One Identity Manager Reviews

We utilize One Identity Manager for user identity access management and troubleshooting, all founded upon dynamic roles.

I appreciate One Identity Manager as a comprehensive platform for enterprise-level administration. Its centralized approach to identity management eliminates the need to search for or connect to multiple products simultaneously, allowing for efficient and streamlined management of various aspects of identity administration. For instance, while products like Active Roles within One Identity can manage roles, I believe One Identity Manager provides a more cohesive and integrated solution, offering a central hub for all identity-related tasks.

The One Identity Manager is generally intuitive for most users, allowing quick access to all features.

The benefits are almost immediate. Everything we see in the program, the interface, and other tools happens online. With One Identity Manager, we can monitor and manage everything almost instantly in near real-time.

It streamlines application access decisions and application compliance.

One Identity Manager has streamlined our application auditing process. It is an invaluable tool, particularly during implementations or complex projects. Its visual interface and quick user search functionality are indispensable when dealing with real-world scenarios. Although we sometimes utilize other One Identity tools, Manager remains our go-to for the most detailed information. The Manager instantly reflects on any changes, ensuring up-to-date and accurate data.

It empowers application owners and line-of-business managers to make informed governance decisions without IT involvement. As a former identity access management consultant, I found this tool invaluable for helping clients centralize and streamline the management of their applications.

One Identity Manager assists in implementing an identity-centric zero-trust model. This approach, which emphasizes the importance of identity verification, was a cornerstone of my DevOps team's security practices. Zero-trust is crucial because it prevents unauthorized access, even when changes to the application are visible. In such scenarios, trusting no one is essential, as any individual, including threat analysts, system administrators, or consultants, could make modifications. An identity-centric zero-trust model empowers employers to monitor all changes their employees make, ensuring precise accountability.

I greatly appreciate the initial approach provided by One Identity Manager. It's beneficial because we can easily view nearly all the information about our users without extensive searching. Access to users and groups is rapid. For instance, if a user has standard connections, such as Active Directory, LDAP, or SAP integrations, we can readily access information based on their identity. This is a fantastic feature.

The user interface design could be improved, especially during checkout and navigation. The web portal, for instance, can be confusing at times, with buttons and steps not always clearly defined. This can hinder efficient task completion. The portal should include quick guides to assist users, as the descriptions can sometimes be challenging to understand.

I used several cases to ensure consistent governance across test, development, and production servers. While this approach is common with transports and other tools, it's less familiar in One Identity Manager. I found the One Identity Designer more suitable for this task. Therefore, One Identity Manager is not optimal for achieving this goal.

I have been using One Identity Manager for almost seven months.

We experienced stability problems due to One Identity's version updates, which often need more detailed information about changes on their portal. This has forced us to roll back versions multiple times, resulting in service disruptions that lasted up to five hours.

One of the most important aspects of One Identity Manager is its scalability, allowing us to efficiently manage all of our applications in a centralized location.

I have used SailPoint and ForgeRock by Ping Identity. While SailPoint is similar to One Identity Manager, it offers a better approach to both the front and back end. Its overall design is notably more effective.

The initial deployment of One Identity Manager was challenging due to the tight three-day deadline imposed by my company. To ensure a successful implementation, I needed a solid foundational understanding of the system, which proved complex given the intricate schemas involved. These schemas, underlying the One Identity interface, connect to massive tables, making the SQL approach behind them more reliant on a traditional schema structure. One Identity's proprietary schema, however, presents a significant learning curve. Without adequate mentorship or guidance, navigating this complexity could be daunting. A thorough understanding of how the various tables interact and the overall workflow requires at least a month of hands-on experience with the tool.

One person is enough to complete the deployment.

I would rate One Identity Manager eight out of ten. The solution is good but needs more documentation and better descriptive errors.

The One Identity Manager is a good starting point for beginners to customize, but the One Identity Designer offers more flexibility for creating complex automation. While the Manager is simplified and easier to understand, the Designer allows for greater customization. The Manager is sufficient for basic task customization, but for more advanced automation, the Designer is essential.

I use One Identity Manager for all the IAM capabilities in my day-to-day use cases, such as Identity and Access Management.

When initially implemented, One Identity Manager comes with basic modules, but additional ones can be added to encompass data governance, complaints, audits, and more within a single platform. Many organizations limit its use to identity and access management processes, but its potential extends far beyond this, offering broader application and management opportunities. Ultimately, the system's effectiveness depends on how it is managed and implemented within an organization.

From a non-technical perspective, there isn't much customization we could do on the portal apart from seeing whatever our IT admins have given us access to. However, One Identity Manager can be customized heavily on the back end. Customizations are easy because they have a lot of documentation. They have provided extensive documentation. But at times, following the documentation can be a bit difficult. It can help you. For example, if we know the product, we can easily manage everything.

One Identity Manager maps out company structure through its business role feature, which offers dynamic role-sensing capabilities. Unlike other tools, it allows for assigning approvers and managers to business roles, effectively managing multiple access modules under a single umbrella. This functionality is useful for achieving least privileged and role-based access metrics, making it a valuable asset in various use cases.

We have some integration with cloud apps, and One Identity Manager recently introduced Starling Connect, offering several out-of-the-box features. However, current functionalities are limited, so significant customization might require exploring additional API endpoints. The available attributes and tools are sufficient for basic cloud management tasks.

The benefits of implementing One Identity Manager would be immediate as its out-of-the-box configurations can be enabled right away. However, realizing these benefits might take longer if the enterprise requires end-user customizations. In essence, the speed of reaping the advantages depends on whether we utilize the tool's standard features or need to tailor it to specific organizational needs.

One Identity Manager effectively reduces governance coverage gaps across production servers by offering a comprehensive suite of governance-related capabilities. Its built-in transporter tool facilitates seamless migration of changes between environments, eliminating the need for manual configuration or reliance on third-party solutions. Unlike other tools that may require custom integrations or external dependencies, One Identity Manager provides a complete, out-of-the-box solution for managing environment transitions.

One Identity Manager can help establish a privileged governance framework to bridge the security gap between privileged and standard users. The specific capabilities depend on the enabled modules. The privileged access governance module offers advanced features like risk indexing and out-of-the-box support for identifying high-risk identities based on configurable rules or violations. Even without this module, the platform provides customization options for managing privileged users and includes basic risk assessment functionalities.

One Identity Manager can assist in consolidating procurement and licensing, but the extent of its capabilities depends on the target system being managed. While it offers licensing management features for SAP systems, including the ability to fill in gaps, managing licensing for other products requires customizations utilizing Active Directory or Azure Active Directory groups. In these cases, the process differs from the integrated licensing management available for SAP within the One Identity Manager platform.

One Identity Manager simplifies application access decisions by consolidating all entitlements for any integrated system into a single product within the IT department. This unified platform enables efficient access requests, approvals, and multi-level approval workflows, with customization options to manage application entitlements according to specific needs. Additionally, the system's rules can merge multiple access entitlements into a single request, which can be submitted through the front-end portal.

One Identity Manager's ability to streamline application compliance varies depending on the integrated application. Out-of-the-box applications offer built-in compliance capabilities, but third-party tools or custom solutions may be required for those without pre-built connectors. However, compliance functionalities are available for all out-of-the-box target systems.

While One Identity Manager cannot perform a full application audit, it can assess access entitlements and identities within the application.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. With appropriate permissions, these managers can establish business roles, assign applications and items, and create corresponding system roles accessible to other organizational users. While this capability exists, most organizations avoid this approach due to the potential for invalidating business roles without proper verification.

Achieving a zero-trust model with One Identity Manager is feasible but heavily reliant on the policies configured within the system. We can effectively establish a zero-trust environment with carefully crafted policies and conditions. However, limiting the tool's use to provisioning, de-provisioning, and data manipulation processes restricts its potential. By fully exploring and leveraging One Identity Manager's capabilities, we can significantly enhance our ability to implement a robust zero-trust model.

From a technical perspective, One Identity Manager's greatest strength lies in its extensive customization options. The platform offers a wealth of functionalities and flexibility, allowing us to tailor solutions to meet our organization's specific needs without limitations. This unparalleled adaptability is One Identity Manager's most significant advantage.

The end-user interface is intuitive and easy to navigate, making finding information within the portal simple. However, extensive customization can complicate management. From a technical standpoint, the backend is more complex due to managing multiple client tools for various One Identity Manager modules. While these tools interact, their number can overwhelm new users, hindering their ability to effectively understand and utilize the system. The front end is user-friendly, but the back end presents significant challenges.

One Identity Manager is a complex tool with multiple components and a convoluted backend. Its various clients for managing different tasks can confuse IT and non-IT users. Simplifying the tool and streamlining processes would be beneficial. Additionally, while the out-of-the-box connectors are helpful, incomplete support for certain objects hinders efficiency. Providing full support for all objects would enhance the tool's usability.

I have been using One Identity Manager for almost four years.

We haven't encountered significant stability issues. If we follow the provided documentation, we should not experience multiple problems, and a clean environment is crucial for proper configuration. However, mismanagement of processes or queues can lead to crashes. Ultimately, system stability depends on environment management, deployment, and configuration within the system.

It is highly scalable, supporting both vertical and horizontal scaling. Deployment on orchestration platforms like Kubernetes simplifies management, especially with the right team and capabilities. Kubernetes environments offer significantly easier scaling compared to other solutions.

I have experience with Microsoft Identity Manager, Entra ID, and SailPoint Identity Security Cloud. While Microsoft Entra ID and SailPoint are relatively straightforward to manage with uncomplicated backends and easy-to-implement features, One Identity Manager is more complex. Due to its multifaceted functionalities, new users or organizations lacking a deep product understanding might need to reinstall the entire application to enable specific modules. Consequently, many only utilize its basic features instead of fully exploiting its capabilities. In contrast, SailPoint and Microsoft Identity Manager offer simpler installations and SailPoint offers broader compatibility beyond Windows, making it more adaptable to different environments than One Identity Manager.

Product knowledge significantly simplifies One Identity Manager deployment. However, the extensive documentation can pose challenges for newcomers unfamiliar with the product. Unlike concise, step-by-step guides, the current documentation requires navigating a complex structure, potentially leading to confusion. Implementing prerequisite checks and other validations will be necessary to successfully deploy the system, making it a demanding task for those new to One Identity Manager.

In addition to licensing fees, we may incur costs for professional services if product issues or implementation errors arise beyond our control. While a community exists, support can still be challenging. Furthermore, the product is relatively expensive compared to alternatives. Certification costs are also notably higher, requiring mandatory five to six-day training sessions and exams only offered to groups of 15 to 20 people. This contrasts with other products, such as SailPoint, which offer standalone exams for certification seekers.

I would rate One Identity Manager eight out of ten.

Due to its heavy customization, One Identity Manager requires ongoing maintenance, which necessitates a dedicated resource for complete system upkeep. Moreover, significant data inconsistencies within integrated systems can render data management within One Identity Manager a demanding task. Consequently, maintenance is not solely product-specific but primarily data—and process-dependent.

We use Identity Manager for several things, such as automating our XML process, user provisioning and reprovisioning, and governance-related activities like access reviews and degradation of duties.

Identity Manager sits at the center of the organization. We integrate our systems, like Workday, into other HR systems for employees and contractors. If there are any vendors and customer-related identities, we feed the data from those systems into One Identity. One Identity Manager is configured to the initial access established when someone joins the organization, such as email, Active Directory, desktop logins, timesheets, and common apps that everybody in the organization requires.

We also have request systems in ServiceNow integrated with One Identity Manager on the back end. The request tool goes through ServiceNow, and One Identity creates a notification that a user has requested access to an application. Identity Manager will provision those users on those systems. Some requests are automated and others are semi-automated. When a ticket is opened in ServiceNow, the team will pick up the ticket and work on it. Once they do that, an update comes into the IDM system saying that this user has been granted this access. One Identity Manager is the central book of records or identities and their access levels. 

One Identity Manager has improved our overall user experience by automating processes related to password rests, access requests, and provisioning. This has reduced the number of tickets and help desk calls. It has also decreased the time new employees take to start working. Their laptops and applications are ready to use when they sit at their desks on their first day. We have designed the process so they can spend one or two hours setting things up and starting work. 

The solution streamlines application access decisions, compliance, and auditing.  One Identity has improved the access request process. It's quicker, and we only need to check the identity management system if there are any issues. The users can go into the system to request roles and see if they've been approved. If they're missing something or don't know what to request, they can look it up in the catalog. It's more user-friendly and based on self-service, so the help desk doesn't need to handle all these requests. Everything is centralized, allowing us to pull all the information we need for regulatory audits quickly. 

One Identity's user interface is excellent. It has a timeline view that shows when a user received access and when access was removed. This provides a solid overview of all the users' activities since they were onboarded. 

Another visualization tool not in the main UI shows the identity in the center and links to the target applications. You can drill down and see the details for those target systems. That is very helpful for us to look up something related to a user quickly. 

We use One Identity to manage SAP. We did a lot of customization, integrating the GSA components of SAP. We brought in all those rules, and it wasn't straightforward, but One Identity has some additional support and capabilities for SAP that helped us a bit. We brought all those GSA-related activities in through process changes and some customization. 

One Identity is good at automated user provisioning and de-provisioning. The system processes things quickly. We had an issue where we mistakenly disabled nearly 4,000 Active Directory accounts due to a developer error. We had to get those accounts back up again and were pushing the records to AD to make the changes. It was running a bit slowly, but we have a cloud setup, so we bumped the resources, and it handled that load quickly.

The compliance reports are good, and custom reports can be easily generated. One Identity provides separate built-in user roles for auditors, compliance officers, and others. The SOC exemption process and associated reporting are excellent. 

It's critical that One Identity extends identity governance to cloud apps because most organizations are hybrid. The cloud is maturing and becoming more affordable. More organizations are shifting from legacy Oracle EBS systems to Microsoft 365 or Salesforce. All these vendors have also picked up cloud offerings and offer them as a managed service or complete service, where we don't have to worry about anything.

The interface could be more customizable and developer-friendly. There's a different tool for everything in Identity Manager, so it would help if they could consolidate everything into one or two tools. A developer needs to use three or four tools to do various things, so we need to log in to multiple tools when we make changes. It's a pain if we want to do something quickly, and it's harder for new developers because they have to remember which tool they need for a task. It would shorten the learning curve.

I've worked with two versions of One Identity. The earlier version was heavy on customization. We had mastered that because we were doing customizations. We knew how to change things and had our own SOPs, documentation, etc. In the last year, One Identity changed its UI. That involved a lot of code that is invisible to us, minimizing the amount of customizations we can do. To do some minimal customization, we had to try different things and almost break our dev environment. Once, we had to reset it using the backup because it was not coming up because of all the changes we did. Also, there is no clear documentation

According to feedback from my users, the user experience is more of a mixed bag. Many of my users had problems with the password reset portal. It asks for a CAPTCHA code before they can log in. It's a standard feature, but how the CAPTCHA is displayed isn't user-friendly. People did not like it. We tried to customize and change that as well but had limited options. Aside from that, the normal UI is good, and we have not had much pushback.

While the export and import feature is handy for minimizing gaps in governance coverage, we still need to use separate products like GitHub and other similar tools to maintain consistency between environments. There is nothing built-in to help us maintain configurations across environments. If they come up with something where I can quickly compare both my environments and see the differences, that'll be great.

Identity Manager is good at managing identities, but I don't think it suits privileged accounts. IAM is split into three subdomains: IGA, access management, and PAM. One Identity is sufficient for IGA but cannot handle the others. 

The compliance reporting could be improved. One of the key requirements of SOC or any other audit is a snapshot of the system's configuration. The audit requires you to certify that the queries for generating the report have not been changed and that the configuration is the same as it was the day before the audit.  

We take screenshots with the timestamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity stores the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do.

I have worked on it for around two years.

I rate One Identity Manager nine out of 10 for stability.

I rate One Identity Manager seven out of 10 for scalability because the scaling process isn't smooth.

I rate One Identity support eight out of 10. We worked closely with the One Identity team, and they assigned us a dedicated support manager. It has been a positive experience. They quickly resolve issues and help us execute projects faster. 

Positive

I work as a solution architect, so I've used lots of tools, including the Oracle toolset, NetIQ, and Sailpoint. One Identity is better than Oracle, which has lost market share. Oracle is resource-intensive. You need 16 GB to install the base. Initially, that tool was good, but it became a mess. Oracle is no match for Identity Manager. NetIQ is a lightweight tool suitable for small organizations, but it cannot process things the way Identity Manager can. 

Microsoft tools lack One Identity's IGA capabilities, but I would say SailPoint is better because of the number of connectors it has. It's also far easier to operate. Sailpoint's tools are all in one place, and it's more developer-friendly. It's a complete SaaS tool along the same lines as One Identity Manager. We don't have to buy professional services to do anything out of the box, even if it is a minor customization. 

One Identity was deployed on the cloud and offered to the customer as a service. On average, it takes three or four months to install One Identity and integrate it with key systems like Active Directory and HR solutions. That includes the time needed to gather requirements and implement them. For the timeline I mentioned, the standard deployment team size is around five to six people. 

I don't remember the numbers, but we did realize an ROI of about 10 to 15 percent. 

One Identity is cost-efficient from a licensing perspective. However, one drawback is that it's expensive on the hardware side for the customer to set up. One Identity's professional services team recommends various components. They lose some of the cost advantage because the hardware is expensive and requires maintenance. 

I rate One Identity Manager eight out of 10. 

One Identity is used to create, sync, and delete accounts automatically across multiple systems. The product allows employees to be managed from our Human Resources system, while consultants and temporary personnel can be managed manually. The system provides automated workflows and birthright assignments for easier management of similar accounts or those in the same department or role. 

With the system synchronized with our HR database, new account creations are automated and include an email to managers providing users with their credentials for initial login. Only the hiring manager will receive a copy of the initial username and password, helping further secure this information and have it readily available before the employee begins. 

The automation of employee creation and de-provision has streamlined the process in many areas. For employees, all actions begin in the HR department and flow downstream, keeping all systems synchronized with the same data.

Since the system is tied to our HR database, automation has allowed us to immediately terminate accounts based on employee status instead of waiting for notification from a manager.

Consultant accounts are also set on an automated schedule to send an email if an account isn't used within eight days. The account is also automatically disabled if not used in ten days. This provides additional security by not having accounts enabled but not in use.

Several employee data fields are synchronized to Active Directory, providing easy access to other applications (office, address, description, telephone, employee status, etc.). The update process is scheduled and automated to run multiple times a day, so Active Directory is always up to date with different employee data.

The One Identity birthright process has helped generate user accounts more accurately and quickly. Our Service Desk ticketing system is now used to complete user accounts and provide only what isn't common across their department or team. 

The One Identity system is very modular. The product is similar to an erector set, where you can do the same thing in many ways. While this is great, it also can allow you to set yourself up for failure later. The product does require some level of developer skills, so having the ability to make system changes without being a developer would be a plus. 

A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly. It would be helpful to have a tool to more easily find common groups across departments or teams so more groups could be managed in an automated fashion.

I've been using the solution for seven years.

The One Identity platform has been a stable system that provides consistent results. 

This product is extremely scalable. The more development knowledge you have, the more you can do with this tool.

Support has always been responsive and helpful.

Positive

We did use Hitachi IDM. The tool was a first-generation IDM tool and was very difficult to manage.

The initial installation was fairly complex as it is capable of integrating with so many different systems. There isn't an easy wizard to walk through and get you going.

Professional services were used for the initial implementation of the product. We found a different partner for ongoing work and support. Their knowledge of the product is excellent. 

One Identity, in partnership with our consultant partner, has allowed our company to streamline many processes and save employee time for other important tasks. 

I would advise finding and using a development partner for implementation unless you have a dedicated identity management team. Ensure your environment is licensed properly, as One Identity has an active Compliance department. 

No other products were found worthy of trial when surveying the market at the time.

We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.

We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.

One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.

One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.

I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.

As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.

In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.

One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.

If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.

It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.

I have used it for five and a half years.

We haven't had any stability issues.

So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.

We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role. 

We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues. 

Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.

Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.

Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.

The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.

The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.

We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.

Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.

It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.

We have had pretty good people on our team so far:

• For deployment, one or two people were needed. 
• For maintenance, our team is very small. We have two or two and a half people at all times. 

Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.

We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.

Unless you are buying a new connector, you won't need to shell out more money for the solution.

My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.

The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.

There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.

This solution should be considered by companies (based on their needs).

The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.

The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.

We connected SAP through a database.

We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.

I would rate this solution as eight out of 10.

Its main purpose is identity management. It is an IGA tool. The organization where I am currently working is mainly using One Identity Manager for identity management and access control. We are also using it for various types of provisioning such as Azure AD, Exchange Online, or SAP account creations. When we talk about identity management, we also consider the various access recertifications. All those are being carried out as part of One Identity Manager.

It streamlines operations. Whatever you put in from an identity management perspective, access governance perspective, compliance perspective, or application perspective gets very easily streamlined. You can easily integrate multiple applications because it provides the inbuilt features or the default connectors. You do not have to know how cloud applications or other applications work. One Identity is doing everything. They provide custom connectors. You just get the details of a cloud application and then connect. One Identity by default will manage the things for you. They have inbuilt features, so you just have to study and implement them. In my last organization where I implemented One Identity, we integrated almost 12 SAP applications. It was easy. Once you define the framework, then implementation is very easy. Implementing multiple applications, managing users, and the entire JML lifecycle is streamlined.

We use One Identity Manager to help manage SAP. One Identity provides a connector for SAP. From an enterprise solution perspective, it can be implemented very safely. I have done multiple SAP implementations with One Identity. It provides all the inbuilt functions and everything related to SAP. It is a very good tool to implement SAP for an enterprise. If an employee has multiple SAP accounts or multiple SAP systems, One Identity provides a singular feature where you can have all the SAP accounts listed under an employee. From a management perspective, it can be easily managed. It is very good. It provides a unified view of all the accounts and various systems of SAP. Everything such as the SAP rules, groups, profiles, and access policies can be managed via One Identity, but I am not sure if workflows can also be managed.

One Identity is a complete and wholesome tool for managing any enterprise application. It provides a unified platform to manage everything. When you implement One Identity, you have all the features needed within an enterprise to manage various applications, such as SAP, Active Directory, Exchange Online, etc. From an enterprise perspective, it is wholesome and unified, and it supports everything. It supports the SaaS features, PaaS features, and cloud features.

We use business roles to map company structures for dynamic application provisioning. Normally, when any employee gets onboarded, they need access to certain company resources. You can assign any company resources to any business role, and you can assign that business role to an employee. That employee automatically gets access to the company resources. It is an important feature, and most organizations use the business roles part very frequently.

We are able to extend governance to cloud apps by using One Identity Manager.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. For the test environment and the production environment, you have a streamlined approach. The process of transporting from dev to production with One Identity is very smooth. It also provides a transporter tool or feature. You can just pull out the production configurations and put them in a lower environment. It just makes it as similar as production. In that way, the difference in the environments can be minimized. The configurations can be made similar. You do not have to pull the relevant production data. You cannot put it in a lower environment. From this perspective, it streamlines the environment and fills the gap.

It streamlines the application access decisions, application compliance, and application auditing aspects of application governance. It provides various compliance-related features and auditing features. They are inbuilt and very helpful for compliance and audits.

It provides various views. Employees have their own portal for requesting roles or accessing their profiles to see what type of access they have. Similarly, owners have a unified view within the portal for multiple roles, groups, or any resources. They have separate views. They can easily manage things. The views are well segregated within One Identity. There is the product owner's view, the manager's view, the employee's view, and the system administrator's view. There is also the business role owner's view and the call center's owner's view. Everything is well segregated.

There are various tools available in the market. The best part of One Identity Manager is that it provides wholesome features. Most of the things required for identity management are given out of the box in One Identity Manager. You can just define your use cases, take this tool, and right away implement the solution. The default features and the default setup are already embedded or built into One Identity Manager. That is what provides One Identity Manager an advantage over other tools where we have to customize things, whereas, in One Identity Manager, most of the things can be done out of the box. On top of that, if something needs to be customized, that can also be done in One Identity Manager. The inbuilt functions or features that One Identity Manager provides for identity management are very good.

I have been working on it for the last six years. It is very good from the user experience perspective.

Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work. This is the only thing. There are some gaps in that, but One Identity is trying to bridge those gaps.

I have been working with One Identity Manager since 2018. It has been around six years.

It is a very stable tool. There is about 80% stability.

It is scalable. I would rate it a ten out of ten in terms of scalability.

In my project, we have around 23 people using it.

We just take the normal support whenever we have any issues. For the premium support, you have to pay a lot.

The support from One Identity is very good. Whenever you reach out to them, they help you out. If you have a license, they have a technical support team. They also have a professional services team if you need any professional support. From the customer service perspective, they are pretty good. You can reach out to them anytime. That is a very flexible option they have.

In terms of documentation, they have everything. They have all the technical documentation and all the details. They also have a user forum where you can post your queries. It is a global forum where experts reply within an hour or two, which is very good. You can reach out to these experts, and they will help you out. The user experience is very good with One Identity.

Positive

In the current organization, we have had One Identity from the very beginning, but I have worked with other products. One Identity is far better than them. Pricing-wise, One Identity is more costly than others, but in terms of features, One Identity provides many features by default. It was not available in other tools. We have to do everything from scratch, whereas you do not have to do that in One Identity.

It is deployed on the cloud. If you want to install One Identity from the very beginning for the cloud application, it will hardly take three months. It can also be done before that. For a huge client, it takes time. For a small client, it can be implemented within two months.

It does require maintenance. From time to time, they have upgrades. They have long-term releases year after year, so it has to be updated. Sometimes, they do a cumulative update to fix many issues.

For upgrades, I am the only one, but when it comes to implementation, we have multiple teams. We have four to five members actively working, and then there are supporting resources.

It has saved us about 30% of the time.

It is fairly priced because they provide all the features by default. That is why they charge a bit more than other vendors. I am not sure about the exact cost part, but One Identity is a little bit more expensive than IBM and other tools.

I would definitely recommend implementing One Identity, but you have to understand how One Identity works and how it has been developed. You will be able to easily implement it then.

One Identity is a unified solution, and most of the features are inbuilt. Before you make any customizations, you need to understand how One Identity works. That is a critical bit. Normally, developers have a development mindset. They do not think from the framework perspective, but One Identity has been implemented from a framework perspective. They have designed this solution keeping in mind the needs of enterprises and how enterprises manage their accounts, employees, and applications. You should look at it from the framework perspective and not the customization perspective. However, even if you have to make any customization, it is very easy. You just have to learn .Net and MS SQL. If you understand how One Identity works, implementation and customization are very easy.

Overall, I would rate One Identity Manager an eight out of ten. 

The purpose of the solution is to add customers with identity and access management. We build software for them and configure everything, however, we're more on the consulting side. 

Automation has really helped to improve things. It provides less manual work for creating accounts and providing permissions. It allows for a faster onboarding process. As soon as a person joins a company, it used to take one or two weeks until someone had permission to access everything that they needed to access for the job. With this product, that can be reduced to half a day. 

There's now an automatic generation of accounts. There's no human element anymore. It's directly from HR to the Active Directory. There are fewer errors made or no errors. Overall, there are fewer errors, more automation, and faster processes. If someone leaves the company or needs to be deactivated and everything needs to be removed, nothing is forgotten. 

The customization is an excellent aspect of the solution. You can basically change the product to anything that we need to with most of the code available. Most of the user interfaces can be changed just by the request of the user and our customers. That's very good. 

Another very good part is the standard connectors, especially SAP. The integration with SAP and One Identity Manager is just very good. It brings a lot of the standards with it already. There's a lot that has already been done and doesn't have to be configured manually. That's back to the customizability. If the SAP connector or any other connector is not enough, things can be reconfigured. 

We use it to manage SAP. From an enterprise view standpoint, we have a full list of all SAP users. It connects all SAP users to the specific employees and we get an enterprise view. The solution connects SAP accounts to employee identities under governance. That is very important. It's one of the most important things we can do - to recertify permissions and recertify the users and also find authentic users that are not used anymore. That is why it's a very important part of governance.

The solution provides some default workflows for creating users, updating permissions, et cetera, however, you can customize beyond that. You can basically do whatever you want all in workflow and processes, automatic processes, et cetera. 

It provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts. It allows you to see everything. If you have more than one product, you have a very good overview of everything. The identity manager alone can give an overview of privileged accounts that exist. The overview is very good. 

The solution's user experience and intuitiveness are great, especially for the users and administrators. The web interface is very good. It's very easy to use. Most customers change the interface colors and icons and stuff like that to match their own company. 

It is easy to customize the solution for our particular needs or for our client's particular needs, depending on what has to be customized. For web interface customization, you need to do some programming. You need to be experienced in web interface programming. However, enterprise processes, workflows, approval, recertification, and calculation of permissions and stuff like that is very easy. It's easy to configure that without much knowledge of the system. 

We make use of the solutions business roles to map the company structure for dynamic application provisioning. Business growth is one of the first things that we try to conceptualize with our customers. We can map specific permissions to specific roles and also apply those via dynamic roles automatically to people in specific departments.

We do use the solution to extend governance to cloud apps. This extension of governance to the cloud apps is important. You have to extend the governance to every aspect - not only on-premise, but also cloud. You cannot stop with governance. If you only do governance on half your systems, then that doesn't really make sense. Therefore, it's very important that the solution provides it for the cloud as well.

The product helps minimize gaps in governance coverage. The recertification and access management part can help with that.

It can help consolidate procurement and licensing. None of our customers have needed it until now. 

The solution helped enable application owners and managers to make application governance decisions without IT. When the recertification or application access is automated and configured correctly, then the manager automatically gets, for example, every six months, a request on the web interface, which is very easy to understand. It basically explains everything. The user just has to click the green arrow or the red cross to say yes or no to certain access or permissions; it's very easy.

The product helped us achieve an identity-centric zero-trust model. It all comes back to the optimization of different accounts since everything is connected. With this product, you get a 360-degree view of all accounts, et cetera. 

Items that can be improved in the solution include pricing, integration, support, and analytics.

The update processes for hotfixes need improvement. There are bugs in the system, and even though there are not a lot, there's no information about it until you happen to stumble upon it and then talk to the support, and then the support informs you there has been a hotfix for that for two months. Users need to be informed they exist in advance. 

Integrations are basically always able to improve. They can always have more standard connectors, more prepaid workflows, more templates, and stuff like that. That said, with the standard rest API and C-sharp and power share connectors you can basically do everything that you need to do even with stuff that is not supported.

I've been using the solution for three years. 

It's very stable. I have never seen it crash or anything like that.

It's very scalable. I've seen the solution operate with millions of users. 

I mostly work with premiere support. It offers faster support times. That's important. When we do reach out, it's likely very critical. 

Positive

I have past experience with Microsoft, Omada, and IBM HCI, among others. While I can't speak to the pricing differences, functionality seems to be better with One Identity. It's more customizable and the user interface is very good.  

The deployment varies according to what is included in the deployment itself. To get it up and running, it takes about one year. 

We have enterprise clients and it's mostly deployed in a high-availability environment, mostly three databases, a web server, and an application server. It mostly starts small with one server and then grows bigger. The same is true with the application side. All of our customers are using Active Directory, Azure Active Directory, or a combination of both. That's the first integration that we start with. Then, we also have, of course, HR data coming in via .CSV or a REST API or starting connector. 

We're also implementing standard workflows, and standard processes, and integrating HR data to exchange for emails or anything like that. As soon as the big applications are done, we provide workshops so that the companies can extend the product by themselves.

The solution requires maintenance. There are regular updates provided. We also check regularly if there are any processes or jobs that aren't working anymore. Other than that, there's maintenance maybe once a year. It's not very often.

I'm not too familiar with the pricing.

We're integrators.

I'd advise others to always do a proof of concept for this or any other product they use. However, I would recommend the product to others. 

I'd rate the solution nine out of ten.

Our company uses it internally to request access to different customer environments. We use it as a centralized RGA for distributing different kinds of VR-managed service providers.

When you first deploy One Identity Manager, it feels a bit overwhelming because there are many features, but you quickly get accustomed to the tool and what it does. You start realizing how much automation and the ease of use simplifies your daily work. 

It depends on your starting level. If you know how to script a bit and how the target systems work, it's quite easy. I've worked with many tools I didn't understand, but One Identity was clear from the start. It has a good graphical interface and the ability to code XML files. 

One Identity helps us to minimize governance coverage gaps between test, dev, and production servers. It provides a holistic overview of everything connected to the system. You can apply for any access you need. It requires approval, but everything else is automated on the back end. A lot is happening that the end users don't see. 

It provides privileged identity governance, but when combined with a PAM solution, we get high-level privilege access governance. It helps streamline application procurement and licensing. It also enables us to streamline application-access decisions. The graphical interface lets you draw the process rather than code it. We have multiple approval processes implemented. Once the line of business managers becomes accustomed to it, they like it. It brings accountability. There is no single email here and there, but you can see the implications. No more Excel spreadsheets. You have a portal where you can decide, and it goes forward from there.

One Identity is one of the most feature-rich platforms on the market. It covers every use case. The user interface has been improved, making it easier to make it look like what customers want. It's easier to customize than a lot of competition solutions. There are nearly a thousand built-in processes that you can edit and customize according to your needs. 

The solution has a graphical synchronization engine program to generate synchronization and provisioning for you. If those aren't enough, you can create your own, which we often do. Our developers can handle that kind of integration quickly. If we have the definitions ready, it usually takes only a day or two.

The ability to extend governance to cloud applications is critical. The Microsoft 365 integrations are particularly important. All the cloud applications are crucial, especially in the Nordic countries, where we have a lot of SaaS applications.

I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer. 

I have used One Identity Manager for 10 years.

One Identity is highly stable. It's rare for Identity Manager to crash. It happens periodically, but usually, the problem is in the infrastructure or the network. 

One Identity is highly scalable. We have deployed it for environments with 2,000 to 140,000 users. It's capable of scaling for organizations with  500,000 to 1 million users. a

I rate One Identity support nine out of 10. It's good most of the time. As a long-term partner, we don't create tickets that are easy to resolve. We typically go through three support layers before creating a ticket. Those take longer to resolve, but they have resolved everything so far. 

Positive

SailPoint is One Indentity's top competitor. I have not used it, but many of my colleagues work on it. It's the only solution that has comparable features. 

All the deployment options are available, and partners can create our own deployment through the container. It's easy to deploy. A wizard guides you through the initial installation. The full deployment takes four months to a year, depending on the scope. 

You can do it yourself if it's a small environment, but we primarily work in a regulated environment, so we need a team of people for example, testing, approvals, etc. 

After deployment, One Identity requires little maintenance, depending on how it's deployed. If it's a cloud-based deployment, everything happens automatically. For an on-prem deployment, someone from the database team has to back up the databases.

You get a lot of bang for your buck with One Identity. It has many features that are included in the standard IGA license. Most people who are considering buying One Identity don't understand how much power is behind it in engines.

I rate One Identity Manager nine out of 10. Before implementing One Identity, you should test it and do a proof of concept. Look at your application portfolio. If you have a lot of Microsoft applications and SaaS, One Identity will be a good fit for your environment.