One Identity Manager Reviews

It is mainly an identity governance tool. It is being used to collect, for example, any new employee records or employee records in general from HR systems, such as Oracle, SAP, and Workday, and then push it downstream for systems such as Active Directory, Exchange, etc. This is the main functionality of it. 

The other functionality for it is to have a request platform, such as a web portal, for requests for access, approval, and user-based grants and reviews.

It helps the organization to simplify its control over enterprise access and makes the new joiner's process easier. In a small organization with 40 to 50 users, it is not a big deal. You can have one IT guy who is responsible for creating an email account, Active Directory account, Azure account, etc. It will take him one or two days to do it, but in a big corporation with more than 500 employees in different time zones, doing that is a big challenge. One Identity, and IGA products in general, excel at onboarding and offboarding employees with the linking and synchronization with the HR system. This is what they are best at. They remove the complexity because you have your Active Directory created, updated, and disabled on time, and there is no issue with that.

There is one fabric for identity lifecycle management, and the access is based on that identity lifecycle management. This is applicable to the whole market for identity governance. It is not just One Identity. You have SailPoint, Saviynt, and others. All of them are good in this aspect. They do improve the organization like that.

We can customize it to integrate with any system or application, and we can go deeper in analyzing people's access, creating roles, dynamic roles, and RBAC. They have a very strong RBAC offering, which is a role-based access model offering. If you structure it right, you can do an RBAC with One Identity. I use it for two customers. One is in the Middle East and one is in Europe. I represent the client side, and mostly I see a robust onboarding and offboarding operation with this product. It is very good for both experiences. It is a very structured way of doing things. Movements across the departments and things like that can be handled. It is quite customizable. It is quite good.

When it comes to intuitiveness, the clients using IT Shop people are complaining. I have had a client in the Middle East, and then I have had a client in Europe. They all say that IT Shop is not intuitive. It is the same feedback. One Identity is trying to make it better with Angular, but there is a fifty-fifty split. One aspect is how the vendor has designed the portal and the other aspect is how you structure the request and approval process. We are as guilty as the vendor. The vendor has a bad portal, but most of us also have a bad way of thinking as clients. People are not advised well because the adoption and the usage should be driven by the vendor. Instead of doing that, the vendor is just selling. If you talk to a partner, they might advise you, but if you have the wrong partner, you are in trouble. So, people complain about the intuitiveness of the portal, but they are confused because the process is being showcased in a very bad way.

To customize IT Shop, they had a strange tool called Web Designer. It is one of the seven tools or seven clients they had. It was not easy to find anyone worldwide who knew how to handle it. You can find developers who have One Identity skill set, but only one out of ten of them would know how to handle the designer tool. In case you need to customize, it was a tough journey. That is why One Identity flipped the narrative by saying that they are going with Angular. We need to run Angular, and they have the REST API. I told them that this is a bad approach because they are assuming that clients have Angular developers, but some clients or some small clients do not have Angular developers. Some clients might have Angular developers but they are assigned to all business units. They are asking us to start hiring an Angular developer or rely on a partner, but is their partner certified to do Angular or not? To me, they did this conversion without any proper thinking or from a very narrow perspective.

I do not have complaints about the backend of this tool. Frontend is a major issue. Their roadmap has no consideration for the clients. In the CAB meetings, I have seen how they manage relationships in general. The company mindset is a bit strange. They look at big clients for feedback and opinions, but they do not look at small and medium businesses. They do not care about hearing us, but when it comes to big companies, you see their engineering team circling around them. They have this cultural problem in the company. They are not only selling the products to just a few big companies worldwide. They are selling it to everyone, but there is a lack of inclusiveness. They assume that all the clients have the same technical skill sets to operate this tool, but that is not true. There is an issue with their roadmap and way of thinking. I have also provided this feedback to the head of the company, Mark Logan, during a cab meeting. I told him that they need to fix how they collect feedback and maintain customer relationships.

We use business roles to map company structures for dynamic application provisioning. It is very good for that. It works very well. If you implement it right and you are advised very well, it can be magic. It can make people very happy about the tool in the company, which was the case when I was working in the Middle East for my first employer. If you do it wrong or are not advised well about it, it can lead to disaster, which is the case with my new employer where I have been working for two years. We have reached a point where we have 50 roles with the same entitlements, and people do not know which one is which. It is not the fault of the tool. The lack of advice on how to structure and design it well can lead to issues. It is not a technical issue. From a technical perspective, it is very flexible. It can do whatever you want. Partner implementation is the main issue.

It can help minimize gaps in governance coverage among test, dev, and production servers, but I have not seen it in practice. Some people do it where you can connect One Identity to One Identity Manager with a direct connection. You can have that. That is one option. The second option is something called transport packages, so it has a good change management label and transport package solution. They have a partner called Intragen, which is a Dutch partner, that created a new product called Deployment Manager. That product does the release management process and testing for CI/CD to a very good level and in an automated fashion. You can buy a product like that and hook it up to One Identity. The tool has the framework to handle this. It is okay in that sense. From a change management and release management perspective, the product has principles. It is not lacking there, but it needs modernization for complete CI/CD.

It is very good at helping you streamline application compliance and application auditing if you know how to integrate applications. Most IAM programs or projects focus on users and users in groups, but handling single entitlements or a cluster of entitlements is a different board game. However, I cannot say that it is a One Identity problem. One Identity is customizable, and it is equipped to do that. You can do that. It is an investment issue rather than a One Identity issue.

The best feature of this solution is its flexibility to be customized. It is like a framework. You can customize it very far from its core functionality, and it will still work.

The second best thing about the product is that it is rich in concepts of orchestration and event-driven architecture. It works well if you have a development team. For a team that has developers with VB, .NET, or C# skills, it is a very good product.

Another thing that is good about this product is its stability. In general, it is very stable. It does not go down that easily. It does not crash frequently. Especially since version 7 or 8, accessibility has been a very good factor. These are the main aspects that make it one of the best products.

In terms of providing a single platform for enterprise-level administration and governance of users, data, and privileged accounts, One Identity is not yet there. One Identity recently bought OneLogin. They already had Safeguard and One Identity Manager. They have started integrating these three tools. I am also on the customer advisory board (CAB) of One Identity, so I have more insight into these things. I know that they started to integrate OneLogin and One Identity just recently. OneLogin is their access management tool. They use it for authentication and for SSO. It is a competitor for Entra and Okta, whereas Safeguard is competing with CyberArk, Delinea, and BeyondTrust. One Identity has indeed done good integration between their three products. However, the platform is not unified. You still need three URLs, which is not optimal. They are going there, but it will take them time.

The second thing they are not yet good at is their SaaS offering. They are behind in the market. They started with something in Safeguard, but it is a pretty basic offering. It is still a new baby. They have Safeguard On Demand, but it is just a hosted PAM solution. I did PoC for Safeguard twice. This is how I know this, but I have not used it. As PAM, Safeguard is a good product, but it is not a full-featured PAM like CyberArk or BeyondTrust. They are lacking in that aspect.

The integration between One Identity's products is similar to BMC's integration. I used to work with BMC products such as BMC Remedy ten years ago. I used to be an ITSM or Control-M guy. When BMC integrated its products, the integration was not well done. It was like two different entities trying to integrate with each other rather than one company giving you a fully-fledged platform. The same thing is happening with One Identity Manager at the moment. They are selling it as a unified platform, but in my opinion, it is not yet good. It is also not bad. There are things that I can take from it, but there is no complete picture. The problem nowadays is that vendors are getting into each other's areas. For example, CyberArk used to be just a PAM provider, so people would integrate with it, but now, CyberArk wants to do the identity bit. It has now become a competitor for other vendors, so they will stop integrating with it. SailPoint, at some point, stopped integrating with CyberArk. SailPoint and CyberArk's integration was good. This is what is happening in the market or between vendors. All of them are getting into each other's area. If you happen to buy another product from a competitor, you need to integrate it on your own. There is no integration plug-in concept between them. This is a bit hard for companies that already have a PAM and they want to buy a new IGA, for example, or vice versa.

They are trying to shift towards an Angular-based platform for their web portal or for IT Shop. That has been very long overdue because they did not modernize their web portal for almost three versions. They are doing it, but there is no feature parity till version 9.3, which is the upcoming version. This is a problem. For example, data governance is not included in 9.2 if you want to upgrade, but if you do not upgrade, you lose support. They have these issues with the roadmap in general. They give you options, but they are not always the complete options. To me, it seems that this company is going to suffer in the long run.

Another issue is that for admin requests, we have to configure the tool at least in seven different clients, which is unacceptable. We are in 2024, not in 1981 or 1985. Having seven clients for the same tool, or more, is just unheard of. To me, that is a very old design idea. I am on the newest version 9.2, and I am still doing that. To me, that is a big problem as an admin. 

The relationship with the customers is extremely bad. That is not a technical problem. That is a company problem. They tried to fix that, but it seems they failed. They do not have the personnel. They have a hiring problem. They now rely on partners. They are a type of company where the partner is more of a vendor to you as a client rather than the company itself. If you want to pick any solution by One Identity, you need a very strong partner with you. If you do not, you will struggle with this product's adoption, roadmap, vision, and implementation. We struggle a lot as a client. I have been there. I have seen that. It is not easy with them. One Identity is based in Europe. Our account manager at One Identity resigned in May and till now, just to show how bad they are, we do not know who our new account manager is. We are in August.

Their Starling Connect roadmap or flagship is a failure. We had to withdraw from using it with SuccessFactors, for example. It had a lot of stability issues. Now, my understanding is better, but it caused a bad implementation, so we are not using it. They are not investing a lot in enhancing or extending Starling Connect. They are using Starling Connect as a propagation gateway to SaaS apps so that you have One Identity Manager on-prem talking to Starling Connect which is handling all SaaS apps. However, the roadmap for Starling Connect is not clear. Now that they have bought OneLogin, OneLogin can do that as well as an IAM tool. You can now bring any IAM or CIAM tool such as Entra, Okta, or OneLogin. They can be your propagation gateway. OneLogin and Starling Connect are competing products, and they need to unify them. They cannot have both products doing the same thing. When I discussed this with the head of engineering from their side, they were still defending having Starling Connect. I do not understand why because if you have a proper IAM such as Entra or Okta, that is your propagation gateway. That is it. You can do everything you want with it. You can merge the functionality, and that is it. You do not need Starling Connect. To me, this is confusing. You use a propagation gateway like Starling Connect because it has ready plug-ins to connect to SaaS apps and you do not need to create a custom connector every time. If you look at the number of apps that One Identity supports with Starling Connect, there are not more than 50, which is not a lot. There is a big difference when you compare it to Okta Marketplace or Entra Marketplace. You will immediately understand the difference. OneLogin's marketplace is better than Starling Connect, but OneLogin was not a part of One Identity before, so they had their own marketplace. Overall, the Starling Connect roadmap does not make sense to me.

They need to remove the dependency on VB.NET for backend development and they need to unify the front end. If they are selling it as a unified product, they need to give me a unified UX. This is something I have mentioned to Mark Logan himself. This is how ServiceNow won over Remedy. Having a unified UX and being able to turn on or off a feature is better than trying to connect three or four different products with different contracts. To me, the main thing is that they need to modernize their application. Once we do that, making it SaaS is doable.

I have been using this solution since 2018.

It is very stable. I would rate it a nine out of ten for stability.

I would rate it a six out of ten for scalability.

About 25% of the company uses this solution. If the company has 4,000 people, at least 1,000 people use it. It is quite a well-known product. It is not just a niche one. It is a mainstream product. People use it. We have 30 branches all around the world, and all of them use it. We are hosting it centrally in Switzerland.

I use their regular support because their premium support is useless to me. Their support, in general, is useless most of the time.

The main thing that makes this solution stand out as compared to others is the ability to customize it, especially when it is on-prem. It is cheap from a licensing perspective. Once you pay, it is very cheap to operate if you have a good development team. It is also extremely stable. At the backend, it is well-designed. However, it lacks AI. When you go SaaS, you can put AI and all of that stuff, but if you are on-prem, you do not have AI.

It is deployed on-prem. Its deployment is complex.

By design, it is well-engineered. The idea is that the database pushes everything, so you need to focus while updating or installing the database. If the database is installed correctly with schemas, it has DLLs. Whenever you install a client, it distributes to the connecting client, so it is designed with this centric approach. However, sometimes, you end up with situations related to encryption, a missing component, or a missing instruction that you did not account for. 

Recently, I upgraded from version 8 to 9, it took 14 hours of work to do an in-place upgrade. It was not a migration. That is too much. We had a team of five people including developers. It was not easy. It took us two months to do the upgrade. It is always like that because you need to do complete testing. A small problem with One Identity is that they remove a functionality but do not tell you about it, so you need to test. If you are giving me this product that can be customized, I will use the methods that you have. If you change how a method behaves and do not tell me, I get into trouble. Only a very strong partner would know about all this. With a small partner, you will have an issue.

It does not require much maintenance or patching. That is not an issue with One Identity. You do not need to restart it once a month. It is very stable. From time to time, you might have some issues that require a restart but not all the time. It is not like some Java applications that require a restart every month.

On-premises, it is cheap. It is way cheaper than others. The cost of the hosted one varies. They do offer a hosted one, and its cost varies, but it is not that expensive. You have a license for employees and a license for support.

The problem is that people try to compare it with an IAM solution such as Okta or Entra, but they are different products. It should not be compared to them. The only ones you can compare it with are SailPoint or Saviynt. In my head, the rest are not even IGA products. SailPoint is much more expensive to operate than One Identity. If you go SaaS, SailPoint is way more expensive, but that is the whole point of SaaS. SaaS is more expensive anyway.

I would recommend this solution only if you have a very strong partner. Otherwise, do not go close to this solution.

We use One Identity Manager to manage SAP, but in our case, we have connected with CUA, so we have one single point of interface with SAP. That helps a little bit to make the management less complex. If we did not have CUA, we would have had to connect individually. CUA is straightforward. We connect to it. We push through CUA, and we sync everything. We have thousands of roles.

It provides IGA to some extent for the difficult-to-manage aspects of SAP. At the moment, with CUA, we do clients, profiles, etc. They recently added something called behavior-driven governance on SAP. We have not used it, but we can basically check if someone is using his account in SAP or not, and then we can do a user-based access review for his access. We can see what he used within SAP, which is good. We can also do combinations where if we have this role, we should not have that role in SAP, which is very good.

One Identity gives you a lot of features, but you need a proper program to drive it. If you do not know how to use it, you will stay at the basic level. Technically, the product is well-capable, but the caveat is that it is a framework product. You need to have a development team. You cannot just do it with a normal admin. You need a development team for this product.

Versions 9.2 and above have something for assisted approval. I have not used it, but from what I have read, you can see who in the same team has the same access. It will tell you whether it is an anomaly or a common request. The same thing is there for user baseline reviews. That is a good thing.

Overall, I would rate this solution a five out of ten.

The use cases for One Identity Manager include multiple aspects of identity and access management. One of the most interesting features I wanted to utilize was the user's access review, UAR module. The idea was to create a quarterly review process to review the entitlements and the access and controls in place, initially targeted towards Active Directory and later extended to other local systems. One Identity Manager can connect SAP accounts to employee identities under governance. It is possible to map company structures for application provisioning through dynamic application provisioning using role-based access control. Mapping roles to users is a seamless experience that offers a lot of leverage in terms of speed and compliance, making it a very useful feature.

The use cases for One Identity Manager include multiple aspects of identity and access management. One of the most interesting features I wanted to utilize was the user's access review, UAR module. The tool can onboard applications such as SAP, which is standard, and the APIs do not present challenges. One Identity Manager can connect SAP accounts under governance, and mapping roles offers leverage in speed and compliance. This functionality is crucial for compliance and governance.

The tool did not allow beyond a specific level of visibility; it provided visibility at the user level, not at the level of nested entitlements, resulting in an inaccurate depiction from the asset manager's point of view. This necessitated manually inputting data into the One Identity Manager user access review module. When it comes to privileged access management, we need to know who has access to what, which is the central problem we want to solve. However, for One Identity Manager, the visibility could be a lot better, especially given we are dealing with many data visibility products in the market.

Aspects such as reporting and dashboarding could be improved; I've seen tools doing better in those areas. One Identity Manager does not deliver specialized workflows for SAP; it offers very standard workflows. However, there are some modules that can be imported, and certain custom workflows need to be created. 

Customizing the solution for particular needs is very subjective. It does provide a lot of customizability, though there's room for improvement. One Identity Manager helps minimize gaps in governance coverage, but effectiveness depends on the organization. Ultimately, while One Identity Manager can solve problems, the tool must be combined with good people and a sound strategy for maximum effectiveness.

I have used One Identity Manager for more than ten years.

For single-site installations, it performs adequately, however, multi-tenant setups present challenges demanding significant improvements.

For single-site installations, it performs adequately. Multi-tenant setups present challenges demanding significant improvements.

I have contacted their technical and customer support. I consider their support to be very standard, relying on an email-based system. My support engineers have received solutions to their inquiries. However, a tailor-made, dedicated support would significantly enhance user experience, especially for organizations that do not want to wait in queues.

Negative

I would rate the initial setup at a seven out of ten. The reason for this rating is the critical nature of multi-tenant applications; compliance is heavily influenced by multi-tenancy, so a lot of engineering improvements could enhance the product.

Ideally, One Identity Manager as a SaaS tool handles maintenance; however, this depends on the specific maintenance discussed.

I had partners who helped set up the whole process, and they were familiar with implementing the tool. Some were contractors, and they did a pretty good job in terms of delivery, respecting timelines. When I was working with one company, my team was based in Nice, France, consisting of internal employees and contractors. They implemented the solution fairly well. However, I had to provide a lot of unnecessary reporting and overhead when connecting the tool with our production environment, providing data that could compromise internal security despite getting the right approvals. Overall, it was an okay experience with One Identity Manager.

We use multiple tools in tandem for better security. The procurement and licensing process can indeed be complex. My experience was decent, with no major problems during procurement or licensing; it was a mostly seamless experience.

With respect to privileged accounts, I would say One Identity Manager can improve; for privileged accounts, a lot needs improvement, and it is not best practice to depend on one tool. 

One Identity Manager could incorporate dynamic dashboarding to predict attack vectors and compromises.  

I would rate One Identity Manager seven out of ten since it can improve on many aspects.

I was also involved in deploying workflows, and the deployment part was handled by senior developers, especially when dealing with orchestration challenges tied to Kerberos delegation and VM issues.

One Identity Manager was utilized for governance, provisioning, compliance, and audit management. Even though I had limited access to certain parts, such as IGA, it played a critical role in large-scale access management by offering impressive provisioning and deprovisioning systems. It is an intuitive product for users, as I was able to learn and deploy workflows within a timeframe of two months. The documentation it provides was crucial for the learning curve.

In terms of customization, the ecosystem One Identity Manager offers includes a variety of workflows and extensions, although this comes with high costs. It is highly configurable, allowing dynamic application provisioning through process chains involving IAM and IAG related workflows.

One Identity Manager could enhance its trial offering to support custom workflows and VB.NET codes, which would help learners. Improved documentation organization can benefit newcomers, requiring less external searching. A self-check mechanism for file integrity, particularly for missing DLLs, can prevent developer frustrations.

High pricing remains a notable drawback, driving potential clients towards alternate IAM solutions. Additionally, incorporating AI-driven updates could enhance its competitive edge in the evolving market.

I have used the solution for two months from June to August last year.

Regarding stability, I would rate One Identity Manager as 8, 9, 8.

My clients were enterprise level, and I would rate the scalability of One Identity Manager as hyper-scalable, 10.

They had premier support, but I never used any of it.

From what I heard, everyone said that before One Identity Manager, they had many workflows and loopholes. After starting to use it, those issues were addressed, creating a very positive experience for the customer.

Regarding pricing, I find One Identity Manager to be expensive. On a scale where one is cheap and ten is expensive, I would say 10, which is what clients have communicated.

From my experience with other solutions, such as SailPoint, Saviynt, and Omada, the UI is the only aspect where I think One Identity Manager faces challenges. However, I believe One Identity Manager is performing exceptionally well.

I always try to recommend One Identity Manager. The only drawback is the price, which is so high that clients try to use other IAM platforms. However, for those with a good budget, the ecosystem One Identity Manager provides is one of the best.

I highly recommend One Identity Manager. The documentation can be categorized for better learning phases. A self-check for file integrity could help, as a missing DLL once caused frustration.

Several areas for improvement include providing a more elaborate trial version for custom workflows and improving documentation categorization. A self-check mechanism for file integrity would also be beneficial.

I rate One Identity Manager overall as an 8 or 9, with 9 being my final answer.

One Identity Manager serves as our central identity hub. Our main use case is to sync user identity from Active Directory or the HR system and automatically manage access across our applications. User accounts are created automatically in One Identity Manager, and a sync occurs from Active Directory or the HR system. Based on the role, access is assigned or granted, and accounts are created in target systems. No manual work is needed.

The best feature of One Identity Manager is automatic sync, meaning user changes reflect automatically without needing to update multiple systems. It also has multi-system support, working with Active Directory, databases, and cloud applications. One Identity Manager is a very good solution for an enterprise network, providing consistency and accuracy with the same data across all systems and no duplicate users.

The multi-system support and consistency save time and reduce human error. There is no manual user creation on multiple systems, enabling us to onboard users faster than before.

One Identity Manager has positively impacted our organization. It has helped us manage the identity of users from a centralized console, pulling user data from Active Directory, the HR system, and other connected applications. Everything is working well in our organization and really helping our engineers and the users.

We have seen fewer access-related issues with One Identity Manager. The tickets have been reduced by 70 to 80%, and our teams are now able to focus on other things.

The initial deployment of One Identity Manager could be more simplified to make the deployment smoother for the initial phase.

I have been using One Identity Manager for two years.

One Identity Manager is stable.

The scalability of One Identity Manager is good. There is no issue, and everything works centrally.

If we have any technical issues with One Identity Manager, customer support quickly resolves the issues.

From the beginning, we have been using One Identity Manager and did not previously use a different solution.

We have seen a return on investment with One Identity Manager because we do not have to do the manual work. Manual work has been reduced by 70 to 80% compared to before, and onboarding time has also decreased.

My team handles the pricing, setup costs, and licensing.

We did not evaluate other options before choosing One Identity Manager.

One Identity Manager is working well for our organization, and I do not believe there is a need for improvement because it is a really perfect solution.

I highly recommend One Identity Manager because it really helps to onboard users and with the central management of users. This will really help the organization in many aspects and will save time in onboarding, 70 to 80%, and potentially 90% on onboarding or offboarding. No additional IT resources are needed, so I will recommend it highly. I have given One Identity Manager a rating of 10.

One Identity Manager is one of the best identity management software solutions that helps us to govern and secure our organization data and users. It helps to meet uptime requirements, reduce risk, and satisfy compliance by providing our users with access to the necessary data and applications, whether on-premises, hybrid, or in the cloud.

One Identity Manager also allows my organization to extend identity governance beyond on-premises applications to hybrid and SaaS applications, ensuring comprehensive security across all environments.

One Identity Manager has positively impacted my organization as we are now able to disable users immediately from the authoritative source if they leave our organization.

This change has led to measurable improvements, as it has improved efficiency and reduced bottlenecks in the access request process. It has also helped reduce the time required for onboarding cloud applications. Additionally, it has simplified audit processes and ensures compliance with regulatory requirements, and has also ensured proper controls and accountability for privileged accounts.

The best features One Identity Manager offers include audit trace history, provisioning to Active Directory, and web portal, as well as compliance reporting, privileged access governance, self-service access, and attestation.

I find myself using self-service access the most, as it enables our users to request entitlements and group access through a user-friendly shopping cart selection menu, enabling them to easily manage their own access needs and reducing the IT burden on IT help desks. Privileged access governance helps to unify governance by allowing our users to request, provision, and attest to both privileged and user access. This ensures proper controls and accountability for privileged accounts.

One area that One Identity Manager should improve is the web designer, as it is difficult to implement a new form from scratch.

Additionally, more connectors are required, such as ServiceNow, Workday, and many more.

I have been using One Identity Manager for approximately ten years.

One Identity Manager is very stable.

One Identity Manager's scalability is good because it has continued to handle my organization's growth efficiently.

One Identity Manager has very supportive and responsive customer support.

The customer support team is very responsive and proactive.

I previously used Oracle Identity Manager.

I switched from Oracle Identity Manager to One Identity Manager due to cost considerations and also due to security concerns.

I have seen a return on investment since it has helped us to securely manage user access and automate provisioning to any target, whether it is on-premises or in the cloud, thereby saving a lot of time and cost. Furthermore, we have been able to extend our identity governance beyond on-premises applications to hybrid and SaaS applications, which ensures comprehensive security across all environments.

According to my experience, the pricing, setup cost, and licensing of One Identity Manager are very affordable and cost-effective.

Before choosing One Identity Manager, I evaluated other options such as Okta, Windows Server, and self-service reset password management.

One Identity Manager is a great tool that is self-service and very easy to use, and it allows attestation to both privileged and user access. It ensures proper controls and accountability for privileged accounts, simplifies audit processes, and ensures compliance with regulatory requirements. I would rate this product an eight out of ten.

I use One Identity Manager in a few different projects for the Air Force, and I have also used it for the commercial business that I currently work for, covering both government and commercial environments.

I do not use One Identity Manager to help me manage SAP.

I don't use One Identity Manager for IGA regarding the difficult-to-manage aspects of T-codes, profiles, and rules.

I do not use One Identity Manager to extend governance to cloud applications through custom interfaces.

The most valuable aspect of One Identity Manager is how customizable it is compared to alternatives, which is the most obvious and biggest differentiator for me.

I am a strong advocate for One Identity Manager because it provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts. The tool is fantastic for what it does. However, in version eight and below, the UIs to perform all that functionality were terrible and even worse when customizing. The newer version nine is significantly better. I haven't had much experience with the latest version since we are still on version eight, though the UI to manage and perform governance could be better, but I know version nine has definitely improved in this regard.

One Identity Manager has helped me minimize gaps in governance covering test, dev, and production servers. We have two instances of One Identity Manager, and one instance doesn't necessarily allow us to manage test, dev, and prod all together, but separate instances of One Identity do.

One Identity Manager's documentation is something they can improve, and I believe much of this is related to translation since it is a German company. Access to documentation and finding answers on how things work is extraordinarily difficult.

One Identity Manager has not helped application owners or line of business managers make application decisions without involving IT. Regarding the elimination of the help desk's need to govern access to applications because of One Identity Manager, managers can go in and find the roles their employees need and dynamically assign permissions through One Identity Manager. However, I'm uncertain about what is meant by application governance decisions in this context.

One Identity Manager could help me achieve an identity-centric Zero Trust Model, but we haven't necessarily designed it to do so in any of my environments.

I have been using One Identity Manager for approximately eight years.

One Identity Manager is very stable. I haven't seen any major instability such as lagging, crashing, or downtime.

Considering that One Identity Manager runs off a database, as long as you can scale your database, the scalability is great because you can even set up multiple job servers.

I have contacted customer support or technical support for One Identity Manager, mostly because we are trying to customize things and need that next-level engineering support, not because of problems with the product.

The quality and speed of One Identity Manager's support were terrible years ago, but in the last few years it has gotten significantly better. I would rate the support currently as pretty good.

On a scale from one to ten for the support of this product, I would give it a nine. For the support recently, I would say seven.

Positive

The initial deployment of One Identity Manager when I first started was pretty easy with no major hurdles.

The first time I deployed One Identity Manager was eight years ago, which isn't a fair comparison, but regarding the most recent experience, I had it installed in under an hour, though I have also done it a few times.

One person can deploy One Identity Manager, so you don't need an entire team.

One Identity Manager requires pretty straightforward maintenance regarding the installation sustainment. However, for governing the system for a decent-sized corporation, you would want a couple of full-time people to govern all the functions. For day-to-day IT system administration, it doesn't really require much.

I did look into alternatives to One Identity Manager, specifically ForgeRock at one point, and there was something else we looked into, but I cannot remember the name of it.

I would give this product a review rating of nine out of ten.

One Identity Manager is used in our organization to centralize access management across multiple applications and directories. The ability to standardize approval workflows and automate repetitive identity management tasks has been especially useful, which has helped improve operational efficiency and compliance tracking.

One Identity Manager is primarily used for identity lifecycle management, user provisioning, access governance, and automating onboarding and offboarding processes across multiple systems.

For example, when a new employee joins and their record is created in the HR system, a record in One Identity Manager automatically provisions the required accounts and access based on the employee's role and department. Previously, this process was mostly manual and took a lot of coordination between teams. Now it is faster, more consistent, and reduces the chance of missing or incorrect access assignment.

The best features of One Identity Manager are automated user provisioning, role-based access control, and workflow automation. The identity lifecycle management features stand out because they reduce manual work and help maintain consistent access policies. The reporting and compliance capabilities are also appreciated, as they make audits and access reviews much easier for the team.

One major benefit of the reporting and compliance capabilities has been during audit and compliance reviews. With One Identity Manager, access reports can be generated and user permissions tracked much more quickly compared to manual methods. For example, when auditors requested details about privileged account access, the reporting tools helped provide accurate information in less time, improved visibility, reduced manual effort, and made the compliance process more organized for the team.

One Identity Manager's flexibility for integrating with different systems and directories is also appreciated, as it helps manage identities from a centralized platform.

One area where One Identity Manager could improve is the user interface and overall complexity for new administrators because the initial learning curve can be challenging.

The overall user experience and simplification of administration tasks, especially for new users, could be improved. Some configurations and workflows can feel complex during initial setup, and more streamlined documentation, easier customization options, and improved performance for large-scale environments with many integrations would be beneficial.

One challenge the team experienced with One Identity Manager was the amount of time required for initial configuration and troubleshooting in complex environments. Some advanced customization and connector setup required specialized knowledge, which increased dependency on experienced administrators. Better onboarding resources, simplified configuration steps, and more intuitive error handling would make the platform easier to manage for teams.

One Identity Manager has been in use for over one year.

One Identity Manager has been generally stable in our environment.

One Identity Manager scales well in large environments and is capable of handling growing numbers of users, applications, and integrations. The platform has adapted well to the organization's changes and expanding access management requirements. However, as the environment grows, proper planning and experienced administration become more important to maintain performance and manage complexity effectively.

There has been limited direct interaction with the support team for One Identity Manager, but overall, the experience has been positive. The support responses were generally helpful for resolving technical issues and configuration-related questions. In some complex cases, the resolution process could take time due to the platform's depth and customization options.

One Identity Manager was the primary platform implemented for identity and access management in our environment, as a different identity governance solution was not used previously.

Onboarding and access provisioning time has been reduced by approximately forty to fifty percent after implementing One Identity Manager. Tasks that previously took several hours or required multiple manual approvals can now be completed much faster through automation. A reduction in support tickets related to user access issues has also been noticed.

A positive return from using One Identity Manager has been realized through time-saving and operational efficiency, as automation has reduced the workload on the IT and support team.

One Identity Manager is a strong identity governance and administration solution with powerful automation and compliance features, earning a rating of eight out of ten overall. There is still room for improvement in user experience and ease of management.

Advice for organizations considering One Identity Manager would be to invest time in proper planning, architecture design, and administrator training before implementation. The platform is powerful and flexible, but it can become complex in large environments. Having clear identity governance processes is essential to get the most value from the solution.

One Identity Manager's main use case is identity lifecycle management, including creating users, assigning access, modifying roles, and revoking access when users leave.

When a new joiner needs to be onboarded, the system automatically creates their accounts and assigns access based on their role while ensuring compliance. One Identity Manager automates the entire onboarding process, resulting in very little manual work. This includes user creation, role-based access provisioning across systems, policy and compliance checks, and workflow management.

Apart from onboarding, I use One Identity Manager regularly for managing the full identity lifecycle.

The best features of One Identity Manager are mainly around governance and centralized user access.

Several features stand out to me in One Identity Manager. Onboarding and access provisioning are very convenient. Another important feature is centralized access governance, which gives a clear view of who has access to what, which is very useful for security and compliance. The access review and certification feature would also be very useful in One Identity Manager.

One Identity Manager has had a strong positive impact on my organization, especially in terms of security, efficiency, and compliance. Onboarding a new user is now automated with accounts created and access assigned instantly instead of taking hours manually. It has improved overall security, reduced manual work through automation, and made compliance and access review much easier.

One Identity Manager has several areas where it can be improved, including the user interface and usability, performance, setup and complexity, documentation and learning curve, integration, and modernization.

One challenge I faced with One Identity Manager is related to the user interface and navigation. While testing workflows or checking user access, it can take time to find the exact module or setting because the UI has multiple layers and tools. It is powerful but not very intuitive at first.

Apart from what I mentioned earlier, there are several more areas where One Identity Manager can be improved, regarding reporting flexibility, real-time monitoring and alerts, workflow simplification, and cloud-native features.

I have been using One Identity Manager for six months.

In my experience, One Identity Manager has proven to be stable and reliable. It performs consistently with minimal crashes or downtime.

One Identity Manager is highly scalable and built for large enterprise environments. It can handle a growing number of users, systems, and applications without major performance issues.

Customer support for One Identity Manager is generally good, but it can vary depending on the support level. The support team is very knowledgeable and experienced with IAM concepts.

Before One Identity Manager, I was mainly using manual processes and basic directory-based management, such as Microsoft Active Directory. User provisioning and access changes were mostly manual and time-consuming. There was limited visibility into who had access to what. Compliance and audit processes were difficult and required a lot of manual reports. That is why I switched to One Identity Manager.

One Identity Manager is a powerful and feature-rich solution with strong automation and governance, but the complexity, UI, and initial setup prevent it from being a perfect score.

I have definitely seen a return on investment after implementing One Identity Manager, mainly in terms of time saving, reduced manual effort, and improved security. Around 50 to 70 percent reduction in manual efforts has been noticed.

My experience with pricing and licensing for One Identity Manager is that it follows a custom enterprise pricing model.

Before selecting One Identity Manager, I evaluated several other identity governance solutions available in the market, including SailPoint Identity Security, Oracle Identity Governance, and Omada Identity.

For someone considering One Identity Manager, my advice is to focus on planning and process before jumping into implementation. Start with clear requirements and business goals, and define roles, access policies, and workflows before implementation. I have rated this review an eight out of ten.