity. If we need information about any activities, we can create an identity-based custom report for users or an object-based report for groups. We can create a report to see what happened, what changed, and which modifications happened in our systems. We can provide detailed reports to our auditors. It has powerful reporting tools for auditing activities.

One Identity Manager completely helps us with our operations. We are relying on One Identity for our operations. We don't want to touch Microsoft AD, Microsoft Exchange, or other target systems. We don't want to touch them, log in to them, or operate anything on these servers. Our master database and our master platform for modifications is One Identity.

It has helped to close the security gap. If any unauthorized change happens on our target systems, or a suspicious change happens in our target systems, the One Identity platform overwrites these operations because the master database is One Identity. If there are any security vulnerabilities, or if there are any suspicious activities that are identity-based or related to our privilege groups, One Identity will ignore and overwrite that with the master data.

Identity Manager has been managing our application authorization tables. All of the authorization tables and all the access-revealing features are managed with One Identity. These tasks are delegated to us, and we are providing One Identity's reports for the auditing activities and requirements.

Changes are being synchronized with applications. If there are any changes on One Identity access tables, it'll affect the applications directly.

It has helped to achieve an identity-centric Zero Trust model. We can manage and we can feed from one database to all target systems. We have distributed target systems. We have more than 10 target systems, and we are effectively using One Identity tools for managing and seeing from one view. From the operation side or the administrative side, this solution helps us to have a view without logging into the target systems.

We did a PoC with other identity management tools such as SailPoint, Oracle Identity Manager, and Microsoft Identity Manager. We chose this product for being able to accommodate our requirements. It's very flexible, and it's open to being developed to our requirements. For example, for our custom tasks related to subsidiary companies, we created a custom HR portal for our subsidiaries. These employee accounts are not in our main HR databases. We created a portal in One Identity for their HR divisions, and they are doing their daily operations on this One Identity custom portal. That's why we chose this product for our production environment.

Another reason for choosing One Identity was the local support and the Password Manager solution that they have.

The product's GUI could be more user-friendly.

One Identity can improve its Password Manager solution for custom requirements. We want to manage different environments, such as test environments, and we want to manage their passwords, but we can't use this solution because their environment does not have its own connector server.

I'm not sure if One Identity already has it or not, but there could be a Privilege Identity Management solution from the vaulting side in the One Identity family.

It has been almost three years.

It's very stable. I would rate it a nine out of ten in terms of stability.

It's scalable. We have installed it on an on-prem server in one of our data centers, but it's a highly available infrastructure. It's not a standalone server. We have a redundant topology for this one. The approximate number of end-users who are using this solution is 35,000. Its usage would only increase by 5% in our organization.

Currently, we are using both premium support and local partner support. We are getting support from our local partners for the development requirements from our side. They are supporting us with development requirements. I would rate our local partner an eight out of ten in terms of support. 

We used Security Identity Manager from IBM. We switched to One Identify because that product was out of support, and it was not open to implementing a custom workflow from our side. It was not flexible, and it was not a convenient service.

I worked as a team leader. I was involved, but I did not execute or administer this service. We worked with our local partners, and they did it for us, but it was straightforward. 

It took about three months to implement it. We closed our old identity management solution and moved all the workflows to the new one, but the installation was quick.

We used SoftwareOne in Turkey for the implementation. In general, four people were involved in the implementation. We had two people from each side, and then there was a project manager. People from our side were from the Identity Access Management department. They were Access Management architects. From the integrator company, two people were Identity Access developers.

Our experience with SoftwareOne was good. They helped us to customize the solution for our particular needs. They trained us on the solution, which was very helpful for us in managing and doing daily activities. They have also been involved in post-implementation support. We are happy with their support. They have been very important to us. We wouldn't have been able to go further without them.

In terms of its maintenance, for the maintenance tasks, two IM specialists are involved.

It was okay for us. It was not too much for us. It was nearly the same as other products. It was not expensive.

We aren't paying any costs in addition to the standard licensing fees. We are just paying for the local support. We are paying for the development requirements to our local partners.

We evaluated SailPoint, Oracle Identity Manager, and Microsoft Identity Manager. When we compared this solution against SailPoint, they were very close, but the local support and development capabilities were the reasons for going with One Identity.

It's a very flexible solution. You can improve or develop it based on your needs. If you have a little bit of knowledge of .Net code, you can create whatever you want. The product is so open to development. If you have some coding experience, you can do whatever you want. This is one of the most important things for us.

I would rate it an eight out of ten.

One Identity Manager's primary use is managing employee identities, encompassing the entire lifecycle from onboarding and role changes to offboarding, including lifecycle management, certification, segregation of duties, and identity retirement.

One Identity Manager offers a comprehensive platform for enterprise-level administration and governance of user data and privileged accounts. The platform includes features like Safeguard for securing high-privileged accounts and a unified login for access management. Essentially, it provides a complete suite of identity management, privileged access management, and access management within a single platform.

The user interface provides a comprehensive graphical view of identities and entitlements across various systems, offering a clear and accessible overview of user accounts and permissions. This allows users to quickly and easily view their accounts and entitlements in each system, enhancing the overall user experience.

One Identity Manager is easily customizable to our needs due to its built-in Visual Basic editor, accessible through Visual One. This allows for customization by utilizing their comprehensive API documentation to build or modify functions as required. The integrated editor within the product enables us to readily access and write custom logic, streamlining the customization process.

It utilizes business roles, which are mapped to technical roles and then further mapped to entitlements. This structure streamlines access requests for end-users, as a single business role can encompass multiple technical roles, granting access to multiple systems upon approval. The system also allows for customized approval workflows with multiple levels of authorization. Additionally, a cart feature enables users to select and apply for various business or technical roles, combining them as needed before submitting their request.

One Identity Manager employs a governance framework that utilizes a certification process to verify identities based on client-defined intervals, typically every six to eight months, aligning with their audit requirements. This governance feature is seamlessly integrated into the platform, eliminating the need for separate installations. Furthermore, the system allows for the customization of attestation processes, including certification campaigns, email templates, and recipient lists, providing extensive flexibility. This functionality is crucial for ensuring data security and regulatory compliance within cloud applications, as granting access to unauthorized individuals can lead to severe financial and legal repercussions. By managing access privileges effectively, organizations can mitigate risks and maintain control over sensitive information.

One Identity Manager can help to minimize gaps in governance coverage among tests, dev, and product servers.

It establishes a privileged governance framework, mitigating the security risks associated with highly privileged user accounts. These accounts, if compromised or accessed without authorization, can cause extensive damage to servers and applications, potentially jeopardizing the entire company. By implementing One Identity Manager, organizations can effectively address these vulnerabilities and enhance overall security.

One Identity Manager streamlines application access decisions for compliance, especially in large companies with hundreds of applications. Without a centralized solution like One Identity Manager, managing access and ensuring compliance becomes nearly impossible. This tool provides a single point of reference for application access, offering a complete audit trail of who has access to what, when it was granted, and when it was revoked. This simplifies application management across the enterprise and ensures comprehensive auditing capabilities.

It empowers application owners to align with business managers in making application governance decisions independent of IT, thereby reducing operational costs by around 25 percent. The platform offers various connectors to onboard applications as endpoints, enabling automated provisioning, creation, deletion, and access control for user accounts. This automation minimizes manual intervention, streamlines operations, and ultimately contributes to cost reduction.

One Identity Manager helps achieve an identity-centric Zero Trust model. Without a proper approval process, granting access based on simple email requests compromises the Zero Trust model and introduces significant security risks. The Zero Trust model mitigates these risks by requiring multiple approval levels for any access, emphasizing its importance in maintaining a secure environment.

One Identity Manager is a comprehensive identity management system that encompasses employee identity lifecycle management, certification, and segregation of duties. It ensures high security through multiple approval processes, preventing unauthorized access and enhancing compliance by providing time-based access for privileged accounts with proper audit trails. Additionally, it streamlines application access decisions and extends governance to cloud applications.

The support model has room for improvement, especially when compared to competitors like Omada and SailPoint, which offer a more extensive global presence and support network.

I have been working with One Identity Manager for six months.

One Identity Manager is stable.

One Identity Manager is scalable.

I believe the support model could be better.

Neutral

I worked on platforms like Broadcom and IGA before using One Identity Manager. I did not switch on my own; it depends on what the client uses.

One Identity Manager offers superior reporting capabilities compared to dot com IGA. While dot com IGA requires significant time, financial investment, and server resources to configure reporting, One Identity Manager provides an intuitive and user-friendly interface that allows for easy report generation directly from the GUI. This streamlined approach simplifies the reporting process and enhances efficiency.

The return on investment in compliance is clear because inadequate identity management can result in substantial financial penalties for data breaches.

Investing in One Identity Manager is necessary for regulatory compliance. Although it might not directly bring in business, it prevents issues like tool compliance. The pricing is reasonable compared to other solutions.

I would rate One Identity Manager nine out of ten.

My customer uses their custom HR system. On the backend, data is sent from the NS SQL server to One Identity Manager.

If you want to save on infrastructure costs without extensive customization, opt for the SaaS model. If you require significant customization, consider the on-premise model of One Identity Manager.

We use One Identity Manager as our primary solution for identity and access management. We use it for multiple functions including identity lifecycle, access management, provisioning, segregation of duties (SODs), and attestations. It is being used for the core IM functions.

We are a large insurance company based in Germany. We are compliance-driven. We have to fulfill BaFin requirements. BaFin is a governmental body that oversees banks and insurance. They have a big list of requirements that each financial institution needs to fulfill to stay on the market as a bank or as an insurance provider. One Identity Manager helps us to meet those requirements.

We differentiate between two types of accounts, personal and non-personal accounts. Personal accounts are accounts or usernames assigned to people, and then we have non-personal accounts, which are technical or service accounts used by software or machines. One of the BaFin requirements is that we have control of each and every account within the system. The sync editor is able to read each and every account into IAM. It discovers every account if you have given it the right to see everything in the SAP or any other system. The tool fulfills the base needs so that we can traverse every account available in the system and then match it to digital identities there, meaning that we get a linkage between each account and each digital identity that we get from the HR system. So, we do not have orphaned accounts or the ones that we are not able to match. It is up to each customer to utilize this. They can develop their own processes to handle this. They need to have their own processes to connect them, identify them, or report on them. There is not much that the vendor does there. It discovers them, and that is it. I am satisfied with what it offers. It fulfills our needs.

When it comes to core IGA, the functionality that we use is the life cycle of accounts. We use the life cycle of membership of these accounts into SAP roles, the membership of these SAP users, and the membership life cycle of SAP users in the SAP structural profile. These three are what we cover. There are also SAP groups and SAP profiles, but we do not actively manage them. From the access control structures, we use only this subset. That is all that we need. It is currently sufficient for our needs.

We use several objects to represent company structures. We use the department object and the location object, and we also use business roles pretty extensively. We have thousands of business roles in the system. If I traverse the table org, which is the technical name of the table, I will find thousands of entries there.

Compliance and automation are two reasons for implementing an IM solution. Automation helps save money. For compliance, even if we do not like it, we must install such a solution because we have to fulfill law obligations. We work actively on that and have a big team covering it. It will keep us busy over the next few years. The second one is automation. We have automated the whole onboarding process of employees within this company. Instead of having 50 different administrators, we have less than 10 administrators. It saves us money. We definitely save lots of effort for administrators of different systems. We save people and resources by automating and not having several dozen administrators for different systems. That saves us lots of money.

Another advantage is that it saves us time. We can onboard the person within a day in our company. As soon as the HR types in a new employee there and pushes it to us, we can provision the employee to all necessary systems roughly within a day. Without such a solution, it will probably take weeks.

It helps streamline application access governance. When you have different applications, such as Active Directory-based ones, SAP-based ones, and cloud-based ones, they all have different GUIs. They all have different approval processes. Once you connect them to a solution like One Identity, you have to order all of their entitlements through the IM WebShop, which is a web interface. There is a very homogeneous look and feel to how you order access to these applications. Otherwise, from the administration point of view as well as from the approval point of view, it is a very heterogeneous experience. Once you integrate applications with One Identity Manager, you get the same experience for your AD-based and SAP-based tools. Other competing products like SailPoint and Verix also provide a uniform experience.

It also helps with application auditing. That is one of the core features of the tool. We use it to audit the access to different applications and impose governance on these applications. The application life cycle is also one of the core features that we use. There is one package called the application onboarding package (AOB). We developed our own mechanism there about 15 years ago, so the tool does offer steps, and we utilize it.

I like the provisioning feature of One Identity Manager. It is very powerful and flexible. It works at a very high level, but it can also be tailored as per needs. They have something called Sync Editor. I personally like that one because I have a developer background. Currently, I have more responsibility within the company for this feature. I am one of the six subject matter experts (SMEs). My area is the reconciliation part. 

Compliance with BaFin requirements is very important for us. If we do not fulfill them, our license can be retracted. If we do not fulfill these requirements, it is not good for the company. We use the identity life cycle. We use provisioning extensively. We use attestations, recertifications, and SODs. We need all these equally to fulfill the BaFin requirements.

In terms of user experience or intuitiveness, it is in the middle. I personally find it good. Based on the complexity, the vendor seems to have done a good job of providing a web shop kind of experience, similar to eBay or Amazon. You order something in the shopping cart and submit it. Another one approves it and it gets provisioned. It is in the middle because I have seen better and more lightweight interfaces. They are now introducing the Angular portal. There is a new design. It is better, but certain things are still a little bit hidden. It is not yet ideal. Things like attestations or segregation of duties are not that intuitive. People take time to learn. We need to train them on what they need to do. When we generate attestations, the guy who needs to attest does not intuitively know what to do. When it comes to SODs, it is even harder. People are unsure what exactly things mean there. We need to train these people. For core processes like ordering entitlements, they know what to do without any training or reading materials from us. For example, you order a group, somebody approves it, and then you get it provisioned. For such simple scenarios, we do not need to support them, but for the other cases, such as attestations and SODs, we need to write articles on the Internet. We need to do training. We need to actively support them and hold their hands.

The biggest complaint we get from the end users is the performance. When they click or submit something in the shopping cart, all the compliance checks for SOD rules are run. Sometimes, it takes two to three minutes for something to be submitted. It is slow. It has a bit of a bad reputation within the company because it is a slow product. That is the biggest drawback in terms of user experience. Performance has been a problem in the last 10 to 15 years. It is sometimes good and sometimes bad. Every now and there, you hear that performance is an issue.

The user interface could be more streamlined. The overlapping functionality among tools like the Sync Editor, Designer, Object Browser, and Manager needs better delineation. Currently, you have Sync Editor for synchronization. You have the Designer for scripts, procedures, and SQL development, and then you have the Object Browser for raw or low-level data adjustment there. You also have the Manager which is a user or operations management tool. These four tools overlap in their functionality. For example, you can administer schedules in Manager, Object Browser, and Designer. I see a little bit of overlapping there. You also have the Transporter that transports the code. If you open the binaries folder for tool installation, you will see 20,30, or even 40 files there. There are so many small tools for different things. They might have grown over time. They should differentiate a little bit between operations, development teams, and test teams. For operations, they have done a good job of centralizing things in the Manager tool, but for developers and testers, there is a little bit of overlap between Designer and Object Browser. There is one other tool called Web Designer. That one will become obsolete soon with Angular. Currently, some things can be customized by the operations teams in prod and some of the things need to come from the developers. The borderline is not very clear. There are gray areas. They might have fixed these things in the Angular portal.

Another thing that I do not like is that they are mixing useful data and code data in the same data model. Other tools such as SailPoint or Verix Identity are stronger in terms of the separation of useful data and code data, although they have worse data models than One Identity. There should be a cleaner separation between the actual usage data and code data.

I have been using One Identity Manager since 2009, although back then it was known as Active Entry. I have been using it actively since 2011.

I would rate it a five out of ten for stability. As with all other products, it has bugs. It is buggy. When a new version comes out, there are issues with it. It then takes them some months or patches to make the version stable. If you take 8.0 or 9.0, those versions are usually buggy. I have spent 15 years with this product. There were always issues after they made some major release. It then gets stabilized. The product is buggy, but they work on it. After six to twelve months, they sort out everything, and then you get a more robust version.

It has its advantages and disadvantages, but it is definitely scalable.

It is a good tool for enterprise-level management. It fulfills its role. In the Gartner Magic Quadrant, this tool has gone from the lower left corner to the upper right corner in the last ten or so years. It is definitely an enterprise-level tool. It is powerful, but it is slow. As soon as the company becomes very big and different scenarios need to be managed, it tends to be slow. Two years ago, there was a conference in Hagen, Germany. The vendor asked everyone about their thoughts about the product. They asked us the good or bad things about the product, and every second customer said that they had performance issues with the product. The product is very powerful. It is an enterprise-level software, but it is slow. As soon as you have a larger number of users or a larger number of systems connected to it or you have heavyweight scenarios, it becomes slow. Of course, it depends on how each customer customizes it and implements the features in it, but every second customer complained about the performance.

We have about 30,000 users. We have only one centralized instance for the whole company. We have four environments, and there are several different teams here. We have testing, development, and operations teams. We also have the requirements scoping team where the SMEs are. It has grown pretty big. In the beginning, there were just two to four of us doing everything, but now there are quite a lot of people. Different departments are doing different aspects of it.

Their technical support is pretty good. We use standard customer support, which allows us to open tickets and receive fixes for bugs. While it is not state-of-the-art, I would rate their service as being in the better half, providing positive support experiences.

Neutral

I have worked with two other competing products. One is SailPoint, and another one is DirX Identity. All of these products have their advantages and disadvantages. There is no perfect product, but I find One Identity Manager to be the most powerful and flexible of the three.

I have a developer and IM architect background. When it comes to customization, One Identity Manager is very powerful and very flexible. It is not very easy, but it is definitely better than DirX Identity or SailPoint. The amount of energy that you need to invest is less compared to the other two products.

We have a separate solution for PAM or privileged account management, and that is CyberArk. I know that One Identity has its own safeguard solution, but I am not sure if that one is used in our company. Another team might be using it but not us. We are a big company. I know that this was one of the solutions that they were evaluating, but in the end, they decided to use CyberArk. 

Back in 2010, we had six months of evaluation. We did evaluate Tivoli and other products. We had a prototype. It took about six months before we went to production. We first started only with Active Directory and SAP, and then we kept growing it with additional target systems and additional features. It is comparable to other products in terms of ease of deployment. It is not simple. All these products are complex. It takes time to understand what they do. As compared to others, there is a middle complexity level to bring it live. Overall, it took about six to nine months.

We have the operations team to maintain it. There are several people in that team.

During the evaluation phase, we considered other solutions like Tivoli.

I would definitely recommend this solution. I have influenced two companies in the direction of adopting it in Germany. They were evaluating this, which takes lots of money and time. One company even booked me and a colleague of mine and asked which one to go for between this solution and SailPoint. I definitely recommend this one.

I would rate One Identity Manager an eight out of ten.

We use Identity Manager for several things, such as automating our XML process, user provisioning and reprovisioning, and governance-related activities like access reviews and degradation of duties.

Identity Manager sits at the center of the organization. We integrate our systems, like Workday, into other HR systems for employees and contractors. If there are any vendors and customer-related identities, we feed the data from those systems into One Identity. One Identity Manager is configured to the initial access established when someone joins the organization, such as email, Active Directory, desktop logins, timesheets, and common apps that everybody in the organization requires.

We also have request systems in ServiceNow integrated with One Identity Manager on the back end. The request tool goes through ServiceNow, and One Identity creates a notification that a user has requested access to an application. Identity Manager will provision those users on those systems. Some requests are automated and others are semi-automated. When a ticket is opened in ServiceNow, the team will pick up the ticket and work on it. Once they do that, an update comes into the IDM system saying that this user has been granted this access. One Identity Manager is the central book of records or identities and their access levels. 

One Identity Manager has improved our overall user experience by automating processes related to password rests, access requests, and provisioning. This has reduced the number of tickets and help desk calls. It has also decreased the time new employees take to start working. Their laptops and applications are ready to use when they sit at their desks on their first day. We have designed the process so they can spend one or two hours setting things up and starting work. 

The solution streamlines application access decisions, compliance, and auditing.  One Identity has improved the access request process. It's quicker, and we only need to check the identity management system if there are any issues. The users can go into the system to request roles and see if they've been approved. If they're missing something or don't know what to request, they can look it up in the catalog. It's more user-friendly and based on self-service, so the help desk doesn't need to handle all these requests. Everything is centralized, allowing us to pull all the information we need for regulatory audits quickly. 

One Identity's user interface is excellent. It has a timeline view that shows when a user received access and when access was removed. This provides a solid overview of all the users' activities since they were onboarded. 

Another visualization tool not in the main UI shows the identity in the center and links to the target applications. You can drill down and see the details for those target systems. That is very helpful for us to look up something related to a user quickly. 

We use One Identity to manage SAP. We did a lot of customization, integrating the GSA components of SAP. We brought in all those rules, and it wasn't straightforward, but One Identity has some additional support and capabilities for SAP that helped us a bit. We brought all those GSA-related activities in through process changes and some customization. 

One Identity is good at automated user provisioning and de-provisioning. The system processes things quickly. We had an issue where we mistakenly disabled nearly 4,000 Active Directory accounts due to a developer error. We had to get those accounts back up again and were pushing the records to AD to make the changes. It was running a bit slowly, but we have a cloud setup, so we bumped the resources, and it handled that load quickly.

The compliance reports are good, and custom reports can be easily generated. One Identity provides separate built-in user roles for auditors, compliance officers, and others. The SOC exemption process and associated reporting are excellent. 

It's critical that One Identity extends identity governance to cloud apps because most organizations are hybrid. The cloud is maturing and becoming more affordable. More organizations are shifting from legacy Oracle EBS systems to Microsoft 365 or Salesforce. All these vendors have also picked up cloud offerings and offer them as a managed service or complete service, where we don't have to worry about anything.

The interface could be more customizable and developer-friendly. There's a different tool for everything in Identity Manager, so it would help if they could consolidate everything into one or two tools. A developer needs to use three or four tools to do various things, so we need to log in to multiple tools when we make changes. It's a pain if we want to do something quickly, and it's harder for new developers because they have to remember which tool they need for a task. It would shorten the learning curve.

I've worked with two versions of One Identity. The earlier version was heavy on customization. We had mastered that because we were doing customizations. We knew how to change things and had our own SOPs, documentation, etc. In the last year, One Identity changed its UI. That involved a lot of code that is invisible to us, minimizing the amount of customizations we can do. To do some minimal customization, we had to try different things and almost break our dev environment. Once, we had to reset it using the backup because it was not coming up because of all the changes we did. Also, there is no clear documentation

According to feedback from my users, the user experience is more of a mixed bag. Many of my users had problems with the password reset portal. It asks for a CAPTCHA code before they can log in. It's a standard feature, but how the CAPTCHA is displayed isn't user-friendly. People did not like it. We tried to customize and change that as well but had limited options. Aside from that, the normal UI is good, and we have not had much pushback.

While the export and import feature is handy for minimizing gaps in governance coverage, we still need to use separate products like GitHub and other similar tools to maintain consistency between environments. There is nothing built-in to help us maintain configurations across environments. If they come up with something where I can quickly compare both my environments and see the differences, that'll be great.

Identity Manager is good at managing identities, but I don't think it suits privileged accounts. IAM is split into three subdomains: IGA, access management, and PAM. One Identity is sufficient for IGA but cannot handle the others. 

The compliance reporting could be improved. One of the key requirements of SOC or any other audit is a snapshot of the system's configuration. The audit requires you to certify that the queries for generating the report have not been changed and that the configuration is the same as it was the day before the audit.  

We take screenshots with the timestamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity stores the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do.

I have worked on it for around two years.

I rate One Identity Manager nine out of 10 for stability.

I rate One Identity Manager seven out of 10 for scalability because the scaling process isn't smooth.

I rate One Identity support eight out of 10. We worked closely with the One Identity team, and they assigned us a dedicated support manager. It has been a positive experience. They quickly resolve issues and help us execute projects faster. 

Positive

I work as a solution architect, so I've used lots of tools, including the Oracle toolset, NetIQ, and Sailpoint. One Identity is better than Oracle, which has lost market share. Oracle is resource-intensive. You need 16 GB to install the base. Initially, that tool was good, but it became a mess. Oracle is no match for Identity Manager. NetIQ is a lightweight tool suitable for small organizations, but it cannot process things the way Identity Manager can. 

Microsoft tools lack One Identity's IGA capabilities, but I would say SailPoint is better because of the number of connectors it has. It's also far easier to operate. Sailpoint's tools are all in one place, and it's more developer-friendly. It's a complete SaaS tool along the same lines as One Identity Manager. We don't have to buy professional services to do anything out of the box, even if it is a minor customization. 

One Identity was deployed on the cloud and offered to the customer as a service. On average, it takes three or four months to install One Identity and integrate it with key systems like Active Directory and HR solutions. That includes the time needed to gather requirements and implement them. For the timeline I mentioned, the standard deployment team size is around five to six people. 

I don't remember the numbers, but we did realize an ROI of about 10 to 15 percent. 

One Identity is cost-efficient from a licensing perspective. However, one drawback is that it's expensive on the hardware side for the customer to set up. One Identity's professional services team recommends various components. They lose some of the cost advantage because the hardware is expensive and requires maintenance. 

I rate One Identity Manager eight out of 10. 

We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.

We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.

One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.

One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.

I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.

As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.

In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.

One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.

If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.

It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.

I have used it for five and a half years.

We haven't had any stability issues.

So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.

We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role. 

We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues. 

Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.

Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.

Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.

The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.

The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.

We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.

Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.

It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.

We have had pretty good people on our team so far:

• For deployment, one or two people were needed. 
• For maintenance, our team is very small. We have two or two and a half people at all times. 

Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.

We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.

Unless you are buying a new connector, you won't need to shell out more money for the solution.

My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.

The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.

There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.

This solution should be considered by companies (based on their needs).

The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.

The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.

We connected SAP through a database.

We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.

I would rate this solution as eight out of 10.

One of our largest clients in the food and beverage industry uses One Identity Manager to manage its user identities and access controls. They have several applications that require user accounts, and for this purpose, we implemented One Identity Manager. This system effectively manages over 200,000 user accounts and provides access to these applications. Additionally, some applications are integrated with One Identity Manager to streamline account creation, such as setting up Exchange mailboxes.

One Identity Manager offers a variety of products in addition to Safeguard. These include Active Roles and tools for SaaS migration, all seamlessly integrated within the platform for a user-friendly experience.

One Identity Manager has been a fantastic tool for providing a single platform to manage user data and privileged accounts at an enterprise level. I was involved in its setup, particularly for privileged account management. With One Identity Manager, I've developed timed automations for tasks like account and group creation. This replaced the previous manual process, which was much less efficient. I've tailored workflows for five to six high-privilege accounts, including approval processes. Users now simply select the necessary group, submit their request, and the account is automatically created. One Identity Manager's customization options offer a great deal of flexibility.

We use One Identity Manager's business roles to map our company structure for Dynamic Application Provisioning. This involves creating business roles and assigning them to service items, which then establishes a connection. We increasingly leverage this method for dynamic role assignments as well. This approach is valuable because it allows us to achieve several objectives. Additionally, it enables the implementation of specific conditions or business logic, which is essential in situations where segregation is necessary. This flexibility allows us to create dynamic roles based solely on business needs and assign them to resources. As a result, resources can be automatically assigned roles at the time of request creation based on the training tool associated with the business role, streamlining the provisioning process.

In some cases, we have observed improvements. For instance, we are receiving a fewer number of tickets related to identity management. Additionally, by customizing features through One Identity Manager, we have achieved positive outcomes for our business.

One Identity Manager assists us in establishing a robust privileged access governance strategy to address security discrepancies between privileged and standard users. We've successfully automated provisioning and other processes for standard users through PAM integration within One Identity. However, for privileged users, we maintain separate accounts and policies. I'd like to explore whether there are additional features within One Identity that would allow us to streamline governance for both privileged and standard users within a unified policy framework.

One Identity Manager facilitates the consolidation of procurement and licensing processes. This translates to positive outcomes for our well-structured data and the license signing process. Consequently, Windows privileges have been elevated, and we can now easily manage multiple licenses within the system.

One Identity Manager helps to streamline application access decisions, application compliance, and application auditing. By integrating applications, we can define rules based on needs and apply them logically, achieving the desired outcome. Additionally, separate tables linked to the solution allow for easy management of certain properties.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. While we haven't fully utilized its potential, the software offers options for application and product owners to participate in the decision-making process. For example, we can configure notifications to be sent before assigning roles, allowing these stakeholders to provide input.

One Identity Manager helps us achieve an identity-centric zero-trust model. Since implementing One Identity Manager we have not had any security breaches.

One Identity Manager offers several features that I found advantageous compared to other tools. For instance, imagine two distinct teams: one responsible for administrative documentation and the other for development. With One Identity Manager, the administrative team wouldn't need to learn a separate design tool, as the platform offers dedicated features for both administrative and development tasks. This segregation of functionalities is helpful because it streamlines workflows and reduces complexity. For example, if we need to monitor backend processes, One Identity Manager provides a dedicated job queue with a visual representation, allowing us to easily identify any stuck jobs. Additionally, the platform is database-oriented, offering built-in filtering and browsing functionalities within the object browser, further simplifying data management.

One area where One Identity Manager could be improved is in database performance. When handling a large number of users, I believe that built-in indexing or other optimizations would be beneficial. This would reduce performance-related resource needs in a production environment. Additionally, it would be helpful to have more visibility into job aspects within the tool itself. Information like the number of jobs in the Data Designer, along with date logs, would allow us to directly manage and terminate jobs as needed. This would lessen our dependence on the database team. I believe that these improvements would streamline operations.

There are a few aspects of One Identity Manager's user experience that could be improved. Users sometimes find it confusing to navigate and understand how to use the tool effectively. As a result, customizing the front-end interface could be beneficial. For example, currently, users need to check multiple reports to gather complete information, which can be time-consuming and frustrating. Implementing a way to streamline this process, such as displaying relevant details directly within the application, could enhance user experience. Additionally, the current system requires manual creation of service catalogs for each application. It would be beneficial to implement pre-configured, out-of-the-box options for common applications like ServiceNow. This would save time and effort for administrators and improve the overall user experience.

While I'm comfortable making back-end customizations, I find front-end customization to be challenging.

It would be convenient if One Identity Manager offered a feature that allows bulk deployment and monitoring with a single click.

I have been using One Identity Manager for eight years.

One Identity Manager is a stable product, but its frequent version updates can be challenging. If users choose not to upgrade, they only receive one year of support.

For example, we recently transitioned from version eight to nine, only to discover later that support for version eight would end after just one year. This cycle of upgrading every year is disruptive.

Ideally, One Identity would offer at least two to three years of support for each version. This would alleviate the pressure to upgrade annually and allow users to focus on core business activities.

Currently, we are using the vendor's premium support due to a post-upgrade challenge. During this upgrade, our Active Directory experienced prolonged completion times, taking up to 30 hours for a single cycle. Fortunately, the One Identity support team was instrumental in resolving this issue.

Positive

Our organization previously used Microsoft Identity Manager, but we transitioned to One Identity Manager due to its greater functionality in access management and governance, coupled with a more user-friendly interface.

The initial deployment process is simple; we have a transporter tool for that. However, for bulk deployments, we also use a custom tool. For instance, when deploying ten or twenty transport packages, deploying them individually and monitoring each one is time-consuming. Our IT consultant developed a tool that automates this process. We simply store the transport packages and provide a list, and the tool deploys them sequentially, even handling small compilations between deployments.

One Identity Manager has a reasonable price point. Given the features and functionality it provides, the cost is justified.

I would rate One Identity Manager eight out of ten. It is user-friendly and the out of the box connectors make it easy to integrate with any system.

Premier Support has significantly enhanced the value of our overall investment in One Identity Manager. There are several ways in which it has been beneficial. For instance, our developers appreciate the immediate support available for troubleshooting production issues. Without the expedited response times and dedicated resources offered by Premier Support, our business operations could be significantly impacted. We are confident that the standard support level would not be sufficient to address our needs on time.

We have over 30 people that utilize One Identity Manager.

I recommend One Identity Manager.

Learning One Identity Manager can be time-consuming due to the limited availability of online resources. While other products offer abundant tutorials and guides on platforms like Google and YouTube, information for One Identity Manager is scarce and often outdated. Additionally, readily available training materials are rare. As a result, self-learning without additional support or formal training can be challenging.

One Identity Manager is an identity governance and management tool. Our customers have defined policies based on their infrastructure but not an intelligent centralized system that handles all the application and user information. When a user requests access to an application, we're the first ones to get that info and perform corporate operations like onboarding and offboarding. We also provide the necessary access. 

We manage about 200,000 users. A bank is one of our biggest clients, so managing their systems is a little more complex. They have multiple streams, making it somewhat complicated. 

One Identity provides our customers with a holistic, centralized automation process. Security compliance is the primary thing. When we audit the report, we can track what applications they are using and ensure that everything they do is within the security system. We can prevent incidents, but if something does happen, we can block that user or that system from accessing other resources.

The solution minimizes governance gaps across environments. When you're working with a large corporation, you can easily find gaps in the security. For example, accounts may be outside of the security system, or the creation and onboarding may be delayed, causing challenges. We can automate the entire process with a centralized platform to ensure the work is done on time. 

Having a centralized system to maintain everything saves time and avoids confusion. It ensures that everything is under the scope, improving security compliance. As companies grow, they face more security challenges, and this solution helps to address them. 

One Identity improves customers' operations by increasing security and reducing costs. Everything will be in line, from onboarding to offboarding. In terms of user privileges and access, everything stays within the scope. Companies can secure their resources and make them available as needed. It's a completely automated process that happens daily. Companies can cut costs by automatically removing access to paid users on leave because we usually pay a per user cost for services. 

Privileged access is part of company policy, and we provide access based on that criteria. The hierarchy will differ depending on the application. A privileged user will have access to the bigger applications or they will have admin role access. One Identity gives us a centralized system to do that.

Let's say a company has infrastructure, development, and finance teams, each with a separate IT shop. From this information, we know that this person belongs to the finance department, so they will receive all the access for someone in finance based on company policy. However, sometimes, the financial department isn't allowed to use the technical systems. We consider the policy criteria the user meets. 

If somebody requires access to something else, they can request access to those applications. Once an application is aligned with One Identity, we will have the application information and know how many users are on boarded to that application, so we get updated information about the number of users with access and how many use it. We generate reports each month on which applications users access and how often. 

I like One Identity's reporting features and the single sign-in option. Users can skip multiple logins. It also gives us a centralized system that lets us know about a user's access. This is an automated process. If a user leaves the company, One Identity will ensure their application access will be removed after a certain date. When the user joins a company, it ensures all privileges are created and active by the start date.

Using an open-source integration platform, we can integrate any service provider with One Identity. I think the user experience has been positive. Customizing the solution for each company's requirements has been challenging and interesting. Some of these companies are massive and have significant requirements, and we need to ensure that everything is under the scope.  We are collaborating to test and incorporate other functionalities. Corporations might also have their own applications, so we should be aligned with those. 

One Identity could add more connectors for various services we integrate. We need to build and configure custom connectors for our clients with complicated environments and multiple data streams. 

I have used One Identity Manager for two years.

One Identity is stable, but I can't say there are no issues. It depends on the server load and everything. 

One Identity is scalable. 

I rate One Identity support seven out of 10. They respond immediately when we reach out, and you can also get answers through their user community. 

Before One Identity Manager, we used a solution by Dell. A lot of things are in the cloud, so we cloud-native Azure and AWS tools to cover those. 

I was not involved in the deployment. Regarding maintenance, we have multiple teams working with One Identity to maintain and monitor it. Around 40 to 50 are working on this tool.

I rate One Identity Manager 10 out of 10. Before implementing One Identity, you should review the company's policies and all of the systems within its scope. From there, you can decide what the best solution is. For example, if you have an Amazon cloud environment, you should probably go with the AWS solution.