One Identity Manager Reviews

One Identity Manager serves as our centralized identity and access management solution across multiple customer environments. We use it to provision and de-provision users, enforce role-based access control, manage permissions across on-premises and cloud systems, and ensure compliance with security policies efficiently.

We leverage One Identity Manager to automate user onboarding for new client projects. When a new employee is added, the system automatically provisions access to the right servers, cloud applications, and internal tools based on their role and sends approval notifications to the manager. This reduces manual errors, speeds up access provisioning, and ensures compliance across multiple customer environments.

Additionally, we use One Identity Manager for periodic access reviews and certification, ensuring users only retain the permissions they need. It also helps automate deprovisioning when an employee leaves or changes roles, reducing security risk and maintaining compliance across all customer environments.

One Identity Manager offers excellent features including automated user provisioning and de-provisioning, role-based access control, access certifications and reviews, centralized identity governance, self-service password reset, and workflow automation.

The most valuable feature for us is automated user provisioning and de-provisioning. It ensures that employees and contractors receive the right access immediately and that access is removed promptly when users change roles or leave the organization. This reduces manual error, improves security, and saves significant administrative time across multi-client environments.

One Identity Manager has streamlined identity and access management across our multiple client environments. It has reduced manual provisioning errors, improved compliance through automated access review, and accelerated onboarding and offboarding, allowing our team to focus on higher-value security tasks.

Since implementing this product, we have reduced manual provisioning errors by thirty percent. We have cut down onboarding and offboarding time by forty percent and completed our access reviews faster than twenty percent. This has improved our compliance reporting and freed our team to focus on proactive security tasks across multiple client environments.

One Identity Manager could be improved with more modern features such as artificial intelligence or faster workflow configuration for complex environments, expanded out-of-the-box integration with cloud applications, and enhanced automation for multi-tenant setups. It would also help to reduce administrative overhead.

Additionally, it should provide better examples of workflows for multi-client environments, which would help new users set up their systems more quickly. Faster support response time for complex issues from the support team would also be beneficial.

One Identity Manager has greatly improved our automated provisioning, access governance, and compliance across multiple client environments, which has saved our time and reduced our manual errors. I did not rate it a ten because the workflow setup can be complex, cloud integrations are limited, and the support response time needs improvement. There is still room for improvement in this product.

I have been using One Identity Manager for two and a half years.

One Identity Manager is stable.

One Identity Manager's scalability is good.

The customer support needs to be improved because the response time for complex issues is quite high.

We were previously using a mix of manual processes, spreadsheets, and standalone AIM tools. We switched to One Identity Manager because it provides centralized identity and access management, automated provisioning and de-provisioning, and compliance reporting in a single platform.

We have seen a clear return on investment with One Identity Manager. Automating user provisioning and de-provisioning across multi-client environments has cut our onboarding and offboarding time by forty percent and has reduced manual errors by thirty percent, which lowers risk and frees our team to focus on more proactive security tasks rather than repetitive administrative tasks. This has also accelerated our compliance audits. Both the time and operational costs have been saved.

The licensing and setup cost is on the higher side, but it is delivering more features. The pricing is worth it.

We evaluated other solutions such as Okta and Microsoft Identity Manager. We chose One Identity Manager because it offered the most comprehensive automation and compliance reporting, which is critical for managing multiple clients across hybrid cloud environments.

I would take full advantage of automated provisioning, role-based access control, and access certification to reduce errors and improve compliance. I rate One Identity Manager nine out of ten overall.

One Identity Manager's main value to my organization is its flexibility and depth of customization, as it seamlessly integrates with a wide range of on-premises and cloud systems and supports strong automation for joiner, mover, and leaver processes. The automation features I use help to reduce manual effort, improve consistency, and strengthen our overall security posture. I also appreciate the reporting and auditing tools, which are particularly strong, provide clear visibility into access rights, and support compliance initiatives.

A specific example of how I use the automation features and reporting tools in my day-to-day work is through configurable workflows that reduce manual effort, improve efficiency, and ensure consistency in access management processes. One Identity Manager provides detailed reports and dashboards for visibility into identities, access rights, and compliance status.

One Identity Manager is used to centrally manage digital identities and access rights across my organization.

The best features One Identity Manager offers include identity lifecycle management, access provisioning, role-based access control, compliance reporting, and auditing across IT systems. Out of these features, I find myself relying on user lifecycle management the most because it helps automate joiner, mover, and leaver processes by provisioning, modifying, and de-provisioning user accounts across connected systems.

Regarding access provisioning and de-provisioning, it manages access request approvals and enforces access policies for applications, databases, directories, and cloud services. For privileged access governance, it governs access to high-risk or privileged accounts by enforcing approval workflows and monitoring usage.

I also appreciate the integration across IT systems where One Identity Manager integrates seamlessly with on-premises and cloud platforms such as Active Directory, Azure AD, SAP, databases, and custom applications.

When it comes to reporting and auditing, One Identity Manager provides detailed reports and dashboards for visibility into identities, access rights, and compliance status, which helps us make data-driven decisions easily.

Since we started using One Identity Manager in my organization, we have seen operational efficiency gains, including faster onboarding and de-provisioning, help desk cost reduction, and improved compliance and audit efficiency. We have also seen a reduction in security risk. The help desk cost has been reduced greatly, as automating password resets, self-service access requests, and lifecycle events cuts down on help desk tickets and support labor by fifty percent. One Identity Manager has reduced risk through strong identity governance that helps prevent over-privileged access and orphaned accounts, lowering the likelihood of data breaches. We have been able to save a lot of money—over the past four years, we have saved approximately one hundred thousand dollars.

One Identity Manager can be improved because implementation and administration require specialized knowledge, and deployment efforts can be significant.

The user interface prioritizes functionality over simplicity, and effective use of the platform typically depends on well-defined processes and trained administrators.

I have been using One Identity Manager for four years.

For any organization that is looking for frequent reporting improvement in efficiency, lowering error rates, and faster compliance outcomes, I advise that you should consider One Identity Manager, which delivers measurable financial value.

Since we started using One Identity Manager, it has been truly helpful. It has led to fewer help desk tickets and faster service delivery in my organization, enhanced security and compliance, reduced risk and audit burden for IT, and improved time to productivity for our employees. I would rate this product a nine out of ten.

One Identity Manager simplifies user operations and provides security features, including automatic blocking of inactive accounts and timely access revocation.

My user experience with One Identity Manager involves using Identity Access Management to provide security, compliance, and visibility. We have implemented RBAC, where we define roles and responsibilities based on job functions or permissions. We have SoD (segregation of duties), ensuring that no single user has permissions that could lead to conflicts or fraud. The benefits include reduced security risks, lower costs with SSO solutions, enhanced user experience compared to other solutions, and improved compliance with regulations.

Customization for One Identity Manager is based on client inputs. We can detail and break down the inputs for customization, including user interface customization, where we include manager and launch pad features. For example, we implemented the Genesys application for the service desk, where we can monitor daily calls, frequency, and agent performance. This implementation helps showcase to customers our multiple checks and background processes internally. We provide recording sessions to users for review and daily improvement. Configuration parameters come under several aspects based on system behavior. One Identity Manager provides default parameters for particular solutions, allowing an overview of the tool.

In my experience, the best features in One Identity Manager are under SSO (single sign-on), where we can save passwords and don't need to authenticate each time when accessing applications. This extends to the creation of privileged IDs and account creation in AD. 

Perhaps support could be improved. The knowledge base articles and wiki resources we currently use may not be applicable in every situation, as they often depend on the specific inputs or problems presented by users.

I have been using One Identity Manager for six years.

It is stable. 

We provide solutions for enhancing access governance with One Identity Manager, including identity verification and improving system security procedures. This includes designing and implementing IAM solutions for legacy systems, cloud migrations, and multifactor authentications. We implement MFA solutions for applications with larger audiences. We manage roles and responsibilities in IAM technology and conduct risk assessments to identify potential vulnerabilities. The identity verification process comes as an automatic solution, streamlining user onboarding and offboarding in the organization.

Our clients are enterprises. We have more than 50 specialists.

We use their regular support. I would rate their support an eight out of ten.

Positive

For identity access management, we have used multiple tools. When I was working on a banking project, we used a right modeling tool and Sphere and AD to create users in AD and Nsphere, which is an internal tool of a particular project. Whatever we handle in AD and the right modeling tool reflects in Nsphere, which serves as a portal where all users are displayed, and we can see which level of access is required for a particular application. Being in the banking sector, we have an N-3 approval format. Based on approvals, such as line manager approval, we make changes accordingly. We worked with privileged IDs where particular users want different sets of privileges for their accounts. For example, with my particular account in the banking sector, I can give third-party users access to my entire bank for read, write, and edit capabilities. For some users, I can give only read access, allowing me to segregate the privileged IDs and privileges for users who can access my application or banking portal.

In another project for insurance, we used applications in SAML and OIDC. For OIDC applications, we asked the end user to provide the client ID and based on that, we shared the configuration directly to their email IDs. They could copy-paste the same configuration to make the portal easily accessible. With SSO and One Identity Manager implementing that configuration for OIDC applications, they can easily access their portal without multiple authentications. Through single sign-on, users can sign in once and access the portal without passwords.

From my knowledge, One Identity Manager makes customer operations easier compared to other solutions. When customers have different applications or solutions but want to migrate to One Identity Manager, it's because of enhanced security and the convenience of the SSO process.

The setup is somewhat tricky because providing on-premises ID access requires following specific justifications and naming conventions, with different sets of servers to be added for users. We must be conscious while providing access to servers. For instance, if a user requests access to 10 servers, we need to evaluate whether they truly need all server access and can segregate permissions for cost and security reasons after consulting with line managers.

The cost is handled by customers, but it doesn't seem to be very expensive. It seems fairly priced.

We use One Identity Manager for business roles, implementation capabilities, SSO bypass, and automation deployment with guidelines. The licensing helps consolidate procurement when generating audit reports. We follow basic steps such as end-user satisfaction and improvement in regulatory functions to reduce business risk. We implement changes according to the system lifecycle and role-based access control. 

Privileged users receive separate access, enabling them to access cloud applications. With a privileged ID account, users can access CyberArk, Entra, and Office 365 to manage licenses. One Identity Manager provides good security through SSO and MFA implementations. While there can be dependencies during new configuration creation, we work to provide better user satisfaction and support. 

I would rate One Identity Manager a ten out of ten.

We use One Identity Manager for workforce identity and access management. We have implemented basic controls like joiner, mover, and leaver processes for our employees. 

We are integrating our most critical and important business systems and applications into it, handling the access management to those systems using One Identity Manager. 

I like the solution since it is very flexible, and I can basically do everything that I like and need with it. 

I appreciate its automation capabilities a lot. Through automation, we have been able to reduce the number of service requests and tickets to our vendor. We have also managed to reduce the cost quite drastically in that sense. 

Additionally, by automating the access reviews, we have saved considerable time for our business leaders, even talking about several full-time equivalent savings concerning access review automation.

It works well at an enterprise level. We use it as a centralized platform for the whole identity.

It is a flexible system and we can customize it the way we want.

We use the business roles to map company structure for dynamic application provisioning. This is a very important aspect of the solution. 

We use the solution to extend governance to cloud apps and this is very useful for us.

Through automation, we have been able to reduce the number of service requests and service tickets towards our vendor, and we have been able to reduce the cost quite drastically. By automating access reviews, we've been able to save quite a lot of time - up to several FTEs. When we launched the system, we had quite a wide scope and saw results immediately. 

The solution helps us achieve an identity-centric zero-trust model. As you are getting your identity only through a centralized system and also getting all the accesses attached to that identity and all the accounts attached to that identity through one system, then it is possible. We also handle access to any system through that one solution. When we do that, we have a full picture of the identities and what kind of accounts and entitlements they have. Having the full picture and having the governance of the whole entity when it comes to access management allows security to be tight. Also, the controls that we have in place then, for example, joiner, mover, leaver, that helps in maintaining that zero trust principle.

In regards to the front end, the portal that is offered to our users needs improvement. There is room for improvement on that side, particularly in user experience. It is not as intuitive as I would like. If there is something to improve in One Identity Manager, it is the end-user experience. 

The database structure is quite complicated. I don't know if it can be improved or if it can. It will probably be a long journey. The most important thing is to think of our customers, and then the user interface is the part of the system that needs some improvement.

We can customize it, however, we need skilled resources to do so. There aren't as many skilled people in the market.

We launched it in October 2023. However, we started implementing it in 2021.

We rely on vendor support, and I would rate it as ten. We mainly receive support through their partner. 

Positive

We did quite a large comparison when we chose this system, and I see that there are systems in the market which offer the same functionality. However, there are also a lot of systems that are more restricted in the functionality they offer. There are maybe a couple as large and with as many capabilities as One Identity Manager. One Identity Manager is one of the top systems in terms of capability offering. That's the reason why we chose it for our company's purpose.

Our experience was complex, however, it was not due to the system. It was due to the wrongly chosen partner who didn't have the needed skills to implement it properly. 

It also depends on the scope of what needs or is wanted to be implemented as the minimum viable product. I wouldn't say that it's complex, however, maybe not easy either, so maybe something in between.

We implemented via a partner. They are the ones doing the customization if we do any currently. Our partner organized the training, however, the training was given by One Identity itself.

We have been reducing costs and saving several full-time equivalents by using automation.

I would rate the solution overall as eight out of ten based on the bad user interface.

My use cases for One Identity Manager are mainly related to JML processes, Joiner Mover Leaver processes, similar to other standard IAM systems. I see that since One Identity Manager provides an on-premises setup, it is selling more in the market compared to One Identity Manager cloud solution, which I observe is rarely used.

The use cases we see often require segregation of duties, especially within the SAP module, which One Identity Manager handles well, allowing for compliance rules and multi-step approval workflows for critical roles.

I did use it for managing SAP and had a good experience overall, but there were instances when roles did not get assigned and I had to troubleshoot rigorously. My experience was not completely flawless, especially during audits where certain roles were missing or were unexplainable.

Managing profiles in SAP is not an issue, but synchronization of derived roles has been problematic.

One Identity Manager includes a history database, but it lacks a proper dashboard for visibility, making it difficult during audits to determine who triggered role assignments or clarify issues.

As a practitioner, I see that One Identity Manager handles segregation of duties within the SAP module well, allowing for compliance rules and multi-step approval workflows.

One Identity Manager provides an on-premises setup, which is selling more in the market compared to One Identity Manager cloud solution.

One Identity Manager is a complete governance tool, but its pricing remains reasonable when measured against other vendors.

What I dislike most about One Identity Manager is the upgrade process. For instance, if I'm migrating from one version to another, I've experienced issues where old hotfixes break. Unlike Microsoft which smoothly integrates hotfixes, One Identity Manager requires me to redeploy older hotfixes even after applying a new upgrade. Another challenge is seeing many clients still using older versions that rely on the deprecated Web Designer. Migrating to the latest versions is complicated due to the complete overhaul required.

There is also a lack of clear communication or documentation from One Identity Manager regarding upgrades and deprecations, which complicates the process further.

I believe that One Identity Manager is not currently providing all-in-one capabilities effectively. It does have options for privileged account management and categorizing human identities, but it lacks visibility for non-human identities and CI/CD pipelines or cloud workloads.

I find that the user experience and intuitiveness of One Identity Manager are quite confusing. The navigation is not straightforward and requires assistance from someone experienced with the tool. Configuration settings are scattered across different areas, which complicates things and contributes to a steep learning curve, especially for new users. The documentation lacks clarity and thoroughness, making it difficult to follow procedures without proper guidance.

I have worked on One Identity Manager since the year 2022.

I see technical challenges with the cloud version, the SaaS version, especially in a hybrid setup because I often encounter issues connecting to on-premises devices. It is often more stable to have a solution on-premises that can send data to the cloud.

I have contacted technical support multiple times and found their emergency coverage reliable. They respond promptly for severity one issues. However, after an upgrade, without involving their paid support, resolving issues can proceed at a slow pace.

Negative

Since the start of my career, I have worked in the identity and access management domain, with experience in various products from Microsoft to SailPoint and Saviynt.

The initial deployment is not easy.

It requires specialized knowledge. As a techno-manager, my team has engineers familiar with the tool due to extensive experience. However, training someone to deploy in a short time can be challenging as they often require support from SMEs who know the tool.

When it comes to pricing, I find it relatively cheaper compared to competitors in the IGA space.

There are pros and cons to One Identity Manager as a product. From a strategic partner perspective, there are always pros without cons. My team functions both as integrators and sellers, as we have our managed service, allowing us to sell it to our customers. 

My use case with One Identity Manager is both access management and identity management. The main tasks I perform involve solving issues when users receive roles but cannot access applications. During these situations, I debug within One Identity Manager to find and resolve the issues according to required actions. This is my daily use case.

The best features of One Identity Manager are the synchronization project, the mapping, onboarding using CSV, and the designer tool which allows us to write our own custom workflows. 

Once it's set up, One Identity Manager helps with provisioning and continues to work effectively. When anyone leaves the organization, they can be un-provisioned, and all access is removed instantly.

The UI of One Identity Manager is adequate, but there is room for improvement. They should publish more development documents to help users of One Identity Manager, as there are limited resources available.

I have been using One Identity Manager for one year.

The stability of One Identity Manager is good.

I don't have extensive experience comparing One Identity Manager with other market solutions, but I have heard about SailPoint, which has its own advantages and disadvantages. For large organizations, One Identity Manager is more scalable and secure.

We have 8,000 people.

The technical support for One Identity Manager rates a seven out of ten, which is average. When we raise tickets, they are directed to the respective team for response. We have two support connections from One Identity Manager itself and the partner, allowing direct communication. Issues are typically resolved within 24 hours through the ticket system.

Neutral

While I didn't work with SAP, I worked with Segregation of Duties (SoD) in One Identity Manager. It is flexible, and customization is neither particularly easy nor difficult. There are certain theories and concepts to keep in mind for successful customization.

I use the business roles in One Identity Manager, which is essentially the RBAC (role-based access system), and for the target system, we use the FRIC business role. Though I haven't used One Identity Manager to extend governance to cloud apps yet, I would if given the opportunity.

For production management, we have the packager tool, which allows setup of various environments including development, test, ultra-test, and production. We can export from lower environments and import into production using the packager tool.

I would rate One Identity Manager a nine out of ten.

I have worked on various European projects where we mainly use this tool as an Identity and Access Management (IAM) solution rather than its Privileged Access Management (PAM) features. Specifically, it serves as a central IAM tool for governance, compliance, and managing access requests across all the companies and projects I've been involved with. Most of these access requests were processed through Microsoft tools. They were onboarding applications and managing access to them via One Identity Manager through the portal it offers.

Every identity management tool has its unique features, and I believe that One Identity Manager performs quite well. From a developer's perspective, its interface provides excellent information. It includes appealing visuals and a user-friendly design, allowing you to clearly see how software accounts correlate or match with an identity. This gives you a comprehensive view of what an identity encompasses. You can establish specific rules to determine if access is fully managed by One Identity, which acts as the authoritative source for system access. Additionally, it offers a range of capabilities and customization options for managing access across various applications. Overall, I think One Identity Manager does a commendable job in this area.

One Identity Manager can be set up to have accounts synced from the SAP system and have them as orphaned in the system. The intended way is to link them to an identity, and when clicking the identity of the employee, you will see underneath the AD accounts, other application accounts, and different SAP accounts. For each SAP system, you can have specific rules. It has this capability out of the box, SOD rules, different roles, and bundles.

When users request access for a SAP system and do not have an account already, an account is created based on specific criteria that can be defined. From an end user point of view, they go to the portal and request access. If they do not have an account, they get one. If they already have an account, the access will be added and provisioned properly. The account will be connected to their identity with all the access in the downstream application in SAP. It requires a good architect to think through all the different cases for the business. Many connectors must be built because some companies use upwards of 200 SAP systems.

One Identity Manager offers governance for cloud apps through its cloud framework. The logic remains similar to on-premise applications: build a connector, import data, create business roles, enable requests, and implement approvals. The governance framework is particularly strong with application approval workflows and recertification processes.

The solution provides technical options to distinguish between different types of accounts per system. For AD, different rules can identify and manage various account types differently. It offers strong reporting capabilities and can detect policy violations.

For application management, One Identity Manager has a built-in risk framework that helps businesses with approvals and recertifications. Full application management without IT involvement requires building custom frameworks.

It helps to streamline application access decisions, application compliance, and application auditing for customers. When auditors come in, they require that access be managed using an IGA tool. It's quite easy to set up; you just need to build a connector to facilitate this access. In addition, a business analyst can identify the business rules needed. You publish the business rules and set up an approval process—usually requiring two approvals if it's related to the application. Once the business rule is published, a user can request access through the portal, and someone will approve it—standard procedure. You can also run certifications and set up different approval processes for employees who need access for one year or for those who are moving (like shifts). Certification can involve various terms, including access reviews or access refusals. It's a straightforward process. It's strong and reliable. I've seen hundreds of applications successfully managed and compliant because of this process, which includes approval requests and access refusals. You simply onboard the application, and you're set—it all becomes remote for you. All the audit trails are available. You can see who approved what, why they approved it, when the access was granted, and when it was revoked, among other details. It truly helps to maintain compliance.

The solution offers some out-of-the-box capability to manage profiles, but I have not worked with other aspects. In the companies where I was working, they were not using this from a SAP point of view.

One of the most significant advantages is its strong security around identity management when compared to other tools; it's quite robust. However, it does come with a high learning curve, making it difficult to implement and operate without a dedicated IAM team. You need people with substantial experience—likely several years—in order to navigate the complexities effectively. It's not something you can easily outsource entirely to a consultancy. In the past couple of years, they released a new version, Version 9, building on the previous version 8.02. This new version introduced a revamped portal where end users can request access. The previous version had a built-in portal that was quite complex to configure. In the new Version 9, they developed a new portal based on Angular, which offers many capabilities. If someone knows how to utilize it and learn its features, they can make API calls to interact with other systems. Some consulting firms are already developing custom frameworks around this to leverage these capabilities. 

This new portal is where end users go to request access. It provides good out-of-the-box functionalities, allowing users to request access to various applications, and managers can approve these requests. In addition to the default functionalities, the use of APIs is enabled through the portal. However, the general market lacks expertise regarding this tool; only a few companies are actively investing in understanding how it works and offering their services based on that knowledge. Many businesses are migrating to this new portal as the older versions are being phased out of support and are eager to learn how to maximize its capabilities.

Overall, One Identity Manager is a robust tool designed for large enterprises and is still an on-premise solution.

One Identity Manager does not offer much in terms of delivering SAP-specialized workflows and business logic. Custom workflows can be built, but it is limited in that regard. Comparing it to SailPoint, One Identity Manager is less advanced around SAP, particularly regarding the flexibility to build custom flows. While customizations are possible through processes in One Identity Manager where you can build PowerShell code or make API calls, this is not the intended way and requires heavy customization that might become unmanageable.

They could offer more out-of-the-box connectors so that custom PowerShell connectors would not need to be built. 

The support could be improved. They could add more AI to help with role mining. The new portal documentation needs improvement as some partners are more advanced in understanding how the Angular portal works than One Identity itself.

I'm not currently working with it. I stopped working with it three to four months ago. Before that, I worked with it for about three years and seven months.

Regarding support, they prioritize resolving escalated issues. However, their response can be slow. Whenever I open a ticket, the reply often includes a request for the specifications of the server I am using. For instance, they frequently ask, “How many gigabytes of RAM are you running on the server?” If I'm not using the maximum recommended specifications, they immediately suggest that there is a problem. They don’t always consider that the issue may not be related to performance at all.

I haven’t had the best experience with them, but I understand that they do eventually respond. However, there have been instances where we had tickets open for months without any resolution. Sometimes, they would either go quiet or eventually respond and help us find a solution. I’ve faced many similar situations across various projects.

At the end of the day, I’m not a customer, so I’m not too concerned about the experience. However, the application owners of One Identity in these companies have expressed dissatisfaction with the responses they received. They wanted more immediate assistance and access to more skilled resources. That's understandable. Overall, I would rate the experience as a six out of ten.

Neutral

It depends on the situation. If you're starting from scratch, in a greenfield scenario, where you have nothing set up and don't have an IGA tool, then you can begin by establishing an Active Directory. You start with the basics: take employee data and import it into One Identity Manager to create Active Directory accounts for each employee. This setup can typically be completed in about three to four months. It’s not overly complicated. However, it’s important to note that most businesses have complex processes that don’t easily translate into the tool. To effectively monitor applications and manage these processes, you really need technical expertise.

For a large enterprise that has the capability to support an on-premise solution and is willing to find reliable partners to assist with this new portal, along with the technical know-how to match the tool's capabilities, it can be a highly effective solution. This tool offers a wide range of features out of the box. However, the biggest challenge is the steep learning curve; it's essential to have experts with many years of experience and strong technical expertise to maximize the tool's potential. This solution is not suitable for small companies or those seeking a quick implementation. It requires a significant investment initially, but it pays off in the long run due to its extensive features compared to other tools.

I don't have information on the costs associated with the tools or the specific deals they offer. However, I do know that it's challenging to find technical expertise, and these professionals often command high salaries.

In addition to purchasing the tool and its licenses, it's important to account for the need for a dedicated team, especially if you're a large enterprise. There are significant costs involved in maintaining the solution and ensuring it operates effectively. Unfortunately, I don't have details on the licensing fees or per-user costs, among other specifics.

My recommendation is that you really need to understand the realm of identity and access management. It's important to consider the alternatives available, and I believe that for some companies, One Identity is the best solution out there. For specific enterprises, it could indeed be the ideal choice, but for others, it may not be suitable. For instance, a small business with fewer than 25,000 employees, which may not prioritize governance and compliance, might find One Identity unnecessary. It really depends on the landscape of the company using the tool—what their requirements are, what applications they have, and what they're aiming to achieve.

One Identity is quite beneficial for finance-related entities that have strict compliance and security needs. However, One Identity should invest more in AI and enhance their documentation on the new portal. This improvement would help customers and developers better understand what they are building.

The business roles functionality is a very standard part of the access model. Typically, you would start with an application. You gather all the users and their entitlements, which include the accesses they have. Then, you need someone, such as a business analyst or consultant, to help identify bundles or groups of this low-level access. Instead of managing each access individually, you can group them together and create a role for each application, or possibly a combination of different applications. This approach greatly simplifies management. A user doesn’t need to know all the low-level accesses required in a system or across different systems. By creating bundles of access with accompanying business rules, it becomes easier to understand. For example, if I am a DevOps member working with AWS, there’s already a pre-defined access bundle for me. My colleague can tell me to request this specific access, which provides everything I need. Alternatively, access can be automatically assigned based on department—whenever someone joins a specific department, they receive all associated accesses. 

Moreover, you can build dynamic rules around these business rules. While technically speaking, in the One Identity Manager, an application role is part of a business role. However, it’s important to note that you can have a business role defined by specific criteria. Anyone who meets this criterion receives the business role, which is beneficial for management. For instance, if you want to grant access to new hires for applications like Teams, all relevant accesses can be bundled into a business role. If someone leaves the company, their status would change to inactive, and they would lose their access. This streamlines the access lifecycle management process.

From an end-user perspective, it simplifies requests for specific applications or accesses per department. Depending on your chosen architecture and access model, this organization is crucial. However, a key requirement is to have a business analyst involved; otherwise, you risk ending up with scattered entitlements and groups that lack clarity regarding their business association. Finally, don't forget to set up an approval process.

From an end-user perspective, with the new Angular portal in version 9 and upwards, it has improved significantly. However, not all companies have migrated because they have custom logic in the old portal that needs to be translated to the new Angular portal. The new portal is better as it is easy to navigate with straightforward navigation bars. Previously, sometimes custom queries behind the portal really slowed down end-user performance, with users reporting waiting 15-20 minutes for a page to load, especially during approvals or attestations. This was particularly frustrating for users needing high-level managerial approvals for various tasks. In the new portal, you can customize tasks to address some of these performance issues, making it a more efficient experience.

Overall, I would rate it a seven out of ten.

My main use case for One Identity Manager is for identity access management solutions for clients. For our clients, let's say we have a bank company as a client. In that client, there will be employees, various kinds of employees, permanent employees, external employees, vendors, so many people might be there. Every employee who gets onboarded into a company will be having some identity within the company, so to provide an entire identity access management system is essential.

Once a user is onboarded, we can give some accesses by default using birthright roles or dynamic roles. We can also provide a way so that the user can request the roles or accesses that the user might require. We have a portal, IT Shop, everything set up, and we can create workflows, access approval workflows, and all so that the user can request the required access, and if the proper workflow has been completed, the access will be provided. These all things can be customized as per the customer requirements.

Using One Identity Manager, we can connect with various target systems like ServiceNow, SuccessFactors, Workday, whatever, however. To One Identity Manager, we can onboard data, and we can also send the data to various target systems, whatever the customer might need. It provides various connectors such as DB connector, native SQL connector, Oracle connector, SAP connector, Exchange connector, Active Directory connector, PowerShell connector. There are so many ways we can connect to other systems so that we can send data to other systems and sync back from those systems, making this One Identity Manager system a centralized system that controls everything. One Identity Manager can act as a source of truth for various systems, which is one way for the companies to centralize their IM system.

In my opinion, the best features One Identity Manager offers are customization. We can customize many things as per our requirements, not just use the default options, out-of-the-box options. We can connect to any target system using the PowerShell connector, which is the best way. We also have API connectors and other things as well. From the latest versions, they are moving from the native portal to the Angular portal, which will speed up the portal development process and make the portal more attractive and dynamic. It also has other supportive portals like Operations Portal, Admin Portal, and Password Reset Portal for various services and all.

Most customers choose One Identity Manager because of the customization it provides, not just for me or my customers. We have one feature called attestation, which helps review user access periodically and frequently and ensures the audit players and audit processes work properly within the organization.

One Identity Manager positively impacts my organization and my clients by automating user access reviews, which often won't happen properly. With One Identity Manager, we can schedule those access review processes and automate them so that they automatically trigger and send access review emails to the user's managers, ensuring they take action on the access side, whether the user should have that access or not. For most customers, their access management system becomes smoother using One Identity Manager.

The specific outcomes my clients have seen include saving time and reducing manual work. Without a centralized IM system like One Identity Manager, onboarding tasks must be done manually, leading to human errors. If a user makes a mistake manually, it could lead to another incident, causing bottleneck issues in operations. Using a centralized system like One Identity Manager really eases the onboarding and offboarding processes for any organization, making identity access management smoother.

One Identity Manager could be improved because the community is a bit small, and the documentation sometimes isn't clear or interactive. This migration from the native portal to the Angular portal is not well known, and I think this change could bring chaos within the community.

I have been using One Identity Manager for more than two and a half years.

One Identity Manager is stable in my experience.

One Identity Manager's scalability depends on the subscription you take and the size of your user base.

Customer service rating: 4 out of 10.

Positive

I evaluated SailPoint, Saviynt, and other tools before choosing One Identity Manager. I prefer One Identity Manager because of the customizations it allows, though I'm not completely certain about other solutions. My experience with One Identity Manager influenced my choice.

When using a centralized system like One Identity Manager that offers so much customization, I see a return on investment through saved money. Instead of spending on various systems, having one centralized system that handles all my organizational requirements helps save money. The setup is easy, and One Identity Manager provides support.

I advise others looking into using One Identity Manager to go ahead and take the latest version of One Identity Manager solution to avoid the headaches of migrating from previous versions. The latest versions have support from One Identity Manager as well, fixing many issues and adding new features as part of the new releases. Our company has a business relationship with this vendor as we are partners. I rate this solution an 8 out of 10.