One Identity Manager Reviews

One Identity Manager serves as our centralized identity governance and access management solution across the organization, primarily used for managing the complete user life cycle including onboarding, role-based access, provisioning, and offboarding.

In daily work, we use One Identity Manager for onboarding new users where access is automatically assigned based on their role. Recently, it helped us quickly provision access for multiple users without manual intervention, saving time and reducing errors. It also ensures proper access removal during offboarding, improving overall security.

Apart from life cycle management, we also use One Identity Manager for periodic access review and compliance reporting. It helps maintain visibility over user access across the system and ensures policies are consistently enforced. Overall, it adds strong control and governance to our environment.

One Identity Manager offers strong automated identity cycle management, which reduces manual effort, and it provides role-based access control and self-service access requests, making access management smooth. The compliance reporting and audit capabilities are very useful for governance, and its integration with multiple systems, both on-premises and cloud, gives complete visibility and control.

The automated identity life cycle management makes the biggest impact for our team, as it significantly reduces the manual effort in onboarding or offboarding while ensuring users always have the right access. This improves both efficiency and overall security.

One Identity Manager has improved our efficiency by automating user provisioning and reducing manual effort, and it has strengthened our security by ensuring proper access control and timely offboarding. It also made audits and compliance reports much easier and more streamlined.

One Identity Manager would benefit from enhancements in flow customization and faster performance in large environments to make it more efficient. Overall, it is a strong solution with great potential to evolve further.

From a user experience perspective, a more intuitive and modern user interface would make One Identity Manager easier for new users to adapt to quickly. Additionally, while support is generally good, faster response times in complex cases would enhance the overall experience. The current support and documentation are already quite helpful.

I rated it nine because it already delivers strong identity governance, automation, and reliability in day-to-day operations. To make it a perfect ten, a more intuitive user interface, a faster initial setup, and slight improvement in performance for large scales would make the experience even smoother.

I have been using One Identity Manager for the last three years.

One Identity Manager is stable.

One Identity Manager is highly scalable and works well for enterprise environments. It can handle large user bases, even millions of identities, and support both horizontal and vertical scaling as needed. Overall, it performs reliably even as the organization grows and adds more systems.

Customer support for One Identity Manager is generally good and responsive, especially for standard issues. The support team has strong technical expertise and provides helpful solutions when needed.

We were using a more manual and partially automated access management approach earlier, and we switched to One Identity Manager to achieve better automation, centralized control and management, and strong governance. It also provides more scalability and improved compliance compared to the previous setup.

The initial setup cost might be slightly high, but it is justified by long-term value and automation benefits.

We have seen the return on investment after implementation with around a 60 percent reduction in manual effort for access management, and onboarding times have decreased significantly. It also reduces the dependency on additional resources for routine tasks, and audits are now faster and more efficient, saving both time and operational cost.

The pricing and licensing of One Identity Manager are reasonable considering the features and capabilities it offers for enterprise use.

We have evaluated a few other identity governance solutions such as SailPoint and Microsoft Identity Manager. However, we chose One Identity Manager due to its strong automation capabilities, flexibility, and better fit for our hybrid environment.

Once properly configured, One Identity Manager becomes a very efficient and reliable solution for handling identity governance at scale.

We have seen around 60 to 70 percent reduction in manual effort for user provisioning and access requests. Onboarding time has reduced significantly, and access-related errors have also decreased. Additionally, audit readiness has improved with faster report generation and smoother compliance checks.

I would recommend clearly defining your identity and access requirements before implementing One Identity Manager. Invest time in proper initial configuration and role design, as that makes a significant difference later. Also, leverage automation features fully to get the best value and efficiency from the solution.

One Identity Manager is a powerful and reliable solution for identity governance and access management. It has helped improve efficiency, security, and compliance in our organization. With continuous enhancement, it can become even more user-friendly and impactful. I rated this solution a nine out of ten.

Hybrid Cloud

Microsoft Azure

I am currently working with One Identity Manager, and I was previously working with it before I switched to SailPoint, but now I'm back working with One Identity.

In my previous organization, I was working with One Identity Manager in a personal capacity and we were also switching it to other customers to use it as a specific tool for their IAM operations. Currently, it serves as our in-house identity lifecycle management tool.

We use One Identity Manager for governance purposes, whether it involves the governance side of things, identity lifecycle requests, or anything similar. We utilize it for multiple purposes.

We have a couple of vendors for One Identity Manager, but we also work directly with it. We usually take support from a couple of outside vendors.

One of the best features in One Identity Manager that I really appreciate is its high customizability. When I was one of the vendors customizing the demo, it allowed me to tweak things according to our requirements, which I find not available in other IAM solutions.

The advantages of One Identity Manager include its high customizability and the existing workflows that cover a wide range of processes without having to start from scratch.

We have the SAP module in One Identity Manager. We would be using a central account to connect SAP accounts to employee identities under governance.

Being a central account for SAP is important because it helps to remove a lot of discrepancies and makes life easier, especially since SAP is integrated into almost all large-scale organizations.

One Identity Manager does deliver specialized workflows and business logic for SAP.

We do have support from One Identity, but I'm not sure about the Premier Support.

One Identity Manager definitely helps to streamline application governance aspects such as application access decisions, application compliance, and application auditing.

Streamlining application governance enables us to find gaps and manage risks associated with accounts, whether they are privileged or non-privileged, according to our policies.

One Identity Manager does help minimize those gaps in governance coverage among test, dev, and production servers.

There are different roles for the test and dev environments, making the governance aspects manageable.

One Identity Manager has helped us achieve an identity-centric zero-trust model, which aligns with one of the four IAM principles.

I rate it at seven because although for a user there is a front end that is simple, the back-end has so many tools that it's quite complicated. I prefer SailPoint or Saviynt where everything is in a single view, making it easier to work with.

Customizing One Identity Manager for my particular needs is complicated.

The customization can be a double-edged sword. While we can customize everything, it complicates things, and sometimes it leads to problems in the future.

I'm looking forward to the improvements with version 9.2 launching the Angular portal, as the previous Web Designer was problematic. I would appreciate a clearer approach to customization.

I understand that the customization is quite complex.

Instead of having multiple tools for backend and users, I would like to see a single screen solution in One Identity Manager.

I would like to see more specificity regarding timelines for missing features being requested, as One Identity Manager needs to improve in that area.

I have been working with One Identity Manager for close to almost three years.

I'm not sure if our One Identity partner helped with the implementation because we have been using One Identity Manager for more than ten years. Everything is implemented, and we are just upgrading, but I would not say they help us with any implementation.

I'm not sure if One Identity Manager provides IGA for the difficult to manage aspects of SAP, such as T-codes, profiles, and rules.

I'm not working on that part of SAP connectivity, but I understand that the integration of SAP is essential in any IGA tool and it should be simple.

I ask questions to the tech support team and they provide solutions.

I rate the tech support at six. I would have rated it seven, but since I rated One Identity Manager at seven, I give them a six.

I'm not sure if One Identity Manager helps with procurement and licensing since I haven't worked on that side of things.

The onboarding process was different for me since I worked as an engineer and developer, but generally, it's straightforward for others.

I would appreciate clarification regarding how I assess One Identity Manager for providing an enterprise view for managing logically disconnected SAP accounts.

I don't have insights into return on investment with One Identity Manager. A business person would be more suited to answer that question.

I have a rough idea that One Identity Manager is comparatively cheaper to implement than other tools, but I don't know the exact pricing.

I have experience working with other identity management solutions such as Saviynt.

The key differences between One Identity Manager and competitors are that others being based on Java give them a competitive edge, while One Identity Manager is shifting to Angular but remains based on .NET. Other tools have single screen solutions, making navigation easier, while One Identity Manager's interface can be slightly slower.

On-premises

One Identity Manager is our primary solution for centralized identity governance and lifecycle management across the organization. We primarily use it for automating user provisioning and de-provisioning, managing access rights based on roles, and ensuring compliance through regular access reviews. It also helps us maintain strong audit trails and enforce least privilege access across both on-premises and cloud systems.

A common day-to-day example is onboarding a new employee across multiple systems. Once HR creates the user in the system, One Identity Manager automatically provisions access based on their role, such as email, ERP, and internal applications, without IT manually setting each permission. This has reduced delays and eliminated errors from manual setups, especially in large onboarding batches. It also automatically removes access during offboarding, which has been very helpful for security and compliance.

One Identity Manager is particularly useful for access certification and audits. We regularly run review campaigns where managers verify whether their team members still need specific permissions, and One Identity Manager makes that process structured and trackable. It also helps us reduce access creep over time, since unused or excessive permissions are easier to detect and clean up. Overall, it has become a core tool for keeping identity governance consistent and compliant.

The best features One Identity Manager offers are its identity lifecycle automation, role-based access control (RBAC), and access governance attestation capabilities. The lifecycle automation stands out because it tightly controls onboarding and role changes with minimal manual effort. What we value most is access certification, which makes audit and compliance much easier by keeping access rights continuously validated.

One Identity Manager has had a strong positive impact on our organization, mainly by improving security, compliance, and operational efficiency. We have seen a clear reduction in manual identity administrator tasks, which has freed up IT teams to focus on higher-value work instead of repetitive access requests. It has also improved our audit outcomes because access is consistently governed and fully traceable through certification and role-based controls.

We saw onboarding time drop from roughly one to two days to a few hours because most access provisioning is now automated through roles. Additionally, access-related help desk tickets went down approximately 30 to 40 percent, mainly due to fewer manual errors and missing permissions.

One Identity Manager can be improved in its initial setup and configuration complexity, which can be quite heavy, especially in large hybrid environments. It often requires a steep learning curve and strong in-house expertise to get workflow and role models right. We have also found the user interface for certain administrative and reporting tasks could be more intuitive and faster to navigate, particularly when dealing with large datasets. Better out-of-the-box dashboards and simplified reporting would make day-to-day governance easier for non-technical users.

I have been using One Identity Manager for the past one year.

One Identity Manager is stable.

One Identity Manager's scalability is generally considered highly scalable for enterprise environments, especially while dealing with large numbers of users and complex hybrid infrastructure.

My experience with the customer support team of One Identity Manager is positive.

Before One Identity Manager, we did not use any other solution.

We did not evaluate any other option before choosing One Identity Manager.

The advice I will give to others who are using One Identity Manager is to invest heavily in proper designing and planning upfront, especially around roles, policy, and lifecycle workflows. One Identity Manager is very powerful, but it performs best when the identity model is clean and well-structured from the start. I would rate this solution a 10 out of 10.

On-premises

Other

It is mainly an identity governance tool. It is being used to collect, for example, any new employee records or employee records in general from HR systems, such as Oracle, SAP, and Workday, and then push it downstream for systems such as Active Directory, Exchange, etc. This is the main functionality of it. 

The other functionality for it is to have a request platform, such as a web portal, for requests for access, approval, and user-based grants and reviews.

It helps the organization to simplify its control over enterprise access and makes the new joiner's process easier. In a small organization with 40 to 50 users, it is not a big deal. You can have one IT guy who is responsible for creating an email account, Active Directory account, Azure account, etc. It will take him one or two days to do it, but in a big corporation with more than 500 employees in different time zones, doing that is a big challenge. One Identity, and IGA products in general, excel at onboarding and offboarding employees with the linking and synchronization with the HR system. This is what they are best at. They remove the complexity because you have your Active Directory created, updated, and disabled on time, and there is no issue with that.

There is one fabric for identity lifecycle management, and the access is based on that identity lifecycle management. This is applicable to the whole market for identity governance. It is not just One Identity. You have SailPoint, Saviynt, and others. All of them are good in this aspect. They do improve the organization like that.

We can customize it to integrate with any system or application, and we can go deeper in analyzing people's access, creating roles, dynamic roles, and RBAC. They have a very strong RBAC offering, which is a role-based access model offering. If you structure it right, you can do an RBAC with One Identity. I use it for two customers. One is in the Middle East and one is in Europe. I represent the client side, and mostly I see a robust onboarding and offboarding operation with this product. It is very good for both experiences. It is a very structured way of doing things. Movements across the departments and things like that can be handled. It is quite customizable. It is quite good.

When it comes to intuitiveness, the clients using IT Shop people are complaining. I have had a client in the Middle East, and then I have had a client in Europe. They all say that IT Shop is not intuitive. It is the same feedback. One Identity is trying to make it better with Angular, but there is a fifty-fifty split. One aspect is how the vendor has designed the portal and the other aspect is how you structure the request and approval process. We are as guilty as the vendor. The vendor has a bad portal, but most of us also have a bad way of thinking as clients. People are not advised well because the adoption and the usage should be driven by the vendor. Instead of doing that, the vendor is just selling. If you talk to a partner, they might advise you, but if you have the wrong partner, you are in trouble. So, people complain about the intuitiveness of the portal, but they are confused because the process is being showcased in a very bad way.

To customize IT Shop, they had a strange tool called Web Designer. It is one of the seven tools or seven clients they had. It was not easy to find anyone worldwide who knew how to handle it. You can find developers who have One Identity skill set, but only one out of ten of them would know how to handle the designer tool. In case you need to customize, it was a tough journey. That is why One Identity flipped the narrative by saying that they are going with Angular. We need to run Angular, and they have the REST API. I told them that this is a bad approach because they are assuming that clients have Angular developers, but some clients or some small clients do not have Angular developers. Some clients might have Angular developers but they are assigned to all business units. They are asking us to start hiring an Angular developer or rely on a partner, but is their partner certified to do Angular or not? To me, they did this conversion without any proper thinking or from a very narrow perspective.

I do not have complaints about the backend of this tool. Frontend is a major issue. Their roadmap has no consideration for the clients. In the CAB meetings, I have seen how they manage relationships in general. The company mindset is a bit strange. They look at big clients for feedback and opinions, but they do not look at small and medium businesses. They do not care about hearing us, but when it comes to big companies, you see their engineering team circling around them. They have this cultural problem in the company. They are not only selling the products to just a few big companies worldwide. They are selling it to everyone, but there is a lack of inclusiveness. They assume that all the clients have the same technical skill sets to operate this tool, but that is not true. There is an issue with their roadmap and way of thinking. I have also provided this feedback to the head of the company, Mark Logan, during a cab meeting. I told him that they need to fix how they collect feedback and maintain customer relationships.

We use business roles to map company structures for dynamic application provisioning. It is very good for that. It works very well. If you implement it right and you are advised very well, it can be magic. It can make people very happy about the tool in the company, which was the case when I was working in the Middle East for my first employer. If you do it wrong or are not advised well about it, it can lead to disaster, which is the case with my new employer where I have been working for two years. We have reached a point where we have 50 roles with the same entitlements, and people do not know which one is which. It is not the fault of the tool. The lack of advice on how to structure and design it well can lead to issues. It is not a technical issue. From a technical perspective, it is very flexible. It can do whatever you want. Partner implementation is the main issue.

It can help minimize gaps in governance coverage among test, dev, and production servers, but I have not seen it in practice. Some people do it where you can connect One Identity to One Identity Manager with a direct connection. You can have that. That is one option. The second option is something called transport packages, so it has a good change management label and transport package solution. They have a partner called Intragen, which is a Dutch partner, that created a new product called Deployment Manager. That product does the release management process and testing for CI/CD to a very good level and in an automated fashion. You can buy a product like that and hook it up to One Identity. The tool has the framework to handle this. It is okay in that sense. From a change management and release management perspective, the product has principles. It is not lacking there, but it needs modernization for complete CI/CD.

It is very good at helping you streamline application compliance and application auditing if you know how to integrate applications. Most IAM programs or projects focus on users and users in groups, but handling single entitlements or a cluster of entitlements is a different board game. However, I cannot say that it is a One Identity problem. One Identity is customizable, and it is equipped to do that. You can do that. It is an investment issue rather than a One Identity issue.

The best feature of this solution is its flexibility to be customized. It is like a framework. You can customize it very far from its core functionality, and it will still work.

The second best thing about the product is that it is rich in concepts of orchestration and event-driven architecture. It works well if you have a development team. For a team that has developers with VB, .NET, or C# skills, it is a very good product.

Another thing that is good about this product is its stability. In general, it is very stable. It does not go down that easily. It does not crash frequently. Especially since version 7 or 8, accessibility has been a very good factor. These are the main aspects that make it one of the best products.

In terms of providing a single platform for enterprise-level administration and governance of users, data, and privileged accounts, One Identity is not yet there. One Identity recently bought OneLogin. They already had Safeguard and One Identity Manager. They have started integrating these three tools. I am also on the customer advisory board (CAB) of One Identity, so I have more insight into these things. I know that they started to integrate OneLogin and One Identity just recently. OneLogin is their access management tool. They use it for authentication and for SSO. It is a competitor for Entra and Okta, whereas Safeguard is competing with CyberArk, Delinea, and BeyondTrust. One Identity has indeed done good integration between their three products. However, the platform is not unified. You still need three URLs, which is not optimal. They are going there, but it will take them time.

The second thing they are not yet good at is their SaaS offering. They are behind in the market. They started with something in Safeguard, but it is a pretty basic offering. It is still a new baby. They have Safeguard On Demand, but it is just a hosted PAM solution. I did PoC for Safeguard twice. This is how I know this, but I have not used it. As PAM, Safeguard is a good product, but it is not a full-featured PAM like CyberArk or BeyondTrust. They are lacking in that aspect.

The integration between One Identity's products is similar to BMC's integration. I used to work with BMC products such as BMC Remedy ten years ago. I used to be an ITSM or Control-M guy. When BMC integrated its products, the integration was not well done. It was like two different entities trying to integrate with each other rather than one company giving you a fully-fledged platform. The same thing is happening with One Identity Manager at the moment. They are selling it as a unified platform, but in my opinion, it is not yet good. It is also not bad. There are things that I can take from it, but there is no complete picture. The problem nowadays is that vendors are getting into each other's areas. For example, CyberArk used to be just a PAM provider, so people would integrate with it, but now, CyberArk wants to do the identity bit. It has now become a competitor for other vendors, so they will stop integrating with it. SailPoint, at some point, stopped integrating with CyberArk. SailPoint and CyberArk's integration was good. This is what is happening in the market or between vendors. All of them are getting into each other's area. If you happen to buy another product from a competitor, you need to integrate it on your own. There is no integration plug-in concept between them. This is a bit hard for companies that already have a PAM and they want to buy a new IGA, for example, or vice versa.

They are trying to shift towards an Angular-based platform for their web portal or for IT Shop. That has been very long overdue because they did not modernize their web portal for almost three versions. They are doing it, but there is no feature parity till version 9.3, which is the upcoming version. This is a problem. For example, data governance is not included in 9.2 if you want to upgrade, but if you do not upgrade, you lose support. They have these issues with the roadmap in general. They give you options, but they are not always the complete options. To me, it seems that this company is going to suffer in the long run.

Another issue is that for admin requests, we have to configure the tool at least in seven different clients, which is unacceptable. We are in 2024, not in 1981 or 1985. Having seven clients for the same tool, or more, is just unheard of. To me, that is a very old design idea. I am on the newest version 9.2, and I am still doing that. To me, that is a big problem as an admin. 

The relationship with the customers is extremely bad. That is not a technical problem. That is a company problem. They tried to fix that, but it seems they failed. They do not have the personnel. They have a hiring problem. They now rely on partners. They are a type of company where the partner is more of a vendor to you as a client rather than the company itself. If you want to pick any solution by One Identity, you need a very strong partner with you. If you do not, you will struggle with this product's adoption, roadmap, vision, and implementation. We struggle a lot as a client. I have been there. I have seen that. It is not easy with them. One Identity is based in Europe. Our account manager at One Identity resigned in May and till now, just to show how bad they are, we do not know who our new account manager is. We are in August.

Their Starling Connect roadmap or flagship is a failure. We had to withdraw from using it with SuccessFactors, for example. It had a lot of stability issues. Now, my understanding is better, but it caused a bad implementation, so we are not using it. They are not investing a lot in enhancing or extending Starling Connect. They are using Starling Connect as a propagation gateway to SaaS apps so that you have One Identity Manager on-prem talking to Starling Connect which is handling all SaaS apps. However, the roadmap for Starling Connect is not clear. Now that they have bought OneLogin, OneLogin can do that as well as an IAM tool. You can now bring any IAM or CIAM tool such as Entra, Okta, or OneLogin. They can be your propagation gateway. OneLogin and Starling Connect are competing products, and they need to unify them. They cannot have both products doing the same thing. When I discussed this with the head of engineering from their side, they were still defending having Starling Connect. I do not understand why because if you have a proper IAM such as Entra or Okta, that is your propagation gateway. That is it. You can do everything you want with it. You can merge the functionality, and that is it. You do not need Starling Connect. To me, this is confusing. You use a propagation gateway like Starling Connect because it has ready plug-ins to connect to SaaS apps and you do not need to create a custom connector every time. If you look at the number of apps that One Identity supports with Starling Connect, there are not more than 50, which is not a lot. There is a big difference when you compare it to Okta Marketplace or Entra Marketplace. You will immediately understand the difference. OneLogin's marketplace is better than Starling Connect, but OneLogin was not a part of One Identity before, so they had their own marketplace. Overall, the Starling Connect roadmap does not make sense to me.

They need to remove the dependency on VB.NET for backend development and they need to unify the front end. If they are selling it as a unified product, they need to give me a unified UX. This is something I have mentioned to Mark Logan himself. This is how ServiceNow won over Remedy. Having a unified UX and being able to turn on or off a feature is better than trying to connect three or four different products with different contracts. To me, the main thing is that they need to modernize their application. Once we do that, making it SaaS is doable.

I have been using this solution since 2018.

It is very stable. I would rate it a nine out of ten for stability.

I would rate it a six out of ten for scalability.

About 25% of the company uses this solution. If the company has 4,000 people, at least 1,000 people use it. It is quite a well-known product. It is not just a niche one. It is a mainstream product. People use it. We have 30 branches all around the world, and all of them use it. We are hosting it centrally in Switzerland.

I use their regular support because their premium support is useless to me. Their support, in general, is useless most of the time.

Negative

The main thing that makes this solution stand out as compared to others is the ability to customize it, especially when it is on-prem. It is cheap from a licensing perspective. Once you pay, it is very cheap to operate if you have a good development team. It is also extremely stable. At the backend, it is well-designed. However, it lacks AI. When you go SaaS, you can put AI and all of that stuff, but if you are on-prem, you do not have AI.

It is deployed on-prem. Its deployment is complex.

By design, it is well-engineered. The idea is that the database pushes everything, so you need to focus while updating or installing the database. If the database is installed correctly with schemas, it has DLLs. Whenever you install a client, it distributes to the connecting client, so it is designed with this centric approach. However, sometimes, you end up with situations related to encryption, a missing component, or a missing instruction that you did not account for. 

Recently, I upgraded from version 8 to 9, it took 14 hours of work to do an in-place upgrade. It was not a migration. That is too much. We had a team of five people including developers. It was not easy. It took us two months to do the upgrade. It is always like that because you need to do complete testing. A small problem with One Identity is that they remove a functionality but do not tell you about it, so you need to test. If you are giving me this product that can be customized, I will use the methods that you have. If you change how a method behaves and do not tell me, I get into trouble. Only a very strong partner would know about all this. With a small partner, you will have an issue.

It does not require much maintenance or patching. That is not an issue with One Identity. You do not need to restart it once a month. It is very stable. From time to time, you might have some issues that require a restart but not all the time. It is not like some Java applications that require a restart every month.

On-premises, it is cheap. It is way cheaper than others. The cost of the hosted one varies. They do offer a hosted one, and its cost varies, but it is not that expensive. You have a license for employees and a license for support.

The problem is that people try to compare it with an IAM solution such as Okta or Entra, but they are different products. It should not be compared to them. The only ones you can compare it with are SailPoint or Saviynt. In my head, the rest are not even IGA products. SailPoint is much more expensive to operate than One Identity. If you go SaaS, SailPoint is way more expensive, but that is the whole point of SaaS. SaaS is more expensive anyway.

I would recommend this solution only if you have a very strong partner. Otherwise, do not go close to this solution.

We use One Identity Manager to manage SAP, but in our case, we have connected with CUA, so we have one single point of interface with SAP. That helps a little bit to make the management less complex. If we did not have CUA, we would have had to connect individually. CUA is straightforward. We connect to it. We push through CUA, and we sync everything. We have thousands of roles.

It provides IGA to some extent for the difficult-to-manage aspects of SAP. At the moment, with CUA, we do clients, profiles, etc. They recently added something called behavior-driven governance on SAP. We have not used it, but we can basically check if someone is using his account in SAP or not, and then we can do a user-based access review for his access. We can see what he used within SAP, which is good. We can also do combinations where if we have this role, we should not have that role in SAP, which is very good.

One Identity gives you a lot of features, but you need a proper program to drive it. If you do not know how to use it, you will stay at the basic level. Technically, the product is well-capable, but the caveat is that it is a framework product. You need to have a development team. You cannot just do it with a normal admin. You need a development team for this product.

Versions 9.2 and above have something for assisted approval. I have not used it, but from what I have read, you can see who in the same team has the same access. It will tell you whether it is an anomaly or a common request. The same thing is there for user baseline reviews. That is a good thing.

Overall, I would rate this solution a five out of ten.

On-premises

The use cases for One Identity Manager include multiple aspects of identity and access management. One of the most interesting features I wanted to utilize was the user's access review, UAR module. The idea was to create a quarterly review process to review the entitlements and the access and controls in place, initially targeted towards Active Directory and later extended to other local systems. One Identity Manager can connect SAP accounts to employee identities under governance. It is possible to map company structures for application provisioning through dynamic application provisioning using role-based access control. Mapping roles to users is a seamless experience that offers a lot of leverage in terms of speed and compliance, making it a very useful feature.

The use cases for One Identity Manager include multiple aspects of identity and access management. One of the most interesting features I wanted to utilize was the user's access review, UAR module. The tool can onboard applications such as SAP, which is standard, and the APIs do not present challenges. One Identity Manager can connect SAP accounts under governance, and mapping roles offers leverage in speed and compliance. This functionality is crucial for compliance and governance.

The tool did not allow beyond a specific level of visibility; it provided visibility at the user level, not at the level of nested entitlements, resulting in an inaccurate depiction from the asset manager's point of view. This necessitated manually inputting data into the One Identity Manager user access review module. When it comes to privileged access management, we need to know who has access to what, which is the central problem we want to solve. However, for One Identity Manager, the visibility could be a lot better, especially given we are dealing with many data visibility products in the market.

Aspects such as reporting and dashboarding could be improved; I've seen tools doing better in those areas. One Identity Manager does not deliver specialized workflows for SAP; it offers very standard workflows. However, there are some modules that can be imported, and certain custom workflows need to be created. 

Customizing the solution for particular needs is very subjective. It does provide a lot of customizability, though there's room for improvement. One Identity Manager helps minimize gaps in governance coverage, but effectiveness depends on the organization. Ultimately, while One Identity Manager can solve problems, the tool must be combined with good people and a sound strategy for maximum effectiveness.

I have used One Identity Manager for more than ten years.

For single-site installations, it performs adequately, however, multi-tenant setups present challenges demanding significant improvements.

For single-site installations, it performs adequately. Multi-tenant setups present challenges demanding significant improvements.

I have contacted their technical and customer support. I consider their support to be very standard, relying on an email-based system. My support engineers have received solutions to their inquiries. However, a tailor-made, dedicated support would significantly enhance user experience, especially for organizations that do not want to wait in queues.

Negative

I would rate the initial setup at a seven out of ten. The reason for this rating is the critical nature of multi-tenant applications; compliance is heavily influenced by multi-tenancy, so a lot of engineering improvements could enhance the product.

Ideally, One Identity Manager as a SaaS tool handles maintenance; however, this depends on the specific maintenance discussed.

I had partners who helped set up the whole process, and they were familiar with implementing the tool. Some were contractors, and they did a pretty good job in terms of delivery, respecting timelines. When I was working with one company, my team was based in Nice, France, consisting of internal employees and contractors. They implemented the solution fairly well. However, I had to provide a lot of unnecessary reporting and overhead when connecting the tool with our production environment, providing data that could compromise internal security despite getting the right approvals. Overall, it was an okay experience with One Identity Manager.

We use multiple tools in tandem for better security. The procurement and licensing process can indeed be complex. My experience was decent, with no major problems during procurement or licensing; it was a mostly seamless experience.

With respect to privileged accounts, I would say One Identity Manager can improve; for privileged accounts, a lot needs improvement, and it is not best practice to depend on one tool. 

One Identity Manager could incorporate dynamic dashboarding to predict attack vectors and compromises.  

I would rate One Identity Manager seven out of ten since it can improve on many aspects.

I was also involved in deploying workflows, and the deployment part was handled by senior developers, especially when dealing with orchestration challenges tied to Kerberos delegation and VM issues.

One Identity Manager was utilized for governance, provisioning, compliance, and audit management. Even though I had limited access to certain parts, such as IGA, it played a critical role in large-scale access management by offering impressive provisioning and deprovisioning systems. It is an intuitive product for users, as I was able to learn and deploy workflows within a timeframe of two months. The documentation it provides was crucial for the learning curve.

In terms of customization, the ecosystem One Identity Manager offers includes a variety of workflows and extensions, although this comes with high costs. It is highly configurable, allowing dynamic application provisioning through process chains involving IAM and IAG related workflows.

One Identity Manager could enhance its trial offering to support custom workflows and VB.NET codes, which would help learners. Improved documentation organization can benefit newcomers, requiring less external searching. A self-check mechanism for file integrity, particularly for missing DLLs, can prevent developer frustrations.

High pricing remains a notable drawback, driving potential clients towards alternate IAM solutions. Additionally, incorporating AI-driven updates could enhance its competitive edge in the evolving market.

I have used the solution for two months from June to August last year.

Regarding stability, I would rate One Identity Manager as 8, 9, 8.

My clients were enterprise level, and I would rate the scalability of One Identity Manager as hyper-scalable, 10.

They had premier support, but I never used any of it.

From what I heard, everyone said that before One Identity Manager, they had many workflows and loopholes. After starting to use it, those issues were addressed, creating a very positive experience for the customer.

Regarding pricing, I find One Identity Manager to be expensive. On a scale where one is cheap and ten is expensive, I would say 10, which is what clients have communicated.

From my experience with other solutions, such as SailPoint, Saviynt, and Omada, the UI is the only aspect where I think One Identity Manager faces challenges. However, I believe One Identity Manager is performing exceptionally well.

I always try to recommend One Identity Manager. The only drawback is the price, which is so high that clients try to use other IAM platforms. However, for those with a good budget, the ecosystem One Identity Manager provides is one of the best.

I highly recommend One Identity Manager. The documentation can be categorized for better learning phases. A self-check for file integrity could help, as a missing DLL once caused frustration.

Several areas for improvement include providing a more elaborate trial version for custom workflows and improving documentation categorization. A self-check mechanism for file integrity would also be beneficial.

I rate One Identity Manager overall as an 8 or 9, with 9 being my final answer.

One Identity Manager serves as our central identity hub. Our main use case is to sync user identity from Active Directory or the HR system and automatically manage access across our applications. User accounts are created automatically in One Identity Manager, and a sync occurs from Active Directory or the HR system. Based on the role, access is assigned or granted, and accounts are created in target systems. No manual work is needed.

The best feature of One Identity Manager is automatic sync, meaning user changes reflect automatically without needing to update multiple systems. It also has multi-system support, working with Active Directory, databases, and cloud applications. One Identity Manager is a very good solution for an enterprise network, providing consistency and accuracy with the same data across all systems and no duplicate users.

The multi-system support and consistency save time and reduce human error. There is no manual user creation on multiple systems, enabling us to onboard users faster than before.

One Identity Manager has positively impacted our organization. It has helped us manage the identity of users from a centralized console, pulling user data from Active Directory, the HR system, and other connected applications. Everything is working well in our organization and really helping our engineers and the users.

We have seen fewer access-related issues with One Identity Manager. The tickets have been reduced by 70 to 80%, and our teams are now able to focus on other things.

The initial deployment of One Identity Manager could be more simplified to make the deployment smoother for the initial phase.

I have been using One Identity Manager for two years.

One Identity Manager is stable.

The scalability of One Identity Manager is good. There is no issue, and everything works centrally.

If we have any technical issues with One Identity Manager, customer support quickly resolves the issues.

From the beginning, we have been using One Identity Manager and did not previously use a different solution.

We have seen a return on investment with One Identity Manager because we do not have to do the manual work. Manual work has been reduced by 70 to 80% compared to before, and onboarding time has also decreased.

My team handles the pricing, setup costs, and licensing.

We did not evaluate other options before choosing One Identity Manager.

One Identity Manager is working well for our organization, and I do not believe there is a need for improvement because it is a really perfect solution.

I highly recommend One Identity Manager because it really helps to onboard users and with the central management of users. This will really help the organization in many aspects and will save time in onboarding, 70 to 80%, and potentially 90% on onboarding or offboarding. No additional IT resources are needed, so I will recommend it highly. I have given One Identity Manager a rating of 10.

On-premises

One Identity Manager's main use case is identity lifecycle management, including creating users, assigning access, modifying roles, and revoking access when users leave.

When a new joiner needs to be onboarded, the system automatically creates their accounts and assigns access based on their role while ensuring compliance. One Identity Manager automates the entire onboarding process, resulting in very little manual work. This includes user creation, role-based access provisioning across systems, policy and compliance checks, and workflow management.

Apart from onboarding, I use One Identity Manager regularly for managing the full identity lifecycle.

The best features of One Identity Manager are mainly around governance and centralized user access.

Several features stand out to me in One Identity Manager. Onboarding and access provisioning are very convenient. Another important feature is centralized access governance, which gives a clear view of who has access to what, which is very useful for security and compliance. The access review and certification feature would also be very useful in One Identity Manager.

One Identity Manager has had a strong positive impact on my organization, especially in terms of security, efficiency, and compliance. Onboarding a new user is now automated with accounts created and access assigned instantly instead of taking hours manually. It has improved overall security, reduced manual work through automation, and made compliance and access review much easier.

One Identity Manager has several areas where it can be improved, including the user interface and usability, performance, setup and complexity, documentation and learning curve, integration, and modernization.

One challenge I faced with One Identity Manager is related to the user interface and navigation. While testing workflows or checking user access, it can take time to find the exact module or setting because the UI has multiple layers and tools. It is powerful but not very intuitive at first.

Apart from what I mentioned earlier, there are several more areas where One Identity Manager can be improved, regarding reporting flexibility, real-time monitoring and alerts, workflow simplification, and cloud-native features.

I have been using One Identity Manager for six months.

In my experience, One Identity Manager has proven to be stable and reliable. It performs consistently with minimal crashes or downtime.

One Identity Manager is highly scalable and built for large enterprise environments. It can handle a growing number of users, systems, and applications without major performance issues.

Customer support for One Identity Manager is generally good, but it can vary depending on the support level. The support team is very knowledgeable and experienced with IAM concepts.

Before One Identity Manager, I was mainly using manual processes and basic directory-based management, such as Microsoft Active Directory. User provisioning and access changes were mostly manual and time-consuming. There was limited visibility into who had access to what. Compliance and audit processes were difficult and required a lot of manual reports. That is why I switched to One Identity Manager.

One Identity Manager is a powerful and feature-rich solution with strong automation and governance, but the complexity, UI, and initial setup prevent it from being a perfect score.

I have definitely seen a return on investment after implementing One Identity Manager, mainly in terms of time saving, reduced manual effort, and improved security. Around 50 to 70 percent reduction in manual efforts has been noticed.

My experience with pricing and licensing for One Identity Manager is that it follows a custom enterprise pricing model.

Before selecting One Identity Manager, I evaluated several other identity governance solutions available in the market, including SailPoint Identity Security, Oracle Identity Governance, and Omada Identity.

For someone considering One Identity Manager, my advice is to focus on planning and process before jumping into implementation. Start with clear requirements and business goals, and define roles, access policies, and workflows before implementation. I have rated this review an eight out of ten.

Hybrid Cloud

Microsoft Azure