One Identity Manager is a software tool specifically designed to manage and govern employee identities throughout their entire lifecycle within a company. Similar to other governance tools, it ensures employees have the right access to data and applications based on their role, from the moment they are hired until they leave the organization.
IAM Technical Domain Manager at Nuuday
Offers a centralized platform and simplifies access management, but the usability could be improved
Pros and Cons
- "One Identity Manager stands out because it offers a wide range of features without requiring complex installation or ongoing maintenance."
- "One key area for improvement is implementing continuous integration and deployment."
What is our primary use case?
How has it helped my organization?
One Identity Manager is a centralized platform for managing user access to all enterprise applications. It focuses on governing regular user identities and access permissions, but it does not handle privileged accounts. If we need to manage privileged accounts, we'll need a separate Privileged Access Management solution in addition to One Identity Manager. One Identity Manager can handle all our other identity governance needs, but privileged accounts require a different approach.
Our customization of One Identity Manager has been relatively straightforward so far. This is likely because we took the time to establish a solid architecture upfront. By defining a clear vision and utilizing standard use cases, I believe I played a key role in minimizing the need for extensive product customization. One Identity Manager also appears to scale well to our needs, further reinforcing my satisfaction with our choice.
One Identity Manager's business role feature simplifies access management by reflecting your company's structure. When you move between departments, like from marketing to finance, your access permissions automatically adjust based on your new role. This eliminates the need for manual updates, ensures you have the right access for your job, and streamlines access governance for your organization. Overall, it's a valuable tool for scaling access management across different departments and scenarios.
Many companies use pre-built solutions like SAP for specific needs. One Identity Manager acts as a central hub for managing identities and access across various cloud applications, similar to how companies connect to ServiceNow for service management or Workday for HR. This centralized approach simplifies identity governance for cloud-based applications, making One Identity Manager a valuable tool, though other competing products offer similar functionalities.
Choosing the right tool is crucial, just like picking the appropriate car. A regular car will perform well on city roads, but attempting off-roading with it will lead to breakdowns. Similarly, our company prioritizes on-premise hosting, so One Identity Manager was ideal. As One Identity itself offers on-premise updates alongside cloud features, we won't be reliant on solely cloud-based solutions for new functionalities. This ensures we stay current with identity access management advancements without being pressured to migrate to the cloud, unlike some competitors who prioritize cloud-based updates over on-premise versions. With One Identity Manager, we access all new features, giving our company a significant advantage. Ultimately, success depends on understanding your company's needs and tailoring your chosen tool accordingly.
Having separate test, development, and production environments creates challenges for managing a product. While the product itself can improve efficiency, companies need to invest in installing and maintaining it across all three environments. This can be expensive, especially for less-used environments like testing. However, if the product is installed according to best practices, it can offer significant benefits.
One Identity Manager streamlines procurement and licensing by consolidating identity management within a single platform. This is particularly advantageous because One Identity Manager is part of a broader suite of security products offered by Quest, allowing our organization to benefit from volume discounts and a unified security approach when using multiple Quest products.
One Identity Manager simplifies application governance by managing access decisions, compliance, and auditing. For access control, One Identity Manager determines a user's privileges within an application based on their overall permissions, allowing granular control over what each user can do. This same system facilitates auditing by tracking all access requests and enabling the creation of compliance certifications.
One Identity Manager empowers application owners and line of business managers to handle access governance without relying on IT. However, this requires upfront effort from the company to set up the data structure. For instance, if we don't have a process for assigning application owners, no tool can automatically create that mapping. The tool can only utilize existing data to enforce our desired workflows. This initial data setup might be challenging for our company as it's still under development.
One Identity Manager supports an identity-centric zero trust model, which assumes no inherent trust and relies on verification for every access attempt. This means every action must be audited and approved, requiring a well-structured data model. To fully utilize One Identity Manager's capabilities for identity governance, our organization will need a data engineer who can create this optimal data structure.
What is most valuable?
One Identity Manager stands out because it offers a wide range of features without requiring complex installation or ongoing maintenance. While many identity governance products necessitate external integration specialists, One Identity Manager's user-friendly interface allows internal staff with some IAM knowledge to manage it effectively after hands-on training. This is particularly beneficial because the product's pre-built lifecycle features, the core functionality of any identity governance tool, are comprehensive enough to address the needs of most companies, including larger organizations, without extensive customization.
What needs improvement?
One Identity Manager's usability could be better. While user experience isn't a top priority for enterprise applications unlike customer-facing ones where ease of use is crucial, there's still room for improvement within the industry standard. One Identity Manager is on par with competitors like SailPoint and Omada, but overall, enterprise applications tend to prioritize functionality over a sleek user experience.
One key area for improvement is implementing continuous integration and deployment. CI/CD automates deployment across environments, streamlining the process and reducing the manual effort currently required. This would move the company away from a slower, waterfall-style deployment process and improve overall efficiency.
The user interface for submitting IT requests could be more user-friendly. While there have been improvements to the look and feel since we purchased One Identity Manager, there's still room for a more customer-driven experience on the end-user portal.
Buyer's Guide
One Identity Manager
December 2024
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
For how long have I used the solution?
I have been using One Identity Manager for two years.
What do I think about the stability of the solution?
One Identity Manager has been stable with no downtime experienced. While the current user and transaction load is low, the system has significant capacity for increased volume and hasn't undergone any formal performance testing. However, based on real-world production use, One Identity Manager appears to be functioning well.
How are customer service and support?
We have premier technical support through the partner. We were not intelligent enough to envision this could be a problem in the future. Luckily, we have expertise in identity access management in-house. Otherwise, it would have been a problem if we didn't have local expertise internally and we bought something that we didn't know how to use and our partner wasn't efficient.
Which solution did I use previously and why did I switch?
Our company is currently undergoing a split into two separate entities. Due to this unique situation, we haven't fully transitioned to a single solution. Our original company continues to utilize Omada Identity Governance, while the newly formed company will be implementing One Identity Manager. This transition process reflects the upcoming separation into two independent companies, requiring us to adapt our systems accordingly.
How was the initial setup?
Our initial on-premises deployment of One Identity Manager was straightforward because we handled the two-tier installation ourselves. However, for the cloud version, there's no installation needed since it's pre-configured as a Software-as-a-service offering. Regardless of the deployment method, the most crucial tier is the database, which needs robust security as it stores sensitive information. Both Windows and Linux installations are supported, though Windows is generally preferred.
The actual deployment process can be completed in as little as half an hour, but that's only if all the preparatory work, like opening network ports, is done beforehand. In the worst-case scenario, where you need to do all the setup from scratch, the entire deployment could take half a day.
What about the implementation team?
The implementation was completed in-house with the help of an external system integrator and a consultant from One Identity.
What was our ROI?
To an extent, we have seen a return on investment.
What's my experience with pricing, setup cost, and licensing?
One Identity Manager's pricing is competitive and in line with what other companies offer. While we may have received a different pricing model due to the multiple Quest products we purchased compared to only One Identity Manager, the overall cost is considered average.
We bought the One Identity Manager license from a partner, but they weren't able to assist with implementation because they lacked experience with the product and even tried to steer us toward a different solution.
Which other solutions did I evaluate?
One Identity Manager stands out for its on-premise deployment option, allowing full internal hosting, unlike most competitors who push cloud-based SaaS solutions. While cloud offers convenience, our critical infrastructure necessitates on-premise control. One Identity Manager also delivers feature parity between cloud and on-premise versions, avoiding the typical delay where new features go to the cloud first. This flexibility caters to companies with strict security requirements or those who prefer a full cloud migration, making it a truly adaptable solution. The potential downside lies in its architecture, where heavy reliance on a single database creates a single point of failure. However, other drawbacks are yet to be discovered through further use.
What other advice do I have?
I would rate One Identity Manager seven out of ten.
We don't use SAP connectors. One Identity Manager's SAP connector isn't unique; it allows connection to SAP systems like many other identity management products. While it simplifies SAP user provisioning within a centralized system, this functionality is common among competitor offerings.
There's a key distinction between privileged and normal business users. While some privileged use cases can be created, an identity governance tool like One Identity Manager, Omada, Okta, SailPoint, or Aviant alone won't handle them all. These tools focus on general identity management, and for comprehensive privileged access management, we need a dedicated privileged identity manager or privileged access manager alongside them.
Due to the partner's lack of experience with the solution, we received no training or post-implementation support. This highlights a challenge faced by organizations in Denmark, a small country with limited options, particularly in the area of identity access management.
Our One Identity Manager partner hasn't provided the value we expected. While choosing them may have been limited due to licensing restrictions, the consultants they sent weren't helpful enough. It seems our experience might have been better with a different product or a more capable partner for the specific solution we implemented.
Our company has a workforce of approximately 5,000 employees and utilizes roughly 1,000 applications, though not all are fully onboarded. This number is respectable considering the size of our country.
When choosing an identity access management solution, there's no one-size-fits-all answer. It's crucial to understand your specific needs first. Consider factors like your current IAM maturity e.g., do you need privileged access management yet?, scalability requirements, deployment options cloud vs. on-premise, and partner support. Don't be swayed by what others use; focus on what works for your business and regulations. One Identity Manager can be a good option for mid-to-large companies lacking internal IAM expertise, though it may have fewer partner integrators compared to competitors like SailPoint. However, it can be a more cost-effective choice.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Jun 16, 2024
Flag as inappropriateIAM consultant at Wipro Limited
It is user-friendly, helps to streamline application access decisions, and the out-of-the-box connectors make it easy to integrate with any system
Pros and Cons
- "One Identity Manager offers several features that I found advantageous compared to other tools."
- "There are a few aspects of One Identity Manager's user experience that could be improved."
What is our primary use case?
One of our largest clients in the food and beverage industry uses One Identity Manager to manage its user identities and access controls. They have several applications that require user accounts, and for this purpose, we implemented One Identity Manager. This system effectively manages over 200,000 user accounts and provides access to these applications. Additionally, some applications are integrated with One Identity Manager to streamline account creation, such as setting up Exchange mailboxes.
How has it helped my organization?
One Identity Manager offers a variety of products in addition to Safeguard. These include Active Roles and tools for SaaS migration, all seamlessly integrated within the platform for a user-friendly experience.
One Identity Manager has been a fantastic tool for providing a single platform to manage user data and privileged accounts at an enterprise level. I was involved in its setup, particularly for privileged account management. With One Identity Manager, I've developed timed automations for tasks like account and group creation. This replaced the previous manual process, which was much less efficient. I've tailored workflows for five to six high-privilege accounts, including approval processes. Users now simply select the necessary group, submit their request, and the account is automatically created. One Identity Manager's customization options offer a great deal of flexibility.
We use One Identity Manager's business roles to map our company structure for Dynamic Application Provisioning. This involves creating business roles and assigning them to service items, which then establishes a connection. We increasingly leverage this method for dynamic role assignments as well. This approach is valuable because it allows us to achieve several objectives. Additionally, it enables the implementation of specific conditions or business logic, which is essential in situations where segregation is necessary. This flexibility allows us to create dynamic roles based solely on business needs and assign them to resources. As a result, resources can be automatically assigned roles at the time of request creation based on the training tool associated with the business role, streamlining the provisioning process.
In some cases, we have observed improvements. For instance, we are receiving a fewer number of tickets related to identity management. Additionally, by customizing features through One Identity Manager, we have achieved positive outcomes for our business.
One Identity Manager assists us in establishing a robust privileged access governance strategy to address security discrepancies between privileged and standard users. We've successfully automated provisioning and other processes for standard users through PAM integration within One Identity. However, for privileged users, we maintain separate accounts and policies. I'd like to explore whether there are additional features within One Identity that would allow us to streamline governance for both privileged and standard users within a unified policy framework.
One Identity Manager facilitates the consolidation of procurement and licensing processes. This translates to positive outcomes for our well-structured data and the license signing process. Consequently, Windows privileges have been elevated, and we can now easily manage multiple licenses within the system.
One Identity Manager helps to streamline application access decisions, application compliance, and application auditing. By integrating applications, we can define rules based on needs and apply them logically, achieving the desired outcome. Additionally, separate tables linked to the solution allow for easy management of certain properties.
One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. While we haven't fully utilized its potential, the software offers options for application and product owners to participate in the decision-making process. For example, we can configure notifications to be sent before assigning roles, allowing these stakeholders to provide input.
One Identity Manager helps us achieve an identity-centric zero-trust model. Since implementing One Identity Manager we have not had any security breaches.
What is most valuable?
One Identity Manager offers several features that I found advantageous compared to other tools. For instance, imagine two distinct teams: one responsible for administrative documentation and the other for development. With One Identity Manager, the administrative team wouldn't need to learn a separate design tool, as the platform offers dedicated features for both administrative and development tasks. This segregation of functionalities is helpful because it streamlines workflows and reduces complexity. For example, if we need to monitor backend processes, One Identity Manager provides a dedicated job queue with a visual representation, allowing us to easily identify any stuck jobs. Additionally, the platform is database-oriented, offering built-in filtering and browsing functionalities within the object browser, further simplifying data management.
What needs improvement?
One area where One Identity Manager could be improved is in database performance. When handling a large number of users, I believe that built-in indexing or other optimizations would be beneficial. This would reduce performance-related resource needs in a production environment. Additionally, it would be helpful to have more visibility into job aspects within the tool itself. Information like the number of jobs in the Data Designer, along with date logs, would allow us to directly manage and terminate jobs as needed. This would lessen our dependence on the database team. I believe that these improvements would streamline operations.
There are a few aspects of One Identity Manager's user experience that could be improved. Users sometimes find it confusing to navigate and understand how to use the tool effectively. As a result, customizing the front-end interface could be beneficial. For example, currently, users need to check multiple reports to gather complete information, which can be time-consuming and frustrating. Implementing a way to streamline this process, such as displaying relevant details directly within the application, could enhance user experience. Additionally, the current system requires manual creation of service catalogs for each application. It would be beneficial to implement pre-configured, out-of-the-box options for common applications like ServiceNow. This would save time and effort for administrators and improve the overall user experience.
While I'm comfortable making back-end customizations, I find front-end customization to be challenging.
It would be convenient if One Identity Manager offered a feature that allows bulk deployment and monitoring with a single click.
For how long have I used the solution?
I have been using One Identity Manager for eight years.
What do I think about the stability of the solution?
One Identity Manager is a stable product, but its frequent version updates can be challenging. If users choose not to upgrade, they only receive one year of support.
For example, we recently transitioned from version eight to nine, only to discover later that support for version eight would end after just one year. This cycle of upgrading every year is disruptive.
Ideally, One Identity would offer at least two to three years of support for each version. This would alleviate the pressure to upgrade annually and allow users to focus on core business activities.
How are customer service and support?
Currently, we are using the vendor's premium support due to a post-upgrade challenge. During this upgrade, our Active Directory experienced prolonged completion times, taking up to 30 hours for a single cycle. Fortunately, the One Identity support team was instrumental in resolving this issue.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Our organization previously used Microsoft Identity Manager, but we transitioned to One Identity Manager due to its greater functionality in access management and governance, coupled with a more user-friendly interface.
How was the initial setup?
The initial deployment process is simple; we have a transporter tool for that. However, for bulk deployments, we also use a custom tool. For instance, when deploying ten or twenty transport packages, deploying them individually and monitoring each one is time-consuming. Our IT consultant developed a tool that automates this process. We simply store the transport packages and provide a list, and the tool deploys them sequentially, even handling small compilations between deployments.
What's my experience with pricing, setup cost, and licensing?
One Identity Manager has a reasonable price point. Given the features and functionality it provides, the cost is justified.
What other advice do I have?
I would rate One Identity Manager eight out of ten. It is user-friendly and the out of the box connectors make it easy to integrate with any system.
Premier Support has significantly enhanced the value of our overall investment in One Identity Manager. There are several ways in which it has been beneficial. For instance, our developers appreciate the immediate support available for troubleshooting production issues. Without the expedited response times and dedicated resources offered by Premier Support, our business operations could be significantly impacted. We are confident that the standard support level would not be sufficient to address our needs on time.
We have over 30 people that utilize One Identity Manager.
I recommend One Identity Manager.
Learning One Identity Manager can be time-consuming due to the limited availability of online resources. While other products offer abundant tutorials and guides on platforms like Google and YouTube, information for One Identity Manager is scarce and often outdated. Additionally, readily available training materials are rare. As a result, self-learning without additional support or formal training can be challenging.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
One Identity Manager
December 2024
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Senior Risk Manager at a insurance company with 10,001+ employees
Offers a centralized platform, extends governance to cloud applications, and helps streamline application compliance
Pros and Cons
- "The tool's true advantage is its flexibility; it provides building blocks that can be easily assembled to create custom processes, much like constructing something with Lego bricks."
- "Upgrading to a new version is consistently challenging and time-consuming."
What is our primary use case?
One Identity Manager is our primary tool for managing identities and access, encompassing the entire employee lifecycle from onboarding to offboarding. This includes managing entitlements, requests, and approvals, enforcing segregation of duties, and conducting regular access recertification.
We are currently utilizing a hybrid model, where our primary SQL Server remains on-premises while some web servers have already been migrated to the cloud, with further cloud migration in progress.
How has it helped my organization?
We have integrated all our SAP systems with One Identity Manager, centralizing the management of accounts, entitlements, assignments, profile assignments, and other SAP-specific objects within the Identity Manager. This means we now handle all SAP identity and user management exclusively through One Identity.
One Identity Manager provides Identity Governance and Administration solutions. As an SAP company, our decision to use this product was primarily driven by its ability to manage SAP systems fully. The seamless integration with our existing SAP infrastructure is a crucial factor for us.
One Identity offers a centralized platform for managing and governing users, data, privileged accounts, and other critical enterprise assets. It serves as the authoritative source for identity and access information.
We realized the immediate benefits of One Identity Manager because it successfully reduced the manual workload as intended by the implementation project. By 2010, after approximately eight or nine months of work, we had integrated the system with SAP and had activated the portal. This eliminated the need for six to eight people previously dedicated to manual user management, resulting in significant financial gains.
We used One Identity Manager to extend governance to cloud applications, utilizing the SCIM interface for this purpose. While I believe this interface holds significant promise, it also requires further development. Overall, however, the support provided by One Identity was quite good from my perspective.
It helps us close governance gaps in server coverage across development, testing, and production environments. By demonstrating our adherence to regulatory requirements and identifying users with excessive entitlements, this tool enhances our compliance efforts and allows us to easily pinpoint potential security risks.
It partially helps us establish stronger privileged governance controls to mitigate security risks for standard users. We've also implemented a separate product account management tool. By combining these tools, One Identity now manages and approves permissions for the privileged access management tool, which in turn handles the technical release of access.
One Identity Manager assists with application compliance by enabling us to adhere to both regulatory requirements and internal guidelines. This is crucial because it provides central tools and a database for easily monitoring and understanding system activity.
One Identity Manager helps streamline application compliance by providing more transparency.
One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. We've streamlined entitlement requests by defining an approval process that leverages the organization chart within One Identity. This ensures that requests are initially routed to the appropriate line manager, who can then make informed decisions about approving or denying entitlements based on the employee's role and organizational structure.
What is most valuable?
It's difficult to identify the tool's core value because, initially, it seems to do nothing out of the box. Essentially, it's a framework that requires customization to align with specific processes. Nevertheless, its greatest strength lies in its ability to serve as a foundation for identity and access management processes. Standard functions like initiating workflows or requesting approvals are essential but expected. The tool's true advantage is its flexibility; it provides building blocks that can be easily assembled to create custom processes, much like constructing something with Lego bricks.
What needs improvement?
I would rate the user experience a six out of ten. While we have extensively customized the system, it's unclear whether these modifications directly relate to the One Identity implementation. Regardless, we continue to receive numerous complaints from users who struggle to understand how to request or perform actions within the One Identity Manager portal.
The ease of customizing One Identity Manager depends heavily on the user's knowledge of the tool. While customization is straightforward for experienced users, the tool is complex and requires significant expertise. Finding skilled individuals capable of maintaining or developing the system is challenging, particularly in Germany, especially with less than two years of relevant experience.
Implementing the business role functionality has proven challenging. While One Identity Manager offers potential solutions, effectively implementing business roles from the company's perspective is incredibly difficult. Unfortunately, One Identity does not provide tools or support to aid in identifying and designing appropriate roles, hindering the process.
The usability of the web shop is definitely an issue and could be improved.
One Identity Manager could be improved by enhancing connectivity to various cloud platforms, such as GCP, AWS, and Azure, as well as to cloud-based SaaS applications.
Upgrading to a new version is consistently challenging and time-consuming. This has been an ongoing issue for years. While necessary to access new features, upgrading requires complete system updates rather than individual modules. Subsequently, identifying and verifying changes in the new version is incredibly difficult. Our customization process mandates comprehensive testing of all functionalities after each upgrade, resulting in significant labor and time costs, making the overall experience highly burdensome.
For how long have I used the solution?
I have been using One Identity Manager for around 14 years.
What do I think about the stability of the solution?
I would rate the stability of One Identity Manager a six out of ten, but this is somewhat unfair as our tool is highly customized. Some of the issues we encounter might be due to our own customizations rather than inherent product flaws. While we do experience challenges with the tool, it's essential to remember that it's a framework requiring customization by most customers.
How are customer service and support?
The last time I used technical support was a few years ago; they resolved my issue quickly. We also have a strong relationship with the One Identity Manager team in Germany. As one of their earliest customers in the country, we know them well and may have received preferential treatment in the past. I hope this special consideration continues.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Our organization employs several identity management solutions, including One Identity Manager, SailPoint, Omada, and NetIQ. While these systems have their strengths and weaknesses, they are largely comparable in terms of overall capabilities. Given that we implemented One Identity Manager 15 years ago, and considering the substantial effort required to migrate to a new system, we've decided to continue using it. Although each solution can be effectively configured to meet our identity management needs, I haven't identified any unique, compelling advantages of One Identity Manager over its competitors.
How was the initial setup?
It is straightforward to set up for an experienced person who follows the documentation. Deploying one instance of One Identity Manager from scratch takes a couple of days. A team of two to three people is needed to set up a new environment.
What other advice do I have?
I would rate One Identity Manager eight out of ten.
Maintaining a single Identity Manager is complex, requiring a dedicated ten-person team to service the tool, resolve end-user issues, and ensure ongoing system operation.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Aug 12, 2024
Flag as inappropriateSME (Subject Matter Expert) at a insurance company with 10,001+ employees
A powerful, flexible solution for compliance and enterprise-level management
Pros and Cons
- "It is very powerful and flexible. It works at a very high level, but it can also be tailored as per needs."
- "It is slow. It has a bit of a bad reputation within the company because it is a slow product. That is the biggest drawback in terms of user experience."
What is our primary use case?
We use One Identity Manager as our primary solution for identity and access management. We use it for multiple functions including identity lifecycle, access management, provisioning, segregation of duties (SODs), and attestations. It is being used for the core IM functions.
How has it helped my organization?
We are a large insurance company based in Germany. We are compliance-driven. We have to fulfill BaFin requirements. BaFin is a governmental body that oversees banks and insurance. They have a big list of requirements that each financial institution needs to fulfill to stay on the market as a bank or as an insurance provider. One Identity Manager helps us to meet those requirements.
We differentiate between two types of accounts, personal and non-personal accounts. Personal accounts are accounts or usernames assigned to people, and then we have non-personal accounts, which are technical or service accounts used by software or machines. One of the BaFin requirements is that we have control of each and every account within the system. The sync editor is able to read each and every account into IAM. It discovers every account if you have given it the right to see everything in the SAP or any other system. The tool fulfills the base needs so that we can traverse every account available in the system and then match it to digital identities there, meaning that we get a linkage between each account and each digital identity that we get from the HR system. So, we do not have orphaned accounts or the ones that we are not able to match. It is up to each customer to utilize this. They can develop their own processes to handle this. They need to have their own processes to connect them, identify them, or report on them. There is not much that the vendor does there. It discovers them, and that is it. I am satisfied with what it offers. It fulfills our needs.
When it comes to core IGA, the functionality that we use is the life cycle of accounts. We use the life cycle of membership of these accounts into SAP roles, the membership of these SAP users, and the membership life cycle of SAP users in the SAP structural profile. These three are what we cover. There are also SAP groups and SAP profiles, but we do not actively manage them. From the access control structures, we use only this subset. That is all that we need. It is currently sufficient for our needs.
We use several objects to represent company structures. We use the department object and the location object, and we also use business roles pretty extensively. We have thousands of business roles in the system. If I traverse the table org, which is the technical name of the table, I will find thousands of entries there.
Compliance and automation are two reasons for implementing an IM solution. Automation helps save money. For compliance, even if we do not like it, we must install such a solution because we have to fulfill law obligations. We work actively on that and have a big team covering it. It will keep us busy over the next few years. The second one is automation. We have automated the whole onboarding process of employees within this company. Instead of having 50 different administrators, we have less than 10 administrators. It saves us money. We definitely save lots of effort for administrators of different systems. We save people and resources by automating and not having several dozen administrators for different systems. That saves us lots of money.
Another advantage is that it saves us time. We can onboard the person within a day in our company. As soon as the HR types in a new employee there and pushes it to us, we can provision the employee to all necessary systems roughly within a day. Without such a solution, it will probably take weeks.
It helps streamline application access governance. When you have different applications, such as Active Directory-based ones, SAP-based ones, and cloud-based ones, they all have different GUIs. They all have different approval processes. Once you connect them to a solution like One Identity, you have to order all of their entitlements through the IM WebShop, which is a web interface. There is a very homogeneous look and feel to how you order access to these applications. Otherwise, from the administration point of view as well as from the approval point of view, it is a very heterogeneous experience. Once you integrate applications with One Identity Manager, you get the same experience for your AD-based and SAP-based tools. Other competing products like SailPoint and Verix also provide a uniform experience.
It also helps with application auditing. That is one of the core features of the tool. We use it to audit the access to different applications and impose governance on these applications. The application life cycle is also one of the core features that we use. There is one package called the application onboarding package (AOB). We developed our own mechanism there about 15 years ago, so the tool does offer steps, and we utilize it.
What is most valuable?
I like the provisioning feature of One Identity Manager. It is very powerful and flexible. It works at a very high level, but it can also be tailored as per needs. They have something called Sync Editor. I personally like that one because I have a developer background. Currently, I have more responsibility within the company for this feature. I am one of the six subject matter experts (SMEs). My area is the reconciliation part.
Compliance with BaFin requirements is very important for us. If we do not fulfill them, our license can be retracted. If we do not fulfill these requirements, it is not good for the company. We use the identity life cycle. We use provisioning extensively. We use attestations, recertifications, and SODs. We need all these equally to fulfill the BaFin requirements.
What needs improvement?
In terms of user experience or intuitiveness, it is in the middle. I personally find it good. Based on the complexity, the vendor seems to have done a good job of providing a web shop kind of experience, similar to eBay or Amazon. You order something in the shopping cart and submit it. Another one approves it and it gets provisioned. It is in the middle because I have seen better and more lightweight interfaces. They are now introducing the Angular portal. There is a new design. It is better, but certain things are still a little bit hidden. It is not yet ideal. Things like attestations or segregation of duties are not that intuitive. People take time to learn. We need to train them on what they need to do. When we generate attestations, the guy who needs to attest does not intuitively know what to do. When it comes to SODs, it is even harder. People are unsure what exactly things mean there. We need to train these people. For core processes like ordering entitlements, they know what to do without any training or reading materials from us. For example, you order a group, somebody approves it, and then you get it provisioned. For such simple scenarios, we do not need to support them, but for the other cases, such as attestations and SODs, we need to write articles on the Internet. We need to do training. We need to actively support them and hold their hands.
The biggest complaint we get from the end users is the performance. When they click or submit something in the shopping cart, all the compliance checks for SOD rules are run. Sometimes, it takes two to three minutes for something to be submitted. It is slow. It has a bit of a bad reputation within the company because it is a slow product. That is the biggest drawback in terms of user experience. Performance has been a problem in the last 10 to 15 years. It is sometimes good and sometimes bad. Every now and there, you hear that performance is an issue.
The user interface could be more streamlined. The overlapping functionality among tools like the Sync Editor, Designer, Object Browser, and Manager needs better delineation. Currently, you have Sync Editor for synchronization. You have the Designer for scripts, procedures, and SQL development, and then you have the Object Browser for raw or low-level data adjustment there. You also have the Manager which is a user or operations management tool. These four tools overlap in their functionality. For example, you can administer schedules in Manager, Object Browser, and Designer. I see a little bit of overlapping there. You also have the Transporter that transports the code. If you open the binaries folder for tool installation, you will see 20,30, or even 40 files there. There are so many small tools for different things. They might have grown over time. They should differentiate a little bit between operations, development teams, and test teams. For operations, they have done a good job of centralizing things in the Manager tool, but for developers and testers, there is a little bit of overlap between Designer and Object Browser. There is one other tool called Web Designer. That one will become obsolete soon with Angular. Currently, some things can be customized by the operations teams in prod and some of the things need to come from the developers. The borderline is not very clear. There are gray areas. They might have fixed these things in the Angular portal.
Another thing that I do not like is that they are mixing useful data and code data in the same data model. Other tools such as SailPoint or Verix Identity are stronger in terms of the separation of useful data and code data, although they have worse data models than One Identity. There should be a cleaner separation between the actual usage data and code data.
For how long have I used the solution?
I have been using One Identity Manager since 2009, although back then it was known as Active Entry. I have been using it actively since 2011.
What do I think about the stability of the solution?
I would rate it a five out of ten for stability. As with all other products, it has bugs. It is buggy. When a new version comes out, there are issues with it. It then takes them some months or patches to make the version stable. If you take 8.0 or 9.0, those versions are usually buggy. I have spent 15 years with this product. There were always issues after they made some major release. It then gets stabilized. The product is buggy, but they work on it. After six to twelve months, they sort out everything, and then you get a more robust version.
What do I think about the scalability of the solution?
It has its advantages and disadvantages, but it is definitely scalable.
It is a good tool for enterprise-level management. It fulfills its role. In the Gartner Magic Quadrant, this tool has gone from the lower left corner to the upper right corner in the last ten or so years. It is definitely an enterprise-level tool. It is powerful, but it is slow. As soon as the company becomes very big and different scenarios need to be managed, it tends to be slow. Two years ago, there was a conference in Hagen, Germany. The vendor asked everyone about their thoughts about the product. They asked us the good or bad things about the product, and every second customer said that they had performance issues with the product. The product is very powerful. It is an enterprise-level software, but it is slow. As soon as you have a larger number of users or a larger number of systems connected to it or you have heavyweight scenarios, it becomes slow. Of course, it depends on how each customer customizes it and implements the features in it, but every second customer complained about the performance.
We have about 30,000 users. We have only one centralized instance for the whole company. We have four environments, and there are several different teams here. We have testing, development, and operations teams. We also have the requirements scoping team where the SMEs are. It has grown pretty big. In the beginning, there were just two to four of us doing everything, but now there are quite a lot of people. Different departments are doing different aspects of it.
How are customer service and support?
Their technical support is pretty good. We use standard customer support, which allows us to open tickets and receive fixes for bugs. While it is not state-of-the-art, I would rate their service as being in the better half, providing positive support experiences.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have worked with two other competing products. One is SailPoint, and another one is DirX Identity. All of these products have their advantages and disadvantages. There is no perfect product, but I find One Identity Manager to be the most powerful and flexible of the three.
I have a developer and IM architect background. When it comes to customization, One Identity Manager is very powerful and very flexible. It is not very easy, but it is definitely better than DirX Identity or SailPoint. The amount of energy that you need to invest is less compared to the other two products.
We have a separate solution for PAM or privileged account management, and that is CyberArk. I know that One Identity has its own safeguard solution, but I am not sure if that one is used in our company. Another team might be using it but not us. We are a big company. I know that this was one of the solutions that they were evaluating, but in the end, they decided to use CyberArk.
How was the initial setup?
Back in 2010, we had six months of evaluation. We did evaluate Tivoli and other products. We had a prototype. It took about six months before we went to production. We first started only with Active Directory and SAP, and then we kept growing it with additional target systems and additional features. It is comparable to other products in terms of ease of deployment. It is not simple. All these products are complex. It takes time to understand what they do. As compared to others, there is a middle complexity level to bring it live. Overall, it took about six to nine months.
We have the operations team to maintain it. There are several people in that team.
Which other solutions did I evaluate?
During the evaluation phase, we considered other solutions like Tivoli.
What other advice do I have?
I would definitely recommend this solution. I have influenced two companies in the direction of adopting it in Germany. They were evaluating this, which takes lots of money and time. One company even booked me and a colleague of mine and asked which one to go for between this solution and SailPoint. I definitely recommend this one.
I would rate One Identity Manager an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 7, 2024
Flag as inappropriateAssociate Cyber Engineer at a financial services firm with 10,001+ employees
It's more scalable and customizable than other products I have worked on
Pros and Cons
- "One Identity Manager is more scalable and customizable than other products I have worked on, and user customization isn't as complicated. Defender, One Identity's PAM solution, is useful for rotating passwords in the developer's evolving facilities."
- "The UI may need some improvement, but it's still great. GraphQL Cloud isn't quite visible yet to the end users, and they said there are some issues there because we have lots of users on board, so it takes time to reflect when the approval is going through and who they should contact to get it approved. The smoothness in that UI performance could be better."
What is our primary use case?
We use One Identity Manager for access control and identity management. It is the central repository for all our organization's users. It has all the access control points, role-based access control, security policies, single sign-on, password management, and privilege access management for all the stuff we did.
How has it helped my organization?
It's pulling the public Azure access, so we can identify who has the right level of access. And we have the SODs, the artifacts, and the scoring server. It helps us identify customers with that public access and whether it should be removed or managed by the owners.
It helps automate provisioning and launching application accounts. It will also investigate compliance issues. We already have some custom reports, and Identity Manager's built-in reports are quite helpful.
The solution empowers application owners or business managers to make application governance decisions by themselves without IT help. It has a lot of features that allow you to configure that.
What is most valuable?
One Identity Manager is more scalable and customizable than other products I have worked on, and user customization isn't as complicated. Defender, One Identity's PAM solution, is useful for rotating passwords in the developer's evolving facilities.
Customizing the UI and backend is easy if you understand the framework. It may take some time to learn, but it's not too difficult once you have it down. Business roles are a handy tool from One Identity that we can map multiple accesses in a single bundle and provide it to the users. You can also provide birthright access to this, so they don't need to request it once onboarded. We can assign them access based on a particular department or a job role.
What needs improvement?
The out-of-scope connection for the cloud data applications could be better. We have to contact the data on the connection center if it's coming out of the process.
The UI may need some improvement, but it's still great. GraphQL Cloud isn't quite visible yet to the end users, and they said there are some issues there because we have lots of users on board, so it takes time to reflect when the approval is going through and who they should contact to get it approved. The smoothness in that UI performance could be better.
For how long have I used the solution?
I have used One Identity Manager for four years.
How are customer service and support?
I rate One Identity support eight out of 10. We customized the system a lot when we were using a system. We had dedicated support from the vendor on the data side. They were for within the SLA time.
How would you rate customer service and support?
Positive
What other advice do I have?
I rate One Identity Manager nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Aug 7, 2024
Flag as inappropriateConsultant at a tech services company with 201-500 employees
Enables us to change, optimize, and update it at our convenience
Pros and Cons
- "My favorite feature is the ease of customization. You can change, optimize, and update it at your convenience. I haven't seen that in many other products available."
- "Because their company is so focused on just their tool and related technology, they can't support you much. At times, it becomes frustrating. While you are paying a little less than your competitors, you expect some support, compliance, or expertise from the company. If a certain load balancer is unable to handle your tool, you should know what load balancer would be perfect or what configuration you should use."
What is our primary use case?
I have been in various roles. I have been a developer, an operational manager on this One Identity tool, and also a product analyst. We have used it in various phases.
I'm an official partner. The consultants I work with have provided me with a consultancy license, and the clients have their own licenses, but we work with our own licenses. Whenever there is a vendor bug or something is needed, we use our license to raise a ticket on behalf of our client.
The consultancy that I work with has been One Identity's Partner of the Year for the last five years. We have offices in Europe, the Middle East, Asia, Africa, and the Americas. In Europe, the Middle East, and Africa, we have been the top partner for the last three years, and in Asia-Pacific, we have been the top partner for the last year.
We have a license program with them. When we sell the product, it's a partnership between One Identity and us. They get a share of the profit, and we get a share. The client pays the full price of the product.
How has it helped my organization?
One Identity is cost-effective compared to the market. It offers functionalities and features at a very low price relative to ForgeRock or SailPoint. The first advantage you see is the heavily reduced cost.
There are also some other aspects. For example, it provides a lot of functionality out of the box. You don't need to spend money on external developers to customize or do some special configuration that requires a person for additional maintenance. Other than that, there are some additional security features like attestations and approval features that are intuitively made inside.
These features give you an advantage immediately, and in the long run, they simplify the audits. You don't have to be around the auditors every time to explain things. You give them a specific account to use for the audit and allow them to play around with the tool.
One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. We have four or five environments. Based on that, there are configuration parameters with which you can segregate between every environment. It's quite easy and configurable.
Depending on which modules you install, it helps to close the security gap between privileged and standard users. In Identity Manager, there is a module called Application Governance. If you install that module, you get that functionality or features, but many clients prefer a custom implementation. IGA is not supposed to provide PAM-related functionalities. That's why they sometimes push clients to take a bundle of IAM and PAG solutions together, which is One Identity Safeguard.
With Safeguard, you can cover your privilege and identity access management. In fact, you can control the access governance of who has what access in your PAM environment through the Identity Manager itself. They are interconnected, but Identity Manager can't independently give you this functionality.
One Identity Manager helps us consolidate procurement and licensing. Who has what permissions and their validity is well maintained. Most of them get attested every three or four months, depending upon the configuration. You can see which licenses are needed. In fact, in the newer version, since version 9.x, they have a new field showing when the license was last used or how actively it is being used.
Sometimes, if it senses that it has not been used for one year or one and a half year based on the configuration parameters, it will send an email that we have not used it for this much time, so we will remove it. It will remove it with no questions asked. So it is quite smart enough to handle those licensing decisions.
The solution helps streamline application access decisions. Every application has the necessary groups and entitlements assigned to it, so you can independently streamline their workflows. It's a highly customizable tool that lets you group together workflows for, say, 10 Active Directory applications because they are all in the AD domain. You can assign a single workflow for them.
However, if you want every application to have a different workflow or access management, you can assign that. From inside the application governance module, you can assign the privilege level and how privileged or sensitive the accesses are. Depending on that, it will provide the threat and fraud level or what approvals might be needed. So all these are quite intuitive and smartly managed.
The application compliance is handled quite well. It isn't great because it tends to create performance issues in the system. Compliance issues are calculated reactively and proactively. There are two types of SODs: prevention and detective. It's smart enough to detect it, but this can lead to performance issues because of the size of the system you are working with. This is something that has to be done by the manager. You can make your system digest the performance degradation to keep the SOD at an expected level.
Application auditing is pretty much what is called attestation, and it's mostly provided out of the box, but a lot of customization is possible here. In most cases, I have seen customization being done also here. Depending upon that, you can configure it in various ways. You can have multiple attestation policies attesting various things, or you can have a single attestation policy handling multiple things. You can configure and schedule it accordingly and define the approval workflows of those attestations. If an attestation is rejected, what should be the action? If it's missed or raised, no one decides how it should be handled. These are well handled.
Many governance decisions can be made without IT intervention. Most things are pretty self-explanatory in the web portal. You get an email or a notification on the web portal. At most, what happens is that people get so many notifications because they are a backup owner for so many things that sometimes too many notifications come down to them. Other than that, I haven't seen anyone complaining that they don't understand what they need to do when it comes to approval.
What is most valuable?
My favorite feature is the ease of customization. You can change, optimize, and update it at your convenience. I haven't seen that in many other products available.
We use One Identity Manager to connect to SAP IDM. SAPconnect target systems are integrated into One Identity Manager, and we've made several SAP connections we have made with One Identity Manager. The solution connects with Snow, which you can use to manage your disconnected systems.
Most clients I have worked with prefer a custom approach. So some prefer Snow, some prefer some other IDM tool with which they want to manage their disconnected systems. So, yeah, you can say yes and no, to be honest. Like, yes, there is a functionality that has been provided, but it's not very matured enough. So that's why I believe clients tend to be a little customized on that front.
One Identity Manager connects SAP accounts to employee identities under governance. That's completely autonomous. Once the target system connection is made, the product is available in the IT shop web frontend. You can order it from there. One Identity Manager handles it by itself. You can customize, but usually the vendor has created an out-of-the-box functionality to do all these operations.
The solution provides IGA for the aspects of SAP that are more difficult to manage. With One Identity Manager, the good thing is that you can customize. In most of the clients I have worked with, the T codes or different custom SAP tables were later introduced in a greenfield project, you don't see these custom tables more often. Out of the box, the SAP connector gives you around 32 to 36 tables in the SAP target system that are more generic tables, but there are custom tables about the T roles or the special attributes. You can customize your connector accordingly, so there is an XML parser provided in the sync editor. You can use it to achieve all those operations.
I'm unfamiliar with SAP-related workflows because clients don't have any specific SAP workflow. They have their own workflows, and One Identity Manager is configured for various product approvals. That's how they are managed. If you want to create a customized workflow, whether it's SAP HANA or any other product-specific workload, you can easily create it.
One Identity Manager provides a connection with Snow, where you can manage your disconnected systems. Most of the clients I have worked with prefer a custom approach. Some prefer Snow or another IDM tool to manage their disconnected systems. There is functionality that has been provided, but it's not mature enough. I believe clients tend to be a little customized on that front.
It connects SAP accounts to employee identities under governance. It's completely autonomous. Once the target system connection is made, the product is available in the IT shop web front end. You can order it from there and everything. One Identity Manager handles it by itself, so you don't need to customize it, but the vendor is given an out-of-the-box functionality to do all those operations.
One Identity offers a single platform for enterprise-level administration and governance of users' data on privileged accounts. The good thing is that much of the functionality comes out of the box. You don't need to customize if you don't want. In a greenfield project, this tool is optimal for those purposes. If the user number is around 1 million or under that data scale, it's a good tool to run on from the IGA perspective. With One Identity, they don't want to focus on IGA. They want to expand the horizon of cybersecurity. There are native tools like Safeguard and others. You can even integrate your PAM accordingly with your IGA and IAM.
There are two types of interfaces in One Identity. One is the phased-out interface, which was known as a web designer. This is getting phased out with Angular now. Angular was one of the lagging points where the user interface was not up to the mark with the out-of-the-box functionalities. Many customers had to customize heavily to get a level of intuitiveness. Now, Angular's web portal has been notched up. You get AI suggestions, IntelliSense, and lots of fraud detection out of the box, like threat level. It's been improved in the recent version, and it's been working phenomenally well.
Business roles are used extensively, and custom implementations are done over business roles. The number of cloud apps I would be telling is a little less because their Starlink connector still hasn't matured enough. It's still not a high-performance tool, but it has the capability to do so.
Nowadays, every organization has almost at least a few apps in the cloud. It's important even if the organization is heavily based on on-premises infrastructure. With this tool, you get so many things that work with this cloud infrastructure, it doesn't let you down completely. When you compare the performance of this with a native PowerShell connector or SAP connector, for example, you feel that the performance could be enhanced a little bit. It's something that is becoming mature in the latest versions. I'm confident they will improve it further in the upcoming versions.
What needs improvement?
One area for improvement is zero trust. Besides that, performance is a big factor. I've heard from multiple clients that One Identity's front end is not so performance-optimistic. It depends on how you have configured and deployed the system. At the end of the day, I would say that's something they need to improve.
Still, whenever a critical bug is released, they address the defect pretty quickly compared to any other competitors in the market. At the same time, there is a problem with support. They have limited knowledge about things that may affect their tool. You are deploying this tool in a client's environment, and multiple things would impact it, like proxy servers, load balances, other infra technologies.
Because their company is so focused on just their tool and related technology, they can't support you much. At times, it becomes frustrating. While you are paying a little less than your competitors, you expect some support, compliance, or expertise from the company. If a certain load balancer is unable to handle your tool, you should know what load balancer would be perfect or what configuration you should use.
For how long have I used the solution?
We have used One Identity Manager for five and a half years.
What do I think about the stability of the solution?
I rate One Identity Manager eight out of 10 for stability.
What do I think about the scalability of the solution?
I rate One Identity Manager nine out of 10 for scalability.
How are customer service and support?
I rate One Identity support seven out of 10. I have done multiple tickets. I am in touch right now because I'm in the middle of an upgrade for a major client for One Identity. I have been closely in touch with them. At times, there are things that can impact their product, like load balances that are part of the product when you deploy it in a matured environment.
In those cases, they can't support you much because they just say that load balances or these things are not something we support. You have to get the support from the necessary vendors they have, and those vendors say, "We are the load balancer. We don't support your tool. You need to go back to your vendor."
You're between two things. At times, it seems like a big company that is not very new to the market should have the basic knowledge or idea of how to get these things up. There are performance issues for so many clients of One Identity, but they can't give you a concrete answer. They can tell you that there is an infrastructure issue, but they lack the knowledge of the infrastructure issue, that knowledge is quite lacking in them. I would say that is something they need to improve.
We don't use the premier support. There are two types of support: one support is between the partner and the firm, and another is between the client and the product company. For the premium support, One Identity provides certain employees, developers, or consultants from their own company. It's the most exclusive contract you can have with them.
The second type of support involves giving you the product, the support portal, and some sort of knowledge. Then, maybe you can hire someone from them for a limited period of time. The predominant work that you need to do with the product, like deployment, maintenance, development, or bug fixes, you do via some partner companies like us.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used SailPoint Identity. One Identity Manager is much better. One Identity Manager is better on a smaller scale of employees. It can handle a scale of half a million or one million, but beyond that, SailPoint is a better tool.
How was the initial setup?
Deploying One Identity Manager is easy and standardized. If it's a greenfield project, the initial deployment should not be difficult if you know your stuff. A proper runbook would be helpful. In our consultant's company, we usually share these runbooks with new consultants who join and who will deploy it into a new client's location.
These come in handy. Otherwise, it can be a little tricky, especially if you are upgrading an existing environment. At that time, it depends upon what sort of data situation is present in the database that you are upgrading. It can become tricky if the consistency checks are not matched or there are some weird data scenarios. Otherwise, it's quite a smooth process.
If it's a standardized deployment, one person is more than enough to handle it. The deployment has two parts. One is the database upgrade, which takes between 30 minutes to two hours. Then, there's the app and web server installation. If it's an upgrade, you can upgrade it in 10 to 15 minutes, but a new installation takes 30 minutes.
What's my experience with pricing, setup cost, and licensing?
The pricing of One Identity Manager is competitive. Compared to its competitors, One Identity is priced quite brilliantly. ForgeRock and Sailpoint cost about 1.5 times, making One Identity quite economical.
What other advice do I have?
I rate One Identity Manager nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Jul 28, 2024
Flag as inappropriateIAM Lead Consultant at iC Consult GmbH
The solution has the biggest out-of-the-box feature set
Pros and Cons
- "One Identity has the biggest out-of-the-box functionality set. I've worked with other platforms like SAP that have a lot of features, but One Identity Manager is on top."
- "The migration from one version to another requires a huge amount of effort. The user interface could be modernized. The old one is outdated and will be completely deprecated next year."
How has it helped my organization?
The time needed to see the benefits depends on how you roll it out. You have two or three primary areas where you see the benefits. One is from the operations and process perspective. If you automate the processes, you can make a mess because the system creates the identity from the HR system and provisions it for all the target systems, like Active Directory.
This is one area where your processes will be more mature because they're all automated. Another area is governance because you collect all the data from different systems into one system. Manager lets you start to govern the data when it comes to entitlements.
Identity Manager helps you minimize gaps in governance coverage among test, dev, and production servers. It depends on your setup, but if you have it configured correctly, it will help.
We can close the security gap between privileged users and the standard users. However, it depends on how you define privileged users because this might be might have different meanings. From a business perspective, you have users who are business-critical. You can set up these compliance rules to control this and have additional checks if required.
A typical use case is setting up privileged users twice a year or a recertification campaign compared to standard users. The other point of view you need to consider is the typical admin accounts with critical entitlements and permissions to applications that have significant positive or negative impacts on the organization.
It streamlines application decisions, improving application compliance. That's what makes One Identity strong. It's like an octopus with lots of connections to your environment and applications. You get the old data and create your rule set and governance based on that. At the end of the day, these applications or entitlements are under the control of your rule set.
One Identity streamlines application auditing. If the application is under Active Directory, you have security groups where the permissions are managed in the application. It's easy because you have a standard connector, which means all the application permissions are automatically managed and controlled in One Identity Manager.
On the other hand, if you have an application with its own user and application governance, you must integrate this with an appropriate API integration. If this isn't possible, you need a ticketing system in between with a manual process. You are good if your process aligns with your governance and audit.
What is most valuable?
One Identity has the biggest out-of-the-box functionality set. I've worked with other platforms like SAP that have a lot of features, but One Identity Manager is on top.
One Identity provides an enterprise view of the more logically disconnected SAP accounts. It has the strongest SAP connector on the market and it can fully replace SAP centralized administration. It connects SAP accounts to employee identities under governance. One Identity is the only solution that offers IGA for the harder-to-manage aspects of SAP on a deep level.
It has out-of-the-box SAP workflows and allows you to customize workflows, but you need an SAP specialist to handle these customizations. One Identity provides a comprehensive perspective for governing identity and access processes, reports, compliance stuff, etc.
One of the biggest challenges organizations have is setting up borders with other processes and enterprise applications like ServiceNow. You could handle these processes, but it would make no sense. A typical example for better understanding is the joiner-mover-lever process of an employee and the topic of hardware where an employee gets their notebook, mobile phone, etc. These are something you would not challenge in a solution like One Identity.
It can be easy to customize depending on the integrator's expertise. It has many out-of-the-box functionalities, but it also provides full flexibility to customize it. You can do it the right way or the wrong way, and this depends strongly on the integrator's knowledge and expertise. You can build on out-of-the-box elements or code everything from scratch, but this is not recommended.
One Identity's business roles are one of the most critical features. They enable you to reflect the entire entitlement structure up to the manager abstraction layer. For example, you can form a role for marketing and assign access to everything people in the marketing department need to do their work, including all the entitlements on the Active Directory and Azure levels.
You can also assign a role to the IT shop, so people can request roles through the UI that are automatically assigned by the marketing team. Without these role functionalities, people would need to know the exact entitlement they need to have for the work, or someone from the service desk needs to know which entitlements are required.
That adds additional pitfalls when you are not using roles properly. People can choose the path with fewer obstacles. They can find the people in the marketing department and copy-paste the entitlement, which might be a way but not the correct way when it comes to audits and revisions.
We have started extending governance to cloud applications in the past two or three years. It has challenges because it strongly depends on the cloud applications and especially on the API end endpoint. The connection is done technically on the API level, so you are strongly dependent on the restrictions of the API.
What needs improvement?
The migration from one version to another requires a huge amount of effort. The user interface could be modernized. The old one is outdated and will be completely deprecated next year.
For how long have I used the solution?
I have worked on One Identity Manager for nine years as a consultant. I am the person companies call when they need someone to introduce and integrate it with their enterprise.
What do I think about the stability of the solution?
One Identity is a mature, stable system. Issues can happen, but it's generally stable.
What do I think about the scalability of the solution?
There are two points that affect performance. One is the power of the database system because the application is strongly database-focused. Adding memory and processing speed on the data base level has a huge impact. These are mostly virtualized, so that's typically quite easy.
The second level is on the back end where you have so-called drop servers. If you don't have enough, you can install new ones, add them to the queue, and you are good.
How are customer service and support?
One Identity support has a lot of room for improvement. I work with support for my clients identifying bugs and issues, and the quality has gone down considerably in recent years. The premium support is somewhat better.
If you get a good support engineer and the issue is obvious, I would rate One Identity support eight out of 10. If you get a new technician dealing with a sophisticated problem, I would rate their support two out of 10. For a mixture, I would say a five out of 10.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
My company has worked with all the big players in this field, including SailPoint, Omada, and Saviynt, so I have some knowledge of these products.
One Identity is one of the best products on the market, but it might be too overloaded compared to some of the others. Some smaller organizations may not need a full-stack solution. A lighter or cloud-based solution would be a better fit for them.
How was the initial setup?
We integrate One Identity for other companies, so we have it deployed on a test environment to demo it. Europe is more on-prem, whereas companies prefer deploying to the cloud in the United States. If you have the prerequisites ready, you can deploy it in one day. The only maintenance involved is updating the solution.
What's my experience with pricing, setup cost, and licensing?
I'm not involved in procurement. One Identity isn't the most expensive, but it's not the cheapest. It depends on what the clients need.
What other advice do I have?
I rate One Identity Manager eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Aug 15, 2024
Flag as inappropriateSolution Engineer at a consultancy with 501-1,000 employees
Offers immediate benefits, streamlines access decisions, and streamlines application compliance
Pros and Cons
- "I greatly appreciate the initial approach provided by One Identity Manager."
- "The user interface design could be improved, especially during checkout and navigation."
What is our primary use case?
We utilize One Identity Manager for user identity access management and troubleshooting, all founded upon dynamic roles.
How has it helped my organization?
I appreciate One Identity Manager as a comprehensive platform for enterprise-level administration. Its centralized approach to identity management eliminates the need to search for or connect to multiple products simultaneously, allowing for efficient and streamlined management of various aspects of identity administration. For instance, while products like Active Roles within One Identity can manage roles, I believe One Identity Manager provides a more cohesive and integrated solution, offering a central hub for all identity-related tasks.
The One Identity Manager is generally intuitive for most users, allowing quick access to all features.
The benefits are almost immediate. Everything we see in the program, the interface, and other tools happens online. With One Identity Manager, we can monitor and manage everything almost instantly in near real-time.
It streamlines application access decisions and application compliance.
One Identity Manager has streamlined our application auditing process. It is an invaluable tool, particularly during implementations or complex projects. Its visual interface and quick user search functionality are indispensable when dealing with real-world scenarios. Although we sometimes utilize other One Identity tools, Manager remains our go-to for the most detailed information. The Manager instantly reflects on any changes, ensuring up-to-date and accurate data.
It empowers application owners and line-of-business managers to make informed governance decisions without IT involvement. As a former identity access management consultant, I found this tool invaluable for helping clients centralize and streamline the management of their applications.
One Identity Manager assists in implementing an identity-centric zero-trust model. This approach, which emphasizes the importance of identity verification, was a cornerstone of my DevOps team's security practices. Zero-trust is crucial because it prevents unauthorized access, even when changes to the application are visible. In such scenarios, trusting no one is essential, as any individual, including threat analysts, system administrators, or consultants, could make modifications. An identity-centric zero-trust model empowers employers to monitor all changes their employees make, ensuring precise accountability.
What is most valuable?
I greatly appreciate the initial approach provided by One Identity Manager. It's beneficial because we can easily view nearly all the information about our users without extensive searching. Access to users and groups is rapid. For instance, if a user has standard connections, such as Active Directory, LDAP, or SAP integrations, we can readily access information based on their identity. This is a fantastic feature.
What needs improvement?
The user interface design could be improved, especially during checkout and navigation. The web portal, for instance, can be confusing at times, with buttons and steps not always clearly defined. This can hinder efficient task completion. The portal should include quick guides to assist users, as the descriptions can sometimes be challenging to understand.
I used several cases to ensure consistent governance across test, development, and production servers. While this approach is common with transports and other tools, it's less familiar in One Identity Manager. I found the One Identity Designer more suitable for this task. Therefore, One Identity Manager is not optimal for achieving this goal.
For how long have I used the solution?
I have been using One Identity Manager for almost seven months.
What do I think about the stability of the solution?
We experienced stability problems due to One Identity's version updates, which often need more detailed information about changes on their portal. This has forced us to roll back versions multiple times, resulting in service disruptions that lasted up to five hours.
What do I think about the scalability of the solution?
One of the most important aspects of One Identity Manager is its scalability, allowing us to efficiently manage all of our applications in a centralized location.
Which solution did I use previously and why did I switch?
I have used SailPoint and ForgeRock by Ping Identity. While SailPoint is similar to One Identity Manager, it offers a better approach to both the front and back end. Its overall design is notably more effective.
How was the initial setup?
The initial deployment of One Identity Manager was challenging due to the tight three-day deadline imposed by my company. To ensure a successful implementation, I needed a solid foundational understanding of the system, which proved complex given the intricate schemas involved. These schemas, underlying the One Identity interface, connect to massive tables, making the SQL approach behind them more reliant on a traditional schema structure. One Identity's proprietary schema, however, presents a significant learning curve. Without adequate mentorship or guidance, navigating this complexity could be daunting. A thorough understanding of how the various tables interact and the overall workflow requires at least a month of hands-on experience with the tool.
One person is enough to complete the deployment.
What other advice do I have?
I would rate One Identity Manager eight out of ten. The solution is good but needs more documentation and better descriptive errors.
The One Identity Manager is a good starting point for beginners to customize, but the One Identity Designer offers more flexibility for creating complex automation. While the Manager is simplified and easier to understand, the Designer allows for greater customization. The Manager is sufficient for basic task customization, but for more advanced automation, the Designer is essential.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Sep 2, 2024
Flag as inappropriateBuyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
Microsoft Entra ID
SailPoint Identity Security Cloud
Omada Identity
Fortinet FortiAuthenticator
ForgeRock
Microsoft Identity Manager
Oracle Identity Governance
SAP Identity Management
OneLogin by One Identity
NetIQ Identity Manager
EVOLVEUM midPoint
Symantec Identity Governance and Administration
RSA Identity Governance and Lifecycle
OpenIAM Identity Governance
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which one is best: Quest One Identity Manager or Forgerock Identity Management
- Looking for an Identity and Access Management product for an energy and utility organization
- Which Identity and Access Management solution do you use?
- Sailpoint IdentityIQ vs Oracle identity Governance
- OpenIAM vs Ping identity
- Which is the best legacy IDM solution for SAP GRC?
- What are some tips for effective identity and access management to prevent insider data breaches?
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- How to convince a client that Identity and Access Management (IdAM) is essential for risk elimination?
- What access management tools would you recommend to help with GDPR compliance?