One Identity Manager Reviews

It is mainly an identity governance tool. It is being used to collect, for example, any new employee records or employee records in general from HR systems, such as Oracle, SAP, and Workday, and then push it downstream for systems such as Active Directory, Exchange, etc. This is the main functionality of it. 

The other functionality for it is to have a request platform, such as a web portal, for requests for access, approval, and user-based grants and reviews.

It helps the organization to simplify its control over enterprise access and makes the new joiner's process easier. In a small organization with 40 to 50 users, it is not a big deal. You can have one IT guy who is responsible for creating an email account, Active Directory account, Azure account, etc. It will take him one or two days to do it, but in a big corporation with more than 500 employees in different time zones, doing that is a big challenge. One Identity, and IGA products in general, excel at onboarding and offboarding employees with the linking and synchronization with the HR system. This is what they are best at. They remove the complexity because you have your Active Directory created, updated, and disabled on time, and there is no issue with that.

There is one fabric for identity lifecycle management, and the access is based on that identity lifecycle management. This is applicable to the whole market for identity governance. It is not just One Identity. You have SailPoint, Saviynt, and others. All of them are good in this aspect. They do improve the organization like that.

We can customize it to integrate with any system or application, and we can go deeper in analyzing people's access, creating roles, dynamic roles, and RBAC. They have a very strong RBAC offering, which is a role-based access model offering. If you structure it right, you can do an RBAC with One Identity. I use it for two customers. One is in the Middle East and one is in Europe. I represent the client side, and mostly I see a robust onboarding and offboarding operation with this product. It is very good for both experiences. It is a very structured way of doing things. Movements across the departments and things like that can be handled. It is quite customizable. It is quite good.

When it comes to intuitiveness, the clients using IT Shop people are complaining. I have had a client in the Middle East, and then I have had a client in Europe. They all say that IT Shop is not intuitive. It is the same feedback. One Identity is trying to make it better with Angular, but there is a fifty-fifty split. One aspect is how the vendor has designed the portal and the other aspect is how you structure the request and approval process. We are as guilty as the vendor. The vendor has a bad portal, but most of us also have a bad way of thinking as clients. People are not advised well because the adoption and the usage should be driven by the vendor. Instead of doing that, the vendor is just selling. If you talk to a partner, they might advise you, but if you have the wrong partner, you are in trouble. So, people complain about the intuitiveness of the portal, but they are confused because the process is being showcased in a very bad way.

To customize IT Shop, they had a strange tool called Web Designer. It is one of the seven tools or seven clients they had. It was not easy to find anyone worldwide who knew how to handle it. You can find developers who have One Identity skill set, but only one out of ten of them would know how to handle the designer tool. In case you need to customize, it was a tough journey. That is why One Identity flipped the narrative by saying that they are going with Angular. We need to run Angular, and they have the REST API. I told them that this is a bad approach because they are assuming that clients have Angular developers, but some clients or some small clients do not have Angular developers. Some clients might have Angular developers but they are assigned to all business units. They are asking us to start hiring an Angular developer or rely on a partner, but is their partner certified to do Angular or not? To me, they did this conversion without any proper thinking or from a very narrow perspective.

I do not have complaints about the backend of this tool. Frontend is a major issue. Their roadmap has no consideration for the clients. In the CAB meetings, I have seen how they manage relationships in general. The company mindset is a bit strange. They look at big clients for feedback and opinions, but they do not look at small and medium businesses. They do not care about hearing us, but when it comes to big companies, you see their engineering team circling around them. They have this cultural problem in the company. They are not only selling the products to just a few big companies worldwide. They are selling it to everyone, but there is a lack of inclusiveness. They assume that all the clients have the same technical skill sets to operate this tool, but that is not true. There is an issue with their roadmap and way of thinking. I have also provided this feedback to the head of the company, Mark Logan, during a cab meeting. I told him that they need to fix how they collect feedback and maintain customer relationships.

We use business roles to map company structures for dynamic application provisioning. It is very good for that. It works very well. If you implement it right and you are advised very well, it can be magic. It can make people very happy about the tool in the company, which was the case when I was working in the Middle East for my first employer. If you do it wrong or are not advised well about it, it can lead to disaster, which is the case with my new employer where I have been working for two years. We have reached a point where we have 50 roles with the same entitlements, and people do not know which one is which. It is not the fault of the tool. The lack of advice on how to structure and design it well can lead to issues. It is not a technical issue. From a technical perspective, it is very flexible. It can do whatever you want. Partner implementation is the main issue.

It can help minimize gaps in governance coverage among test, dev, and production servers, but I have not seen it in practice. Some people do it where you can connect One Identity to One Identity Manager with a direct connection. You can have that. That is one option. The second option is something called transport packages, so it has a good change management label and transport package solution. They have a partner called Intragen, which is a Dutch partner, that created a new product called Deployment Manager. That product does the release management process and testing for CI/CD to a very good level and in an automated fashion. You can buy a product like that and hook it up to One Identity. The tool has the framework to handle this. It is okay in that sense. From a change management and release management perspective, the product has principles. It is not lacking there, but it needs modernization for complete CI/CD.

It is very good at helping you streamline application compliance and application auditing if you know how to integrate applications. Most IAM programs or projects focus on users and users in groups, but handling single entitlements or a cluster of entitlements is a different board game. However, I cannot say that it is a One Identity problem. One Identity is customizable, and it is equipped to do that. You can do that. It is an investment issue rather than a One Identity issue.

The best feature of this solution is its flexibility to be customized. It is like a framework. You can customize it very far from its core functionality, and it will still work.

The second best thing about the product is that it is rich in concepts of orchestration and event-driven architecture. It works well if you have a development team. For a team that has developers with VB, .NET, or C# skills, it is a very good product.

Another thing that is good about this product is its stability. In general, it is very stable. It does not go down that easily. It does not crash frequently. Especially since version 7 or 8, accessibility has been a very good factor. These are the main aspects that make it one of the best products.

In terms of providing a single platform for enterprise-level administration and governance of users, data, and privileged accounts, One Identity is not yet there. One Identity recently bought OneLogin. They already had Safeguard and One Identity Manager. They have started integrating these three tools. I am also on the customer advisory board (CAB) of One Identity, so I have more insight into these things. I know that they started to integrate OneLogin and One Identity just recently. OneLogin is their access management tool. They use it for authentication and for SSO. It is a competitor for Entra and Okta, whereas Safeguard is competing with CyberArk, Delinea, and BeyondTrust. One Identity has indeed done good integration between their three products. However, the platform is not unified. You still need three URLs, which is not optimal. They are going there, but it will take them time.

The second thing they are not yet good at is their SaaS offering. They are behind in the market. They started with something in Safeguard, but it is a pretty basic offering. It is still a new baby. They have Safeguard On Demand, but it is just a hosted PAM solution. I did PoC for Safeguard twice. This is how I know this, but I have not used it. As PAM, Safeguard is a good product, but it is not a full-featured PAM like CyberArk or BeyondTrust. They are lacking in that aspect.

The integration between One Identity's products is similar to BMC's integration. I used to work with BMC products such as BMC Remedy ten years ago. I used to be an ITSM or Control-M guy. When BMC integrated its products, the integration was not well done. It was like two different entities trying to integrate with each other rather than one company giving you a fully-fledged platform. The same thing is happening with One Identity Manager at the moment. They are selling it as a unified platform, but in my opinion, it is not yet good. It is also not bad. There are things that I can take from it, but there is no complete picture. The problem nowadays is that vendors are getting into each other's areas. For example, CyberArk used to be just a PAM provider, so people would integrate with it, but now, CyberArk wants to do the identity bit. It has now become a competitor for other vendors, so they will stop integrating with it. SailPoint, at some point, stopped integrating with CyberArk. SailPoint and CyberArk's integration was good. This is what is happening in the market or between vendors. All of them are getting into each other's area. If you happen to buy another product from a competitor, you need to integrate it on your own. There is no integration plug-in concept between them. This is a bit hard for companies that already have a PAM and they want to buy a new IGA, for example, or vice versa.

They are trying to shift towards an Angular-based platform for their web portal or for IT Shop. That has been very long overdue because they did not modernize their web portal for almost three versions. They are doing it, but there is no feature parity till version 9.3, which is the upcoming version. This is a problem. For example, data governance is not included in 9.2 if you want to upgrade, but if you do not upgrade, you lose support. They have these issues with the roadmap in general. They give you options, but they are not always the complete options. To me, it seems that this company is going to suffer in the long run.

Another issue is that for admin requests, we have to configure the tool at least in seven different clients, which is unacceptable. We are in 2024, not in 1981 or 1985. Having seven clients for the same tool, or more, is just unheard of. To me, that is a very old design idea. I am on the newest version 9.2, and I am still doing that. To me, that is a big problem as an admin. 

The relationship with the customers is extremely bad. That is not a technical problem. That is a company problem. They tried to fix that, but it seems they failed. They do not have the personnel. They have a hiring problem. They now rely on partners. They are a type of company where the partner is more of a vendor to you as a client rather than the company itself. If you want to pick any solution by One Identity, you need a very strong partner with you. If you do not, you will struggle with this product's adoption, roadmap, vision, and implementation. We struggle a lot as a client. I have been there. I have seen that. It is not easy with them. One Identity is based in Europe. Our account manager at One Identity resigned in May and till now, just to show how bad they are, we do not know who our new account manager is. We are in August.

Their Starling Connect roadmap or flagship is a failure. We had to withdraw from using it with SuccessFactors, for example. It had a lot of stability issues. Now, my understanding is better, but it caused a bad implementation, so we are not using it. They are not investing a lot in enhancing or extending Starling Connect. They are using Starling Connect as a propagation gateway to SaaS apps so that you have One Identity Manager on-prem talking to Starling Connect which is handling all SaaS apps. However, the roadmap for Starling Connect is not clear. Now that they have bought OneLogin, OneLogin can do that as well as an IAM tool. You can now bring any IAM or CIAM tool such as Entra, Okta, or OneLogin. They can be your propagation gateway. OneLogin and Starling Connect are competing products, and they need to unify them. They cannot have both products doing the same thing. When I discussed this with the head of engineering from their side, they were still defending having Starling Connect. I do not understand why because if you have a proper IAM such as Entra or Okta, that is your propagation gateway. That is it. You can do everything you want with it. You can merge the functionality, and that is it. You do not need Starling Connect. To me, this is confusing. You use a propagation gateway like Starling Connect because it has ready plug-ins to connect to SaaS apps and you do not need to create a custom connector every time. If you look at the number of apps that One Identity supports with Starling Connect, there are not more than 50, which is not a lot. There is a big difference when you compare it to Okta Marketplace or Entra Marketplace. You will immediately understand the difference. OneLogin's marketplace is better than Starling Connect, but OneLogin was not a part of One Identity before, so they had their own marketplace. Overall, the Starling Connect roadmap does not make sense to me.

They need to remove the dependency on VB.NET for backend development and they need to unify the front end. If they are selling it as a unified product, they need to give me a unified UX. This is something I have mentioned to Mark Logan himself. This is how ServiceNow won over Remedy. Having a unified UX and being able to turn on or off a feature is better than trying to connect three or four different products with different contracts. To me, the main thing is that they need to modernize their application. Once we do that, making it SaaS is doable.

I have been using this solution since 2018.

It is very stable. I would rate it a nine out of ten for stability.

I would rate it a six out of ten for scalability.

About 25% of the company uses this solution. If the company has 4,000 people, at least 1,000 people use it. It is quite a well-known product. It is not just a niche one. It is a mainstream product. People use it. We have 30 branches all around the world, and all of them use it. We are hosting it centrally in Switzerland.

I use their regular support because their premium support is useless to me. Their support, in general, is useless most of the time.

The main thing that makes this solution stand out as compared to others is the ability to customize it, especially when it is on-prem. It is cheap from a licensing perspective. Once you pay, it is very cheap to operate if you have a good development team. It is also extremely stable. At the backend, it is well-designed. However, it lacks AI. When you go SaaS, you can put AI and all of that stuff, but if you are on-prem, you do not have AI.

It is deployed on-prem. Its deployment is complex.

By design, it is well-engineered. The idea is that the database pushes everything, so you need to focus while updating or installing the database. If the database is installed correctly with schemas, it has DLLs. Whenever you install a client, it distributes to the connecting client, so it is designed with this centric approach. However, sometimes, you end up with situations related to encryption, a missing component, or a missing instruction that you did not account for. 

Recently, I upgraded from version 8 to 9, it took 14 hours of work to do an in-place upgrade. It was not a migration. That is too much. We had a team of five people including developers. It was not easy. It took us two months to do the upgrade. It is always like that because you need to do complete testing. A small problem with One Identity is that they remove a functionality but do not tell you about it, so you need to test. If you are giving me this product that can be customized, I will use the methods that you have. If you change how a method behaves and do not tell me, I get into trouble. Only a very strong partner would know about all this. With a small partner, you will have an issue.

It does not require much maintenance or patching. That is not an issue with One Identity. You do not need to restart it once a month. It is very stable. From time to time, you might have some issues that require a restart but not all the time. It is not like some Java applications that require a restart every month.

On-premises, it is cheap. It is way cheaper than others. The cost of the hosted one varies. They do offer a hosted one, and its cost varies, but it is not that expensive. You have a license for employees and a license for support.

The problem is that people try to compare it with an IAM solution such as Okta or Entra, but they are different products. It should not be compared to them. The only ones you can compare it with are SailPoint or Saviynt. In my head, the rest are not even IGA products. SailPoint is much more expensive to operate than One Identity. If you go SaaS, SailPoint is way more expensive, but that is the whole point of SaaS. SaaS is more expensive anyway.

I would recommend this solution only if you have a very strong partner. Otherwise, do not go close to this solution.

We use One Identity Manager to manage SAP, but in our case, we have connected with CUA, so we have one single point of interface with SAP. That helps a little bit to make the management less complex. If we did not have CUA, we would have had to connect individually. CUA is straightforward. We connect to it. We push through CUA, and we sync everything. We have thousands of roles.

It provides IGA to some extent for the difficult-to-manage aspects of SAP. At the moment, with CUA, we do clients, profiles, etc. They recently added something called behavior-driven governance on SAP. We have not used it, but we can basically check if someone is using his account in SAP or not, and then we can do a user-based access review for his access. We can see what he used within SAP, which is good. We can also do combinations where if we have this role, we should not have that role in SAP, which is very good.

One Identity gives you a lot of features, but you need a proper program to drive it. If you do not know how to use it, you will stay at the basic level. Technically, the product is well-capable, but the caveat is that it is a framework product. You need to have a development team. You cannot just do it with a normal admin. You need a development team for this product.

Versions 9.2 and above have something for assisted approval. I have not used it, but from what I have read, you can see who in the same team has the same access. It will tell you whether it is an anomaly or a common request. The same thing is there for user baseline reviews. That is a good thing.

Overall, I would rate this solution a five out of ten.

The use cases for One Identity Manager include multiple aspects of identity and access management. One of the most interesting features I wanted to utilize was the user's access review, UAR module. The idea was to create a quarterly review process to review the entitlements and the access and controls in place, initially targeted towards Active Directory and later extended to other local systems. One Identity Manager can connect SAP accounts to employee identities under governance. It is possible to map company structures for application provisioning through dynamic application provisioning using role-based access control. Mapping roles to users is a seamless experience that offers a lot of leverage in terms of speed and compliance, making it a very useful feature.

The use cases for One Identity Manager include multiple aspects of identity and access management. One of the most interesting features I wanted to utilize was the user's access review, UAR module. The tool can onboard applications such as SAP, which is standard, and the APIs do not present challenges. One Identity Manager can connect SAP accounts under governance, and mapping roles offers leverage in speed and compliance. This functionality is crucial for compliance and governance.

The tool did not allow beyond a specific level of visibility; it provided visibility at the user level, not at the level of nested entitlements, resulting in an inaccurate depiction from the asset manager's point of view. This necessitated manually inputting data into the One Identity Manager user access review module. When it comes to privileged access management, we need to know who has access to what, which is the central problem we want to solve. However, for One Identity Manager, the visibility could be a lot better, especially given we are dealing with many data visibility products in the market.

Aspects such as reporting and dashboarding could be improved; I've seen tools doing better in those areas. One Identity Manager does not deliver specialized workflows for SAP; it offers very standard workflows. However, there are some modules that can be imported, and certain custom workflows need to be created. 

Customizing the solution for particular needs is very subjective. It does provide a lot of customizability, though there's room for improvement. One Identity Manager helps minimize gaps in governance coverage, but effectiveness depends on the organization. Ultimately, while One Identity Manager can solve problems, the tool must be combined with good people and a sound strategy for maximum effectiveness.

I have used One Identity Manager for more than ten years.

For single-site installations, it performs adequately, however, multi-tenant setups present challenges demanding significant improvements.

For single-site installations, it performs adequately. Multi-tenant setups present challenges demanding significant improvements.

I have contacted their technical and customer support. I consider their support to be very standard, relying on an email-based system. My support engineers have received solutions to their inquiries. However, a tailor-made, dedicated support would significantly enhance user experience, especially for organizations that do not want to wait in queues.

Negative

I would rate the initial setup at a seven out of ten. The reason for this rating is the critical nature of multi-tenant applications; compliance is heavily influenced by multi-tenancy, so a lot of engineering improvements could enhance the product.

Ideally, One Identity Manager as a SaaS tool handles maintenance; however, this depends on the specific maintenance discussed.

I had partners who helped set up the whole process, and they were familiar with implementing the tool. Some were contractors, and they did a pretty good job in terms of delivery, respecting timelines. When I was working with one company, my team was based in Nice, France, consisting of internal employees and contractors. They implemented the solution fairly well. However, I had to provide a lot of unnecessary reporting and overhead when connecting the tool with our production environment, providing data that could compromise internal security despite getting the right approvals. Overall, it was an okay experience with One Identity Manager.

We use multiple tools in tandem for better security. The procurement and licensing process can indeed be complex. My experience was decent, with no major problems during procurement or licensing; it was a mostly seamless experience.

With respect to privileged accounts, I would say One Identity Manager can improve; for privileged accounts, a lot needs improvement, and it is not best practice to depend on one tool. 

One Identity Manager could incorporate dynamic dashboarding to predict attack vectors and compromises.  

I would rate One Identity Manager seven out of ten since it can improve on many aspects.

I was also involved in deploying workflows, and the deployment part was handled by senior developers, especially when dealing with orchestration challenges tied to Kerberos delegation and VM issues.

One Identity Manager was utilized for governance, provisioning, compliance, and audit management. Even though I had limited access to certain parts, such as IGA, it played a critical role in large-scale access management by offering impressive provisioning and deprovisioning systems. It is an intuitive product for users, as I was able to learn and deploy workflows within a timeframe of two months. The documentation it provides was crucial for the learning curve.

In terms of customization, the ecosystem One Identity Manager offers includes a variety of workflows and extensions, although this comes with high costs. It is highly configurable, allowing dynamic application provisioning through process chains involving IAM and IAG related workflows.

One Identity Manager could enhance its trial offering to support custom workflows and VB.NET codes, which would help learners. Improved documentation organization can benefit newcomers, requiring less external searching. A self-check mechanism for file integrity, particularly for missing DLLs, can prevent developer frustrations.

High pricing remains a notable drawback, driving potential clients towards alternate IAM solutions. Additionally, incorporating AI-driven updates could enhance its competitive edge in the evolving market.

I have used the solution for two months from June to August last year.

Regarding stability, I would rate One Identity Manager as 8, 9, 8.

My clients were enterprise level, and I would rate the scalability of One Identity Manager as hyper-scalable, 10.

They had premier support, but I never used any of it.

From what I heard, everyone said that before One Identity Manager, they had many workflows and loopholes. After starting to use it, those issues were addressed, creating a very positive experience for the customer.

Regarding pricing, I find One Identity Manager to be expensive. On a scale where one is cheap and ten is expensive, I would say 10, which is what clients have communicated.

From my experience with other solutions, such as SailPoint, Saviynt, and Omada, the UI is the only aspect where I think One Identity Manager faces challenges. However, I believe One Identity Manager is performing exceptionally well.

I always try to recommend One Identity Manager. The only drawback is the price, which is so high that clients try to use other IAM platforms. However, for those with a good budget, the ecosystem One Identity Manager provides is one of the best.

I highly recommend One Identity Manager. The documentation can be categorized for better learning phases. A self-check for file integrity could help, as a missing DLL once caused frustration.

Several areas for improvement include providing a more elaborate trial version for custom workflows and improving documentation categorization. A self-check mechanism for file integrity would also be beneficial.

I rate One Identity Manager overall as an 8 or 9, with 9 being my final answer.

I use One Identity Manager in a few different projects for the Air Force, and I have also used it for the commercial business that I currently work for, covering both government and commercial environments.

I do not use One Identity Manager to help me manage SAP.

I don't use One Identity Manager for IGA regarding the difficult-to-manage aspects of T-codes, profiles, and rules.

I do not use One Identity Manager to extend governance to cloud applications through custom interfaces.

The most valuable aspect of One Identity Manager is how customizable it is compared to alternatives, which is the most obvious and biggest differentiator for me.

I am a strong advocate for One Identity Manager because it provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts. The tool is fantastic for what it does. However, in version eight and below, the UIs to perform all that functionality were terrible and even worse when customizing. The newer version nine is significantly better. I haven't had much experience with the latest version since we are still on version eight, though the UI to manage and perform governance could be better, but I know version nine has definitely improved in this regard.

One Identity Manager has helped me minimize gaps in governance covering test, dev, and production servers. We have two instances of One Identity Manager, and one instance doesn't necessarily allow us to manage test, dev, and prod all together, but separate instances of One Identity do.

One Identity Manager's documentation is something they can improve, and I believe much of this is related to translation since it is a German company. Access to documentation and finding answers on how things work is extraordinarily difficult.

One Identity Manager has not helped application owners or line of business managers make application decisions without involving IT. Regarding the elimination of the help desk's need to govern access to applications because of One Identity Manager, managers can go in and find the roles their employees need and dynamically assign permissions through One Identity Manager. However, I'm uncertain about what is meant by application governance decisions in this context.

One Identity Manager could help me achieve an identity-centric Zero Trust Model, but we haven't necessarily designed it to do so in any of my environments.

I have been using One Identity Manager for approximately eight years.

One Identity Manager is very stable. I haven't seen any major instability such as lagging, crashing, or downtime.

Considering that One Identity Manager runs off a database, as long as you can scale your database, the scalability is great because you can even set up multiple job servers.

I have contacted customer support or technical support for One Identity Manager, mostly because we are trying to customize things and need that next-level engineering support, not because of problems with the product.

The quality and speed of One Identity Manager's support were terrible years ago, but in the last few years it has gotten significantly better. I would rate the support currently as pretty good.

On a scale from one to ten for the support of this product, I would give it a nine. For the support recently, I would say seven.

Positive

The initial deployment of One Identity Manager when I first started was pretty easy with no major hurdles.

The first time I deployed One Identity Manager was eight years ago, which isn't a fair comparison, but regarding the most recent experience, I had it installed in under an hour, though I have also done it a few times.

One person can deploy One Identity Manager, so you don't need an entire team.

One Identity Manager requires pretty straightforward maintenance regarding the installation sustainment. However, for governing the system for a decent-sized corporation, you would want a couple of full-time people to govern all the functions. For day-to-day IT system administration, it doesn't really require much.

I did look into alternatives to One Identity Manager, specifically ForgeRock at one point, and there was something else we looked into, but I cannot remember the name of it.

I would give this product a review rating of nine out of ten.

One Identity Manager's main value to my organization is its flexibility and depth of customization, as it seamlessly integrates with a wide range of on-premises and cloud systems and supports strong automation for joiner, mover, and leaver processes. The automation features I use help to reduce manual effort, improve consistency, and strengthen our overall security posture. I also appreciate the reporting and auditing tools, which are particularly strong, provide clear visibility into access rights, and support compliance initiatives.

A specific example of how I use the automation features and reporting tools in my day-to-day work is through configurable workflows that reduce manual effort, improve efficiency, and ensure consistency in access management processes. One Identity Manager provides detailed reports and dashboards for visibility into identities, access rights, and compliance status.

One Identity Manager is used to centrally manage digital identities and access rights across my organization.

The best features One Identity Manager offers include identity lifecycle management, access provisioning, role-based access control, compliance reporting, and auditing across IT systems. Out of these features, I find myself relying on user lifecycle management the most because it helps automate joiner, mover, and leaver processes by provisioning, modifying, and de-provisioning user accounts across connected systems.

Regarding access provisioning and de-provisioning, it manages access request approvals and enforces access policies for applications, databases, directories, and cloud services. For privileged access governance, it governs access to high-risk or privileged accounts by enforcing approval workflows and monitoring usage.

I also appreciate the integration across IT systems where One Identity Manager integrates seamlessly with on-premises and cloud platforms such as Active Directory, Azure AD, SAP, databases, and custom applications.

When it comes to reporting and auditing, One Identity Manager provides detailed reports and dashboards for visibility into identities, access rights, and compliance status, which helps us make data-driven decisions easily.

Since we started using One Identity Manager in my organization, we have seen operational efficiency gains, including faster onboarding and de-provisioning, help desk cost reduction, and improved compliance and audit efficiency. We have also seen a reduction in security risk. The help desk cost has been reduced greatly, as automating password resets, self-service access requests, and lifecycle events cuts down on help desk tickets and support labor by fifty percent. One Identity Manager has reduced risk through strong identity governance that helps prevent over-privileged access and orphaned accounts, lowering the likelihood of data breaches. We have been able to save a lot of money—over the past four years, we have saved approximately one hundred thousand dollars.

One Identity Manager can be improved because implementation and administration require specialized knowledge, and deployment efforts can be significant.

The user interface prioritizes functionality over simplicity, and effective use of the platform typically depends on well-defined processes and trained administrators.

I have been using One Identity Manager for four years.

For any organization that is looking for frequent reporting improvement in efficiency, lowering error rates, and faster compliance outcomes, I advise that you should consider One Identity Manager, which delivers measurable financial value.

Since we started using One Identity Manager, it has been truly helpful. It has led to fewer help desk tickets and faster service delivery in my organization, enhanced security and compliance, reduced risk and audit burden for IT, and improved time to productivity for our employees. I would rate this product a nine out of ten.

One Identity Manager simplifies user operations and provides security features, including automatic blocking of inactive accounts and timely access revocation.

My user experience with One Identity Manager involves using Identity Access Management to provide security, compliance, and visibility. We have implemented RBAC, where we define roles and responsibilities based on job functions or permissions. We have SoD (segregation of duties), ensuring that no single user has permissions that could lead to conflicts or fraud. The benefits include reduced security risks, lower costs with SSO solutions, enhanced user experience compared to other solutions, and improved compliance with regulations.

Customization for One Identity Manager is based on client inputs. We can detail and break down the inputs for customization, including user interface customization, where we include manager and launch pad features. For example, we implemented the Genesys application for the service desk, where we can monitor daily calls, frequency, and agent performance. This implementation helps showcase to customers our multiple checks and background processes internally. We provide recording sessions to users for review and daily improvement. Configuration parameters come under several aspects based on system behavior. One Identity Manager provides default parameters for particular solutions, allowing an overview of the tool.

In my experience, the best features in One Identity Manager are under SSO (single sign-on), where we can save passwords and don't need to authenticate each time when accessing applications. This extends to the creation of privileged IDs and account creation in AD. 

Perhaps support could be improved. The knowledge base articles and wiki resources we currently use may not be applicable in every situation, as they often depend on the specific inputs or problems presented by users.

I have been using One Identity Manager for six years.

It is stable. 

We provide solutions for enhancing access governance with One Identity Manager, including identity verification and improving system security procedures. This includes designing and implementing IAM solutions for legacy systems, cloud migrations, and multifactor authentications. We implement MFA solutions for applications with larger audiences. We manage roles and responsibilities in IAM technology and conduct risk assessments to identify potential vulnerabilities. The identity verification process comes as an automatic solution, streamlining user onboarding and offboarding in the organization.

Our clients are enterprises. We have more than 50 specialists.

We use their regular support. I would rate their support an eight out of ten.

Positive

For identity access management, we have used multiple tools. When I was working on a banking project, we used a right modeling tool and Sphere and AD to create users in AD and Nsphere, which is an internal tool of a particular project. Whatever we handle in AD and the right modeling tool reflects in Nsphere, which serves as a portal where all users are displayed, and we can see which level of access is required for a particular application. Being in the banking sector, we have an N-3 approval format. Based on approvals, such as line manager approval, we make changes accordingly. We worked with privileged IDs where particular users want different sets of privileges for their accounts. For example, with my particular account in the banking sector, I can give third-party users access to my entire bank for read, write, and edit capabilities. For some users, I can give only read access, allowing me to segregate the privileged IDs and privileges for users who can access my application or banking portal.

In another project for insurance, we used applications in SAML and OIDC. For OIDC applications, we asked the end user to provide the client ID and based on that, we shared the configuration directly to their email IDs. They could copy-paste the same configuration to make the portal easily accessible. With SSO and One Identity Manager implementing that configuration for OIDC applications, they can easily access their portal without multiple authentications. Through single sign-on, users can sign in once and access the portal without passwords.

From my knowledge, One Identity Manager makes customer operations easier compared to other solutions. When customers have different applications or solutions but want to migrate to One Identity Manager, it's because of enhanced security and the convenience of the SSO process.

The setup is somewhat tricky because providing on-premises ID access requires following specific justifications and naming conventions, with different sets of servers to be added for users. We must be conscious while providing access to servers. For instance, if a user requests access to 10 servers, we need to evaluate whether they truly need all server access and can segregate permissions for cost and security reasons after consulting with line managers.

The cost is handled by customers, but it doesn't seem to be very expensive. It seems fairly priced.

We use One Identity Manager for business roles, implementation capabilities, SSO bypass, and automation deployment with guidelines. The licensing helps consolidate procurement when generating audit reports. We follow basic steps such as end-user satisfaction and improvement in regulatory functions to reduce business risk. We implement changes according to the system lifecycle and role-based access control. 

Privileged users receive separate access, enabling them to access cloud applications. With a privileged ID account, users can access CyberArk, Entra, and Office 365 to manage licenses. One Identity Manager provides good security through SSO and MFA implementations. While there can be dependencies during new configuration creation, we work to provide better user satisfaction and support. 

I would rate One Identity Manager a ten out of ten.

We use One Identity Manager for workforce identity and access management. We have implemented basic controls like joiner, mover, and leaver processes for our employees. 

We are integrating our most critical and important business systems and applications into it, handling the access management to those systems using One Identity Manager. 

I like the solution since it is very flexible, and I can basically do everything that I like and need with it. 

I appreciate its automation capabilities a lot. Through automation, we have been able to reduce the number of service requests and tickets to our vendor. We have also managed to reduce the cost quite drastically in that sense. 

Additionally, by automating the access reviews, we have saved considerable time for our business leaders, even talking about several full-time equivalent savings concerning access review automation.

It works well at an enterprise level. We use it as a centralized platform for the whole identity.

It is a flexible system and we can customize it the way we want.

We use the business roles to map company structure for dynamic application provisioning. This is a very important aspect of the solution. 

We use the solution to extend governance to cloud apps and this is very useful for us.

Through automation, we have been able to reduce the number of service requests and service tickets towards our vendor, and we have been able to reduce the cost quite drastically. By automating access reviews, we've been able to save quite a lot of time - up to several FTEs. When we launched the system, we had quite a wide scope and saw results immediately. 

The solution helps us achieve an identity-centric zero-trust model. As you are getting your identity only through a centralized system and also getting all the accesses attached to that identity and all the accounts attached to that identity through one system, then it is possible. We also handle access to any system through that one solution. When we do that, we have a full picture of the identities and what kind of accounts and entitlements they have. Having the full picture and having the governance of the whole entity when it comes to access management allows security to be tight. Also, the controls that we have in place then, for example, joiner, mover, leaver, that helps in maintaining that zero trust principle.

In regards to the front end, the portal that is offered to our users needs improvement. There is room for improvement on that side, particularly in user experience. It is not as intuitive as I would like. If there is something to improve in One Identity Manager, it is the end-user experience. 

The database structure is quite complicated. I don't know if it can be improved or if it can. It will probably be a long journey. The most important thing is to think of our customers, and then the user interface is the part of the system that needs some improvement.

We can customize it, however, we need skilled resources to do so. There aren't as many skilled people in the market.

We launched it in October 2023. However, we started implementing it in 2021.

We rely on vendor support, and I would rate it as ten. We mainly receive support through their partner. 

Positive

We did quite a large comparison when we chose this system, and I see that there are systems in the market which offer the same functionality. However, there are also a lot of systems that are more restricted in the functionality they offer. There are maybe a couple as large and with as many capabilities as One Identity Manager. One Identity Manager is one of the top systems in terms of capability offering. That's the reason why we chose it for our company's purpose.

Our experience was complex, however, it was not due to the system. It was due to the wrongly chosen partner who didn't have the needed skills to implement it properly. 

It also depends on the scope of what needs or is wanted to be implemented as the minimum viable product. I wouldn't say that it's complex, however, maybe not easy either, so maybe something in between.

We implemented via a partner. They are the ones doing the customization if we do any currently. Our partner organized the training, however, the training was given by One Identity itself.

We have been reducing costs and saving several full-time equivalents by using automation.

I would rate the solution overall as eight out of ten based on the bad user interface.

One Identity Manager's main use case in our organization is identifying lifecycle management, including automated user provisioning, de-provisioning, and role-based access control across systems. It helps us enforce governance and compliance by managing access policies, approvals, and audit trails in multi-customer environments.

When a new user is onboarded in AD or HR system, roles are auto-assigned based on department, triggering automated provisioning to applications like email, VPN, and business systems. For access control, any role change automatically revokes old access and grants new permissions, ensuring least privilege and compliance without manual intervention.

Additionally, we use access certification and periodic reviews to ensure users only retain required privileges, supporting compliance. One Identity Manager helps with segregation of duties enforcement and audit readiness, which is critical in multi-customer regulated environments.

Some of the best features of One Identity Manager are its automated identity lifecycle management and role-based access control, which streamline provisioning and enforce least privilege access.

Automated lifecycle management removes manual provisioning tasks, ensuring users get correct access instantly during joiner, mover, and leaver events. Role-based access control standardizes permissions, reducing errors and tickets while improving compliance and speeding up day-to-day operations.

One Identity Manager offers strong access certifications and audit reporting, which simplifies compliance and reduces manual audit effort.

One Identity Manager has improved our operation efficiency by automating provisioning and reducing manual access management efforts across multiple systems. It has also strengthened security and compliance through better visibility, access governance, and audit readiness, helping reduce risk in multi-customer environments.

We have seen a 40 to 60 percent reduction in provisioning time and significantly fewer manual errors due to automation and role-based access controls. Audit readiness improved with near-zero critical findings and faster certification cycles. Access-related tickets have been reduced by 20 to 30 percent, improving overall service efficiency.

One Identity Manager could improve in UI/UX simplicity, as configuration and navigation can be complex for new users. Additionally, faster cloud-native integrations and simplified customization of workflow design would help reduce implementation efforts and improve agility in dynamic environments.

One improvement would be to benefit from better out-of-the-box connectors for modern SaaS or cloud applications to reduce customization effort.

I have been using One Identity Manager for three years.

For anyone looking to adopt One Identity Manager, I would recommend clearly defining roles, access policies, and governance model upfront to avoid complex rework later. It is important to plan for implementation effort, customization, and training, and leverage automations early to maximize efficiency and compliance benefits. I would rate this product nine out of ten.