I use One Identity Manager for all the IAM capabilities in my day-to-day use cases, such as Identity and Access Management.
Works at a comms service provider with 1-10 employees
Offers an intuitive and user-friendly front end, reduces governance coverage gaps, and is highly scalable
Pros and Cons
- "From a technical perspective, One Identity Manager's greatest strength lies in its extensive customization options."
- "One Identity Manager is a complex tool with multiple components and a convoluted backend."
What is our primary use case?
How has it helped my organization?
When initially implemented, One Identity Manager comes with basic modules, but additional ones can be added to encompass data governance, complaints, audits, and more within a single platform. Many organizations limit its use to identity and access management processes, but its potential extends far beyond this, offering broader application and management opportunities. Ultimately, the system's effectiveness depends on how it is managed and implemented within an organization.
From a non-technical perspective, there isn't much customization we could do on the portal apart from seeing whatever our IT admins have given us access to. However, One Identity Manager can be customized heavily on the back end. Customizations are easy because they have a lot of documentation. They have provided extensive documentation. But at times, following the documentation can be a bit difficult. It can help you. For example, if we know the product, we can easily manage everything.
One Identity Manager maps out company structure through its business role feature, which offers dynamic role-sensing capabilities. Unlike other tools, it allows for assigning approvers and managers to business roles, effectively managing multiple access modules under a single umbrella. This functionality is useful for achieving least privileged and role-based access metrics, making it a valuable asset in various use cases.
We have some integration with cloud apps, and One Identity Manager recently introduced Starling Connect, offering several out-of-the-box features. However, current functionalities are limited, so significant customization might require exploring additional API endpoints. The available attributes and tools are sufficient for basic cloud management tasks.
The benefits of implementing One Identity Manager would be immediate as its out-of-the-box configurations can be enabled right away. However, realizing these benefits might take longer if the enterprise requires end-user customizations. In essence, the speed of reaping the advantages depends on whether we utilize the tool's standard features or need to tailor it to specific organizational needs.
One Identity Manager effectively reduces governance coverage gaps across production servers by offering a comprehensive suite of governance-related capabilities. Its built-in transporter tool facilitates seamless migration of changes between environments, eliminating the need for manual configuration or reliance on third-party solutions. Unlike other tools that may require custom integrations or external dependencies, One Identity Manager provides a complete, out-of-the-box solution for managing environment transitions.
One Identity Manager can help establish a privileged governance framework to bridge the security gap between privileged and standard users. The specific capabilities depend on the enabled modules. The privileged access governance module offers advanced features like risk indexing and out-of-the-box support for identifying high-risk identities based on configurable rules or violations. Even without this module, the platform provides customization options for managing privileged users and includes basic risk assessment functionalities.
One Identity Manager can assist in consolidating procurement and licensing, but the extent of its capabilities depends on the target system being managed. While it offers licensing management features for SAP systems, including the ability to fill in gaps, managing licensing for other products requires customizations utilizing Active Directory or Azure Active Directory groups. In these cases, the process differs from the integrated licensing management available for SAP within the One Identity Manager platform.
One Identity Manager simplifies application access decisions by consolidating all entitlements for any integrated system into a single product within the IT department. This unified platform enables efficient access requests, approvals, and multi-level approval workflows, with customization options to manage application entitlements according to specific needs. Additionally, the system's rules can merge multiple access entitlements into a single request, which can be submitted through the front-end portal.
One Identity Manager's ability to streamline application compliance varies depending on the integrated application. Out-of-the-box applications offer built-in compliance capabilities, but third-party tools or custom solutions may be required for those without pre-built connectors. However, compliance functionalities are available for all out-of-the-box target systems.
While One Identity Manager cannot perform a full application audit, it can assess access entitlements and identities within the application.
One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. With appropriate permissions, these managers can establish business roles, assign applications and items, and create corresponding system roles accessible to other organizational users. While this capability exists, most organizations avoid this approach due to the potential for invalidating business roles without proper verification.
Achieving a zero-trust model with One Identity Manager is feasible but heavily reliant on the policies configured within the system. We can effectively establish a zero-trust environment with carefully crafted policies and conditions. However, limiting the tool's use to provisioning, de-provisioning, and data manipulation processes restricts its potential. By fully exploring and leveraging One Identity Manager's capabilities, we can significantly enhance our ability to implement a robust zero-trust model.
What is most valuable?
From a technical perspective, One Identity Manager's greatest strength lies in its extensive customization options. The platform offers a wealth of functionalities and flexibility, allowing us to tailor solutions to meet our organization's specific needs without limitations. This unparalleled adaptability is One Identity Manager's most significant advantage.
What needs improvement?
The end-user interface is intuitive and easy to navigate, making finding information within the portal simple. However, extensive customization can complicate management. From a technical standpoint, the backend is more complex due to managing multiple client tools for various One Identity Manager modules. While these tools interact, their number can overwhelm new users, hindering their ability to effectively understand and utilize the system. The front end is user-friendly, but the back end presents significant challenges.
One Identity Manager is a complex tool with multiple components and a convoluted backend. Its various clients for managing different tasks can confuse IT and non-IT users. Simplifying the tool and streamlining processes would be beneficial. Additionally, while the out-of-the-box connectors are helpful, incomplete support for certain objects hinders efficiency. Providing full support for all objects would enhance the tool's usability.
Buyer's Guide
One Identity Manager
December 2024
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
For how long have I used the solution?
I have been using One Identity Manager for almost four years.
What do I think about the stability of the solution?
We haven't encountered significant stability issues. If we follow the provided documentation, we should not experience multiple problems, and a clean environment is crucial for proper configuration. However, mismanagement of processes or queues can lead to crashes. Ultimately, system stability depends on environment management, deployment, and configuration within the system.
What do I think about the scalability of the solution?
It is highly scalable, supporting both vertical and horizontal scaling. Deployment on orchestration platforms like Kubernetes simplifies management, especially with the right team and capabilities. Kubernetes environments offer significantly easier scaling compared to other solutions.
Which solution did I use previously and why did I switch?
I have experience with Microsoft Identity Manager, Entra ID, and SailPoint Identity Security Cloud. While Microsoft Entra ID and SailPoint are relatively straightforward to manage with uncomplicated backends and easy-to-implement features, One Identity Manager is more complex. Due to its multifaceted functionalities, new users or organizations lacking a deep product understanding might need to reinstall the entire application to enable specific modules. Consequently, many only utilize its basic features instead of fully exploiting its capabilities. In contrast, SailPoint and Microsoft Identity Manager offer simpler installations and SailPoint offers broader compatibility beyond Windows, making it more adaptable to different environments than One Identity Manager.
How was the initial setup?
Product knowledge significantly simplifies One Identity Manager deployment. However, the extensive documentation can pose challenges for newcomers unfamiliar with the product. Unlike concise, step-by-step guides, the current documentation requires navigating a complex structure, potentially leading to confusion. Implementing prerequisite checks and other validations will be necessary to successfully deploy the system, making it a demanding task for those new to One Identity Manager.
What's my experience with pricing, setup cost, and licensing?
In addition to licensing fees, we may incur costs for professional services if product issues or implementation errors arise beyond our control. While a community exists, support can still be challenging. Furthermore, the product is relatively expensive compared to alternatives. Certification costs are also notably higher, requiring mandatory five to six-day training sessions and exams only offered to groups of 15 to 20 people. This contrasts with other products, such as SailPoint, which offer standalone exams for certification seekers.
What other advice do I have?
I would rate One Identity Manager eight out of ten.
Due to its heavy customization, One Identity Manager requires ongoing maintenance, which necessitates a dedicated resource for complete system upkeep. Moreover, significant data inconsistencies within integrated systems can render data management within One Identity Manager a demanding task. Consequently, maintenance is not solely product-specific but primarily data—and process-dependent.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 31, 2024
Flag as inappropriateSolutions architect at a tech services company with 51-200 employees
It's more user-friendly and based on self-service, so the help desk doesn't need to handle all these requests
Pros and Cons
- "One Identity's user interface is excellent. It has a timeline view that shows when a user received access and when access was removed. This provides a solid overview of all the users' activities since they were onboarded."
- "We take screenshots with the time stamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity store the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do."
What is our primary use case?
We use Identity Manager for several things, such as automating our XML process, user provisioning and reprovisioning, and governance-related activities like access reviews and degradation of duties.
Identity Manager sits at the center of the organization. We integrate our systems, like Workday, into other HR systems for employees and contractors. If there are any vendors and customer-related identities, we feed the data from those systems into One Identity. One Identity Manager is configured to the initial access established when someone joins the organization, such as email, Active Directory, desktop logins, timesheets, and common apps that everybody in the organization requires.
We also have request systems in ServiceNow integrated with One Identity Manager on the back end. The request tool goes through ServiceNow, and One Identity creates a notification that a user has requested access to an application. Identity Manager will provision those users on those systems. Some requests are automated and others are semi-automated. When a ticket is opened in ServiceNow, the team will pick up the ticket and work on it. Once they do that, an update comes into the IDM system saying that this user has been granted this access. One Identity Manager is the central book of records or identities and their access levels.
How has it helped my organization?
One Identity Manager has improved our overall user experience by automating processes related to password rests, access requests, and provisioning. This has reduced the number of tickets and help desk calls. It has also decreased the time new employees take to start working. Their laptops and applications are ready to use when they sit at their desks on their first day. We have designed the process so they can spend one or two hours setting things up and starting work.
The solution streamlines application access decisions, compliance, and auditing. One Identity has improved the access request process. It's quicker, and we only need to check the identity management system if there are any issues. The users can go into the system to request roles and see if they've been approved. If they're missing something or don't know what to request, they can look it up in the catalog. It's more user-friendly and based on self-service, so the help desk doesn't need to handle all these requests. Everything is centralized, allowing us to pull all the information we need for regulatory audits quickly.
What is most valuable?
One Identity's user interface is excellent. It has a timeline view that shows when a user received access and when access was removed. This provides a solid overview of all the users' activities since they were onboarded.
Another visualization tool not in the main UI shows the identity in the center and links to the target applications. You can drill down and see the details for those target systems. That is very helpful for us to look up something related to a user quickly.
We use One Identity to manage SAP. We did a lot of customization, integrating the GSA components of SAP. We brought in all those rules, and it wasn't straightforward, but One Identity has some additional support and capabilities for SAP that helped us a bit. We brought all those GSA-related activities in through process changes and some customization.
One Identity is good at automated user provisioning and de-provisioning. The system processes things quickly. We had an issue where we mistakenly disabled nearly 4,000 Active Directory accounts due to a developer error. We had to get those accounts back up again and were pushing the records to AD to make the changes. It was running a bit slowly, but we have a cloud setup, so we bumped the resources, and it handled that load quickly.
The compliance reports are good, and custom reports can be easily generated. One Identity provides separate built-in user roles for auditors, compliance officers, and others. The SOC exemption process and associated reporting are excellent.
It's critical that One Identity extends identity governance to cloud apps because most organizations are hybrid. The cloud is maturing and becoming more affordable. More organizations are shifting from legacy Oracle EBS systems to Microsoft 365 or Salesforce. All these vendors have also picked up cloud offerings and offer them as a managed service or complete service, where we don't have to worry about anything.
What needs improvement?
The interface could be more customizable and developer-friendly. There's a different tool for everything in Identity Manager, so it would help if they could consolidate everything into one or two tools. A developer needs to use three or four tools to do various things, so we need to log in to multiple tools when we make changes. It's a pain if we want to do something quickly, and it's harder for new developers because they have to remember which tool they need for a task. It would shorten the learning curve.
I've worked with two versions of One Identity. The earlier version was heavy on customization. We had mastered that because we were doing customizations. We knew how to change things and had our own SOPs, documentation, etc. In the last year, One Identity changed its UI. That involved a lot of code that is invisible to us, minimizing the amount of customizations we can do. To do some minimal customization, we had to try different things and almost break our dev environment. Once, we had to reset it using the backup because it was not coming up because of all the changes we did. Also, there is no clear documentation
According to feedback from my users, the user experience is more of a mixed bag. Many of my users had problems with the password reset portal. It asks for a CAPTCHA code before they can log in. It's a standard feature, but how the CAPTCHA is displayed isn't user-friendly. People did not like it. We tried to customize and change that as well but had limited options. Aside from that, the normal UI is good, and we have not had much pushback.
While the export and import feature is handy for minimizing gaps in governance coverage, we still need to use separate products like GitHub and other similar tools to maintain consistency between environments. There is nothing built-in to help us maintain configurations across environments. If they come up with something where I can quickly compare both my environments and see the differences, that'll be great.
Identity Manager is good at managing identities, but I don't think it suits privileged accounts. IAM is split into three subdomains: IGA, access management, and PAM. One Identity is sufficient for IGA but cannot handle the others.
The compliance reporting could be improved. One of the key requirements of SOC or any other audit is a snapshot of the system's configuration. The audit requires you to certify that the queries for generating the report have not been changed and that the configuration is the same as it was the day before the audit.
We take screenshots with the timestamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity stores the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do.
For how long have I used the solution?
I have worked on it for around two years.
What do I think about the stability of the solution?
I rate One Identity Manager nine out of 10 for stability.
What do I think about the scalability of the solution?
I rate One Identity Manager seven out of 10 for scalability because the scaling process isn't smooth.
How are customer service and support?
I rate One Identity support eight out of 10. We worked closely with the One Identity team, and they assigned us a dedicated support manager. It has been a positive experience. They quickly resolve issues and help us execute projects faster.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I work as a solution architect, so I've used lots of tools, including the Oracle toolset, NetIQ, and Sailpoint. One Identity is better than Oracle, which has lost market share. Oracle is resource-intensive. You need 16 GB to install the base. Initially, that tool was good, but it became a mess. Oracle is no match for Identity Manager. NetIQ is a lightweight tool suitable for small organizations, but it cannot process things the way Identity Manager can.
Microsoft tools lack One Identity's IGA capabilities, but I would say SailPoint is better because of the number of connectors it has. It's also far easier to operate. Sailpoint's tools are all in one place, and it's more developer-friendly. It's a complete SaaS tool along the same lines as One Identity Manager. We don't have to buy professional services to do anything out of the box, even if it is a minor customization.
How was the initial setup?
One Identity was deployed on the cloud and offered to the customer as a service. On average, it takes three or four months to install One Identity and integrate it with key systems like Active Directory and HR solutions. That includes the time needed to gather requirements and implement them. For the timeline I mentioned, the standard deployment team size is around five to six people.
What was our ROI?
I don't remember the numbers, but we did realize an ROI of about 10 to 15 percent.
What's my experience with pricing, setup cost, and licensing?
One Identity is cost-efficient from a licensing perspective. However, one drawback is that it's expensive on the hardware side for the customer to set up. One Identity's professional services team recommends various components. They lose some of the cost advantage because the hardware is expensive and requires maintenance.
What other advice do I have?
I rate One Identity Manager eight out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Last updated: Jun 16, 2024
Flag as inappropriateBuyer's Guide
One Identity Manager
December 2024
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
IT Systems Manager at a insurance company with 1,001-5,000 employees
Easy access and updates plus offers helpful automation capabilities
Pros and Cons
- "The One Identity birthright process has helped generate user accounts more accurately and quickly."
- "A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly."
What is our primary use case?
One Identity is used to create, sync, and delete accounts automatically across multiple systems. The product allows employees to be managed from our Human Resources system, while consultants and temporary personnel can be managed manually. The system provides automated workflows and birthright assignments for easier management of similar accounts or those in the same department or role.
With the system synchronized with our HR database, new account creations are automated and include an email to managers providing users with their credentials for initial login. Only the hiring manager will receive a copy of the initial username and password, helping further secure this information and have it readily available before the employee begins.
How has it helped my organization?
The automation of employee creation and de-provision has streamlined the process in many areas. For employees, all actions begin in the HR department and flow downstream, keeping all systems synchronized with the same data.
Since the system is tied to our HR database, automation has allowed us to immediately terminate accounts based on employee status instead of waiting for notification from a manager.
Consultant accounts are also set on an automated schedule to send an email if an account isn't used within eight days. The account is also automatically disabled if not used in ten days. This provides additional security by not having accounts enabled but not in use.
What is most valuable?
Several employee data fields are synchronized to Active Directory, providing easy access to other applications (office, address, description, telephone, employee status, etc.). The update process is scheduled and automated to run multiple times a day, so Active Directory is always up to date with different employee data.
The One Identity birthright process has helped generate user accounts more accurately and quickly. Our Service Desk ticketing system is now used to complete user accounts and provide only what isn't common across their department or team.
What needs improvement?
The One Identity system is very modular. The product is similar to an erector set, where you can do the same thing in many ways. While this is great, it also can allow you to set yourself up for failure later. The product does require some level of developer skills, so having the ability to make system changes without being a developer would be a plus.
A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly. It would be helpful to have a tool to more easily find common groups across departments or teams so more groups could be managed in an automated fashion.
For how long have I used the solution?
I've been using the solution for seven years.
What do I think about the stability of the solution?
The One Identity platform has been a stable system that provides consistent results.
What do I think about the scalability of the solution?
This product is extremely scalable. The more development knowledge you have, the more you can do with this tool.
How are customer service and support?
Support has always been responsive and helpful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did use Hitachi IDM. The tool was a first-generation IDM tool and was very difficult to manage.
How was the initial setup?
The initial installation was fairly complex as it is capable of integrating with so many different systems. There isn't an easy wizard to walk through and get you going.
What about the implementation team?
Professional services were used for the initial implementation of the product. We found a different partner for ongoing work and support. Their knowledge of the product is excellent.
What was our ROI?
One Identity, in partnership with our consultant partner, has allowed our company to streamline many processes and save employee time for other important tasks.
What's my experience with pricing, setup cost, and licensing?
I would advise finding and using a development partner for implementation unless you have a dedicated identity management team. Ensure your environment is licensed properly, as One Identity has an active Compliance department.
Which other solutions did I evaluate?
No other products were found worthy of trial when surveying the market at the time.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Apr 30, 2024
Flag as inappropriateContributes to a more secure environment and provides a comprehensive solution for identity and access management
Pros and Cons
- "The most valuable feature of One Identity Manager for me is its Designer tool."
- "The Metamodel is not developer-friendly, and the web designer customization could be simplified."
What is our primary use case?
I have implemented One Identity Manager in banking for research access and education for onboarding diverse users, managing identity lifecycles, and automating processes like account activation and provisioning. It is crucial for securing and streamlining identity management in both sectors.
How has it helped my organization?
One Identity Manager has enabled us to implement an Identity-centric zero-trust model, enhancing our access management system. This has strengthened security by granting users precise and necessary access, contributing to a more robust and secure environment for our company.
What is most valuable?
The most valuable feature of One Identity Manager for me is its Designer tool. This tool allows me to write custom code and provides flexibility to customize and adapt the system to meet specific business objectives.
What needs improvement?
There is some room for improvement with One Identity Manager. The Metamodel is not developer-friendly, and the web designer customization could be simplified. The report editor tool needs an update as its underlying technology is outdated. Additionally, a stronger community portal for quicker support responses would be beneficial.
For how long have I used the solution?
I have been working with One Identity Manager for eight years.
What do I think about the stability of the solution?
I would rate the stability of One Identity Manager as a ten out of ten.
What do I think about the scalability of the solution?
One Identity Manager is suitable for handling up to around five million records, but scalability becomes a challenge with larger datasets, such as over seven million people.
How are customer service and support?
The biggest value of having premium tech support with One Identity Manager is the quick and efficient resolution of issues. However, there have been instances where the support response time could be improved. Overall, I would rate the support as a seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup of One Identity Manager was not overly complex, and the documentation could be more user-friendly with additional visuals. We took the help of a consultant during deployment, involving five people. Maintenance is handled in-house as it is an on-premise solution.
What's my experience with pricing, setup cost, and licensing?
One Identity Manager is affordable.
What other advice do I have?
I appreciate that One Identity Manager is a suite with separate tools for managing and governing users, data, and privileged accounts. I find it beneficial that they have organized functionalities into distinct tools rather than consolidating everything into a single screen.
The user interface of One Identity Manager is intuitive for script writing and configuration, offering flexibility and a clear view of user attributes. However, the web application tool for end-user requests and the reporting tool is less user-friendly, especially for the web designer, which can be complex and not developer-friendly.
I use One Identity Manager to extend governance to cloud apps. This is crucial as cloud migration is widespread, and it is important to seamlessly onboard users and ensure governance on these cloud applications, aligning with the industry trend towards cloud adoption.
Using One Identity Manager, specifically the Safeguard tool, has helped me establish a privileged governance stance to bridge the gaps between privileged users and standard users. It provides a distinct solution for managing both types of users effectively.
One Identity Manager assists in streamlining application access decisions, ensuring application compliance, and conducting thorough application auditing.
One Identity Manager has empowered application owners and line-of-business managers to take charge of application governance decisions independently. The platform provides user-friendly tools, reducing the dependency on the IT team for these processes.
My advice to others is that before purchasing One Identity Manager, assess if it fits your use cases, especially considering the size of your user base. Ensure you have a skilled IT team for maintenance. Engage with the One Identity Manager team, conduct a proof of concept, and validate its suitability for your needs. Overall, I would rate One Identity Manager as a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IAM Engineering Manager at a construction company with 10,001+ employees
Comes with a lot of out-of-the-box features
Pros and Cons
- "We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%."
- "Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions."
What is our primary use case?
We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.
How has it helped my organization?
We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.
One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.
What is most valuable?
One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.
I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.
As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.
What needs improvement?
In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.
One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.
If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.
It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.
For how long have I used the solution?
I have used it for five and a half years.
What do I think about the stability of the solution?
We haven't had any stability issues.
What do I think about the scalability of the solution?
So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.
We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role.
How are customer service and support?
We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues.
Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.
Which solution did I use previously and why did I switch?
Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.
Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.
How was the initial setup?
The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.
The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.
We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.
What about the implementation team?
Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.
It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.
We have had pretty good people on our team so far:
- For deployment, one or two people were needed.
- For maintenance, our team is very small. We have two or two and a half people at all times.
Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.
What's my experience with pricing, setup cost, and licensing?
We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.
Unless you are buying a new connector, you won't need to shell out more money for the solution.
Which other solutions did I evaluate?
My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.
The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.
There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.
What other advice do I have?
This solution should be considered by companies (based on their needs).
The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.
The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.
We connected SAP through a database.
We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.
I would rate this solution as eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Lead Consultant at Wipro Limited
A comprehensive solution that provides a unified view and streamlines operations
Pros and Cons
- "The best part of One Identity Manager is that it provides wholesome features. Most of the things required for identity management are given out of the box in One Identity Manager. You can just define your use cases, take this tool, and right away implement the solution."
- "Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work."
What is our primary use case?
Its main purpose is identity management. It is an IGA tool. The organization where I am currently working is mainly using One Identity Manager for identity management and access control. We are also using it for various types of provisioning such as Azure AD, Exchange Online, or SAP account creations. When we talk about identity management, we also consider the various access recertifications. All those are being carried out as part of One Identity Manager.
How has it helped my organization?
It streamlines operations. Whatever you put in from an identity management perspective, access governance perspective, compliance perspective, or application perspective gets very easily streamlined. You can easily integrate multiple applications because it provides the inbuilt features or the default connectors. You do not have to know how cloud applications or other applications work. One Identity is doing everything. They provide custom connectors. You just get the details of a cloud application and then connect. One Identity by default will manage the things for you. They have inbuilt features, so you just have to study and implement them. In my last organization where I implemented One Identity, we integrated almost 12 SAP applications. It was easy. Once you define the framework, then implementation is very easy. Implementing multiple applications, managing users, and the entire JML lifecycle is streamlined.
We use One Identity Manager to help manage SAP. One Identity provides a connector for SAP. From an enterprise solution perspective, it can be implemented very safely. I have done multiple SAP implementations with One Identity. It provides all the inbuilt functions and everything related to SAP. It is a very good tool to implement SAP for an enterprise. If an employee has multiple SAP accounts or multiple SAP systems, One Identity provides a singular feature where you can have all the SAP accounts listed under an employee. From a management perspective, it can be easily managed. It is very good. It provides a unified view of all the accounts and various systems of SAP. Everything such as the SAP rules, groups, profiles, and access policies can be managed via One Identity, but I am not sure if workflows can also be managed.
One Identity is a complete and wholesome tool for managing any enterprise application. It provides a unified platform to manage everything. When you implement One Identity, you have all the features needed within an enterprise to manage various applications, such as SAP, Active Directory, Exchange Online, etc. From an enterprise perspective, it is wholesome and unified, and it supports everything. It supports the SaaS features, PaaS features, and cloud features.
We use business roles to map company structures for dynamic application provisioning. Normally, when any employee gets onboarded, they need access to certain company resources. You can assign any company resources to any business role, and you can assign that business role to an employee. That employee automatically gets access to the company resources. It is an important feature, and most organizations use the business roles part very frequently.
We are able to extend governance to cloud apps by using One Identity Manager.
One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. For the test environment and the production environment, you have a streamlined approach. The process of transporting from dev to production with One Identity is very smooth. It also provides a transporter tool or feature. You can just pull out the production configurations and put them in a lower environment. It just makes it as similar as production. In that way, the difference in the environments can be minimized. The configurations can be made similar. You do not have to pull the relevant production data. You cannot put it in a lower environment. From this perspective, it streamlines the environment and fills the gap.
It streamlines the application access decisions, application compliance, and application auditing aspects of application governance. It provides various compliance-related features and auditing features. They are inbuilt and very helpful for compliance and audits.
It provides various views. Employees have their own portal for requesting roles or accessing their profiles to see what type of access they have. Similarly, owners have a unified view within the portal for multiple roles, groups, or any resources. They have separate views. They can easily manage things. The views are well segregated within One Identity. There is the product owner's view, the manager's view, the employee's view, and the system administrator's view. There is also the business role owner's view and the call center's owner's view. Everything is well segregated.
What is most valuable?
There are various tools available in the market. The best part of One Identity Manager is that it provides wholesome features. Most of the things required for identity management are given out of the box in One Identity Manager. You can just define your use cases, take this tool, and right away implement the solution. The default features and the default setup are already embedded or built into One Identity Manager. That is what provides One Identity Manager an advantage over other tools where we have to customize things, whereas, in One Identity Manager, most of the things can be done out of the box. On top of that, if something needs to be customized, that can also be done in One Identity Manager. The inbuilt functions or features that One Identity Manager provides for identity management are very good.
I have been working on it for the last six years. It is very good from the user experience perspective.
What needs improvement?
Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work. This is the only thing. There are some gaps in that, but One Identity is trying to bridge those gaps.
For how long have I used the solution?
I have been working with One Identity Manager since 2018. It has been around six years.
What do I think about the stability of the solution?
It is a very stable tool. There is about 80% stability.
What do I think about the scalability of the solution?
It is scalable. I would rate it a ten out of ten in terms of scalability.
In my project, we have around 23 people using it.
How are customer service and support?
We just take the normal support whenever we have any issues. For the premium support, you have to pay a lot.
The support from One Identity is very good. Whenever you reach out to them, they help you out. If you have a license, they have a technical support team. They also have a professional services team if you need any professional support. From the customer service perspective, they are pretty good. You can reach out to them anytime. That is a very flexible option they have.
In terms of documentation, they have everything. They have all the technical documentation and all the details. They also have a user forum where you can post your queries. It is a global forum where experts reply within an hour or two, which is very good. You can reach out to these experts, and they will help you out. The user experience is very good with One Identity.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
In the current organization, we have had One Identity from the very beginning, but I have worked with other products. One Identity is far better than them. Pricing-wise, One Identity is more costly than others, but in terms of features, One Identity provides many features by default. It was not available in other tools. We have to do everything from scratch, whereas you do not have to do that in One Identity.
How was the initial setup?
It is deployed on the cloud. If you want to install One Identity from the very beginning for the cloud application, it will hardly take three months. It can also be done before that. For a huge client, it takes time. For a small client, it can be implemented within two months.
It does require maintenance. From time to time, they have upgrades. They have long-term releases year after year, so it has to be updated. Sometimes, they do a cumulative update to fix many issues.
What about the implementation team?
For upgrades, I am the only one, but when it comes to implementation, we have multiple teams. We have four to five members actively working, and then there are supporting resources.
What was our ROI?
It has saved us about 30% of the time.
What's my experience with pricing, setup cost, and licensing?
It is fairly priced because they provide all the features by default. That is why they charge a bit more than other vendors. I am not sure about the exact cost part, but One Identity is a little bit more expensive than IBM and other tools.
What other advice do I have?
I would definitely recommend implementing One Identity, but you have to understand how One Identity works and how it has been developed. You will be able to easily implement it then.
One Identity is a unified solution, and most of the features are inbuilt. Before you make any customizations, you need to understand how One Identity works. That is a critical bit. Normally, developers have a development mindset. They do not think from the framework perspective, but One Identity has been implemented from a framework perspective. They have designed this solution keeping in mind the needs of enterprises and how enterprises manage their accounts, employees, and applications. You should look at it from the framework perspective and not the customization perspective. However, even if you have to make any customization, it is very easy. You just have to learn .Net and MS SQL. If you understand how One Identity works, implementation and customization are very easy.
Overall, I would rate One Identity Manager an eight out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Consultant at a tech services company with 11-50 employees
Easy to customize with good support and provides default workflows
Pros and Cons
- "The product helps minimize gaps in governance coverage."
- "In the update processes for hotfixes need improvement."
What is our primary use case?
The purpose of the solution is to add customers with identity and access management. We build software for them and configure everything, however, we're more on the consulting side.
How has it helped my organization?
Automation has really helped to improve things. It provides less manual work for creating accounts and providing permissions. It allows for a faster onboarding process. As soon as a person joins a company, it used to take one or two weeks until someone had permission to access everything that they needed to access for the job. With this product, that can be reduced to half a day.
There's now an automatic generation of accounts. There's no human element anymore. It's directly from HR to the Active Directory. There are fewer errors made or no errors. Overall, there are fewer errors, more automation, and faster processes. If someone leaves the company or needs to be deactivated and everything needs to be removed, nothing is forgotten.
What is most valuable?
The customization is an excellent aspect of the solution. You can basically change the product to anything that we need to with most of the code available. Most of the user interfaces can be changed just by the request of the user and our customers. That's very good.
Another very good part is the standard connectors, especially SAP. The integration with SAP and One Identity Manager is just very good. It brings a lot of the standards with it already. There's a lot that has already been done and doesn't have to be configured manually. That's back to the customizability. If the SAP connector or any other connector is not enough, things can be reconfigured.
We use it to manage SAP. From an enterprise view standpoint, we have a full list of all SAP users. It connects all SAP users to the specific employees and we get an enterprise view. The solution connects SAP accounts to employee identities under governance. That is very important. It's one of the most important things we can do - to recertify permissions and recertify the users and also find authentic users that are not used anymore. That is why it's a very important part of governance.
The solution provides some default workflows for creating users, updating permissions, et cetera, however, you can customize beyond that. You can basically do whatever you want all in workflow and processes, automatic processes, et cetera.
It provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts. It allows you to see everything. If you have more than one product, you have a very good overview of everything. The identity manager alone can give an overview of privileged accounts that exist. The overview is very good.
The solution's user experience and intuitiveness are great, especially for the users and administrators. The web interface is very good. It's very easy to use. Most customers change the interface colors and icons and stuff like that to match their own company.
It is easy to customize the solution for our particular needs or for our client's particular needs, depending on what has to be customized. For web interface customization, you need to do some programming. You need to be experienced in web interface programming. However, enterprise processes, workflows, approval, recertification, and calculation of permissions and stuff like that is very easy. It's easy to configure that without much knowledge of the system.
We make use of the solutions business roles to map the company structure for dynamic application provisioning. Business growth is one of the first things that we try to conceptualize with our customers. We can map specific permissions to specific roles and also apply those via dynamic roles automatically to people in specific departments.
We do use the solution to extend governance to cloud apps. This extension of governance to the cloud apps is important. You have to extend the governance to every aspect - not only on-premise, but also cloud. You cannot stop with governance. If you only do governance on half your systems, then that doesn't really make sense. Therefore, it's very important that the solution provides it for the cloud as well.
The product helps minimize gaps in governance coverage. The recertification and access management part can help with that.
It can help consolidate procurement and licensing. None of our customers have needed it until now.
The solution helped enable application owners and managers to make application governance decisions without IT. When the recertification or application access is automated and configured correctly, then the manager automatically gets, for example, every six months, a request on the web interface, which is very easy to understand. It basically explains everything. The user just has to click the green arrow or the red cross to say yes or no to certain access or permissions; it's very easy.
The product helped us achieve an identity-centric zero-trust model. It all comes back to the optimization of different accounts since everything is connected. With this product, you get a 360-degree view of all accounts, et cetera.
What needs improvement?
Items that can be improved in the solution include pricing, integration, support, and analytics.
The update processes for hotfixes need improvement. There are bugs in the system, and even though there are not a lot, there's no information about it until you happen to stumble upon it and then talk to the support, and then the support informs you there has been a hotfix for that for two months. Users need to be informed they exist in advance.
Integrations are basically always able to improve. They can always have more standard connectors, more prepaid workflows, more templates, and stuff like that. That said, with the standard rest API and C-sharp and power share connectors you can basically do everything that you need to do even with stuff that is not supported.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the stability of the solution?
It's very stable. I have never seen it crash or anything like that.
What do I think about the scalability of the solution?
It's very scalable. I've seen the solution operate with millions of users.
How are customer service and support?
I mostly work with premiere support. It offers faster support times. That's important. When we do reach out, it's likely very critical.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have past experience with Microsoft, Omada, and IBM HCI, among others. While I can't speak to the pricing differences, functionality seems to be better with One Identity. It's more customizable and the user interface is very good.
How was the initial setup?
The deployment varies according to what is included in the deployment itself. To get it up and running, it takes about one year.
We have enterprise clients and it's mostly deployed in a high-availability environment, mostly three databases, a web server, and an application server. It mostly starts small with one server and then grows bigger. The same is true with the application side. All of our customers are using Active Directory, Azure Active Directory, or a combination of both. That's the first integration that we start with. Then, we also have, of course, HR data coming in via .CSV or a REST API or starting connector.
We're also implementing standard workflows, and standard processes, and integrating HR data to exchange for emails or anything like that. As soon as the big applications are done, we provide workshops so that the companies can extend the product by themselves.
The solution requires maintenance. There are regular updates provided. We also check regularly if there are any processes or jobs that aren't working anymore. Other than that, there's maintenance maybe once a year. It's not very often.
What's my experience with pricing, setup cost, and licensing?
I'm not too familiar with the pricing.
What other advice do I have?
We're integrators.
I'd advise others to always do a proof of concept for this or any other product they use. However, I would recommend the product to others.
I'd rate the solution nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Lead Solutions Architect at Tieto Sweden AB
There are nearly a thousand built-in processes that you can edit and customize according to your needs
Pros and Cons
- "One Identity is one of the most feature-rich platforms on the market. It covers every use case. The user interface has been improved, making it easier to make it look like what customers want. It's easier to customize than a lot of competition solutions. There are nearly a thousand built-in processes that you can edit and customize according to your needs."
- "I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer."
What is our primary use case?
Our company uses it internally to request access to different customer environments. We use it as a centralized RGA for distributing different kinds of VR-managed service providers.
How has it helped my organization?
When you first deploy One Identity Manager, it feels a bit overwhelming because there are many features, but you quickly get accustomed to the tool and what it does. You start realizing how much automation and the ease of use simplifies your daily work.
It depends on your starting level. If you know how to script a bit and how the target systems work, it's quite easy. I've worked with many tools I didn't understand, but One Identity was clear from the start. It has a good graphical interface and the ability to code XML files.
One Identity helps us to minimize governance coverage gaps between test, dev, and production servers. It provides a holistic overview of everything connected to the system. You can apply for any access you need. It requires approval, but everything else is automated on the back end. A lot is happening that the end users don't see.
It provides privileged identity governance, but when combined with a PAM solution, we get high-level privilege access governance. It helps streamline application procurement and licensing. It also enables us to streamline application-access decisions. The graphical interface lets you draw the process rather than code it. We have multiple approval processes implemented. Once the line of business managers becomes accustomed to it, they like it. It brings accountability. There is no single email here and there, but you can see the implications. No more Excel spreadsheets. You have a portal where you can decide, and it goes forward from there.
What is most valuable?
One Identity is one of the most feature-rich platforms on the market. It covers every use case. The user interface has been improved, making it easier to make it look like what customers want. It's easier to customize than a lot of competition solutions. There are nearly a thousand built-in processes that you can edit and customize according to your needs.
The solution has a graphical synchronization engine program to generate synchronization and provisioning for you. If those aren't enough, you can create your own, which we often do. Our developers can handle that kind of integration quickly. If we have the definitions ready, it usually takes only a day or two.
The ability to extend governance to cloud applications is critical. The Microsoft 365 integrations are particularly important. All the cloud applications are crucial, especially in the Nordic countries, where we have a lot of SaaS applications.
What needs improvement?
I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer.
For how long have I used the solution?
I have used One Identity Manager for 10 years.
What do I think about the stability of the solution?
One Identity is highly stable. It's rare for Identity Manager to crash. It happens periodically, but usually, the problem is in the infrastructure or the network.
What do I think about the scalability of the solution?
One Identity is highly scalable. We have deployed it for environments with 2,000 to 140,000 users. It's capable of scaling for organizations with 500,000 to 1 million users. a
How are customer service and support?
I rate One Identity support nine out of 10. It's good most of the time. As a long-term partner, we don't create tickets that are easy to resolve. We typically go through three support layers before creating a ticket. Those take longer to resolve, but they have resolved everything so far.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
SailPoint is One Indentity's top competitor. I have not used it, but many of my colleagues work on it. It's the only solution that has comparable features.
How was the initial setup?
All the deployment options are available, and partners can create our own deployment through the container. It's easy to deploy. A wizard guides you through the initial installation. The full deployment takes four months to a year, depending on the scope.
You can do it yourself if it's a small environment, but we primarily work in a regulated environment, so we need a team of people for example, testing, approvals, etc.
After deployment, One Identity requires little maintenance, depending on how it's deployed. If it's a cloud-based deployment, everything happens automatically. For an on-prem deployment, someone from the database team has to back up the databases.
What's my experience with pricing, setup cost, and licensing?
You get a lot of bang for your buck with One Identity. It has many features that are included in the standard IGA license. Most people who are considering buying One Identity don't understand how much power is behind it in engines.
What other advice do I have?
I rate One Identity Manager nine out of 10. Before implementing One Identity, you should test it and do a proof of concept. Look at your application portfolio. If you have a lot of Microsoft applications and SaaS, One Identity will be a good fit for your environment.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
Last updated: Sep 2, 2024
Flag as inappropriateBuyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
Microsoft Entra ID
SailPoint Identity Security Cloud
Omada Identity
Fortinet FortiAuthenticator
ForgeRock
Microsoft Identity Manager
Oracle Identity Governance
SAP Identity Management
OneLogin by One Identity
NetIQ Identity Manager
EVOLVEUM midPoint
Symantec Identity Governance and Administration
RSA Identity Governance and Lifecycle
OpenIAM Identity Governance
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which one is best: Quest One Identity Manager or Forgerock Identity Management
- Looking for an Identity and Access Management product for an energy and utility organization
- Which Identity and Access Management solution do you use?
- Sailpoint IdentityIQ vs Oracle identity Governance
- OpenIAM vs Ping identity
- Which is the best legacy IDM solution for SAP GRC?
- What are some tips for effective identity and access management to prevent insider data breaches?
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- How to convince a client that Identity and Access Management (IdAM) is essential for risk elimination?
- What access management tools would you recommend to help with GDPR compliance?