One Identity Manager Reviews

We provide IT services for several European clients, so their individual use cases vary. For example, one is a research center in Sweden. 

One Identity Manager helps minimize gaps in governance coverage. The privilege governance feature enables us to close the security gap between privileged users and standard users, positively affecting our overall operations.

One Identity Manager is user-friendly and easy to customize. One Identity's business roles enable me to map company structures for dynamic application provisioning, which is fairly important.

The user interface needs to improve.

I have used One Identity Manager for about five years. 

I rate One Identity technical support six out of 10. 

Neutral

I rate One Identity Manager seven out of 10.

We use the solution for the management of identity and access identity, mostly for our employees.

It really helps in application access decisions, application compliance, and application auditing. That is what we mainly use it for: to have governance and compliance.

The solution has helped application owners make application governance decisions without IT. That's how we configured it. That has been a positive effect.

There are a lot of valuable features, including connectors, attestations, and workflow.

For the governance of users, data, and privileged accounts, it's really strong. It's really good, a 10 out of 10.

We also make use of its business roles to map company structures for dynamic application provisioning. That aspect is super important.

It has problems with performance. This is a very serious issue for us. Other than that, it's really capable. The performance is what is missing. It's really poor.

A second problem is the visibility in the search functionality. You don't have flexible search capabilities when you look for either roles or users. You cannot use multiple attributes. The search fields are very limited and that definitely needs improvement.

Also, the interface is really old. From that perspective, it's a six out of 10.

Another issue is that it is really difficult to customize it to our needs. If "10" is super-difficult, I would rate the customization at eight. When it comes to the options, it is super flexible. From that perspective, it is really strong.

I have been using One Identity Manager for almost two years.

It's a stable solution.

So far, it has been scalable when it comes to connecting new systems. When it comes to the performance of the tool, as I mentioned, if you want to have multiple users using it at the same time, it really lacks scalability.

We currently have around 60,000 users of the solution.

I believe we use Premier Support. To be perfectly honest, we were not very happy about Premier Support, and it was escalated.

The answer we usually get is that something will be fixed in the next release, or the release after that. Sometimes they help, but most of the problems are not solved.

Neutral

We had a previous solution, RSA, previously known as Aveksa, but it was not scalable enough for our needs, and it had internal bugs and problems.

We upgraded to One Identity mainly for the connectors. Because of the performance, we're struggling a little bit with One Identity. Other than that, it gives us what we need.

Taking into account our requirements, the deployment had to be complex because we're a complex organization. In general, we have one central solution that is delivered to the entire organization. We operate in a tenant model where particular entities can manage their scopes of applications and roles.

We were super-fast in the deployment. It took us about one and a half years. But we migrated the previous solution into One Identity, so we had already built most of the structures. We also had the connectors and definitions.

We had 10 to 14 people involved.

There is a lot of maintenance, including patching, upgrading versions, implementing improvements, and building new functionalities. It includes the whole life cycle.

I don't have access to how much we pay for licenses. That usually depends on how the company negotiates. But I believe the pricing is fair.

We recently started connecting One Identity Manager to SAP. I'm not an expert on SAP, but it's not the main system that we're interested in. One Identity Manager connects SAP accounts to employees' identities under governance, but it's just in one of the countries where we operate, and it's not even the biggest one that is using SAP. It's critical for them, but our entire company is not based on SAP.

If you configure One Identity Manager and use it properly, it helps minimize holes in data coverage for test, dev, and production servers. But it usually depends on the coverage.

In terms of Zero Trust, that requires a lot of more things, not only One Identity Manager, and we don't use other products from them.

The performance problems are a pain point, but if I compare it to not having the solution in place, it really has a positive impact. One Identity Manager really can help you, but compared to our previous process, because of the performance issues, it is actually a little down from what we had before.

Overall, I would definitely recommend One Identity Manager because we were struggling previously with our other solution, which was a little bit worse.

I work as a tester and qualitative analyst for a German client. They use One Identity Manager for identity management, which connects to various downstream applications such as SAP, DLCM, and RSA Archer. This requires numerous connectors, including Azure Active Directory and Microsoft Active Directory. Additionally, we create custom records from SuccessFactors using its integration with One Identity Manager. We sync data from SuccessFactors to create personal accounts and provision user accounts. We also create external identities for all vendors. Furthermore, we use One Identity Manager for reporting and auditing purposes.

We deployed One Identity Manager using a hybrid model through a CI/CD pipeline.

We can create, modify, use, and delete business roles directly from the web shop. Users can request and manage their business roles and entitlements, and we utilize them for our purposes.

We have recently migrated several applications, including RSA, DLCM, Majesco, and ServiceNow, from their native apps to the end-user environment. Previously, these applications were connected to LDAP, and before that, VLCM. We have now transitioned them to cloud-based Starling and CSM connectors, which are currently being used. In total, we have approximately four to five applications running on the One Identity Manager cloud service, utilizing these Starling connectors. It is helpful to have this extension of governance in the cloud.

We recently onboarded a new company using our Angular Web Shop. This is a new Angular-based Web Shop released by One Identity Manager. We've begun implementing Angular for this new company as a pilot application, and the front end has been very intuitive. We've tested the Manager, designer, and object browser for back-end operations, finding them easy to use. The object browser allows direct querying of results, and the designer is efficient in modifying configuration schedules. I've exclusively used One Identity Manager for the past five years and found it to be a good fit for our needs.

For privileged user requests, we require dual approval, with both the manager and application owner sign-off. Also, we conduct attestation reviews every six months to make sure that we have continued authorization. We implement two-factor authentication to enhance security using tools like MF Authenticator for all privilege access management. This requires users to provide an OTP upon login. For password storage and management, we utilize CyberArk's GPAM solution. Access to sensitive information is restricted to authorized users and is regularly reviewed to maintain security.

One Identity Manager assists in streamlining application access decisions, compliance, and auditing. As a financial organization, we have been leveraging One Identity Manager to audit various aspects of our operations. We use Power BI as a reporting tool to monitor current user access, access levels, testing dates, role assignments, and other relevant information. One Identity Manager effectively supports both access governance and reporting.

The automated provisioning feature streamlines user access by dynamically assigning roles and privileges based on user attributes like location and role. For example, a user with a manager role or from a specific location will automatically gain access to the system, eliminating the need for manual requests. This dynamic role conditioning runs daily, ensuring users receive appropriate access based on their current attributes. However, users or their managers must still submit requests through the web shop for additional privileges. If a manager requests on behalf of a user, the request is typically auto-approved within a few minutes due to the manager's authority. The system verifies that the requester is the recipient's manager before granting automatic approval, further streamlining the process.

The One Identity Manager's user-friendly interface allows for easy external identities and user account creation. To request a new account, we can just navigate to the appropriate section and provide the necessary information. Existing identities can also be managed through this platform by requesting entitlements. This streamlined process eliminates manual intervention and ensures efficient account management.

One Identity Manager's slow loading speed has been a recurring issue for users. This is likely due to the overwhelming number of entitlements, nearly 100,000 associated with the products. The high load is further exacerbated by the simultaneous access of thousands of users during peak times. To address this, we have implemented measures such as increasing server RAM, but the underlying issue of product-related entitlements remains a contributing factor.

While out-of-the-box features are typically user-friendly, our clients' customized user account creation and the added complexities of sub-entities and account sub-entities have made it challenging to leverage these features effectively. We plan to phase out these customizations and revert to a more standard configuration to streamline our processes and reduce long-term maintenance costs. Unfortunately, this transition has temporarily limited the availability of certain out-of-the-box functionalities. Furthermore, the extensive testing for our customized system is time-consuming and resource-intensive, as numerous scenarios must be evaluated to identify potential bugs.

The user interface of our web shop, which customers interact with directly, needs improvement. The front end's speed could also be enhanced. This might be related to the infrastructure of our client systems, but I need clarification. Regardless, the front end, which is the customers' primary point of contact, should be redesigned and optimized for a better user experience.

I have been using One Identity Manager for five years.

The backend tool occasionally experienced slowness due to the servers we used. Since 2012, we have been using outdated Microsoft SQL servers. However, last month, we upgraded these servers to the 2022 version. As a result, the tool's performance has significantly improved. Our client has used One Identity Manager for 14 years with no significant stability issues.

I would rate the stability nine out of ten.

One Identity Manager has demonstrated exceptional scalability in our organization. Despite initially lacking applications for DLC and relying on LDAP, our seamless migration to the cloud was a testament to its adaptability. We've successfully integrated over 200 SAP applications into Identity Manager, ensuring smooth operation without significant issues. This ongoing scalability, evident from day one, has allowed us to manage and secure our growing identity infrastructure effectively.

I would rate the scalability nine out of ten.

The deployment is straightforward. Our team consists of eight developers, including leads and team leads. We are organized into two separate development teams. One team focuses on developing new features and connectors, while the other enhances existing connectors and addresses product bugs. Each team has core developers and two leads. Additionally, we have an architect, a solution architect, and a business architect. For operations, we have a team of 12, and our testing team has eight members. Our IT department includes approximately 30 people, encompassing development, operations, and testing.

I would rate One Identity Manager nine out of ten.

We have 33,000 users for our clients.

One Identity Manager requires minimal maintenance. We upgrade it from the previous version when a major update is released every two years, and minor updates are released annually. To ensure continued support, we must upgrade our client's installation every two years to the latest version. This aligns with the manufacturer's support policy, which is limited to the current and previous major releases.

I recommend One Identity Manager to others due to its user-friendly interface. Although it may occasionally experience loading delays, its underlying infrastructure ultimately determines its performance. We have significantly improved its speed and reliability by upgrading from 2012 to 2022 servers. Additionally, the tick lines we use for operations, governance, subject matter experts, and backend operators are invaluable for managing the system efficiently. With them, managing One Identity Manager would be considerably more manageable. We utilize tick lines and desktop applications for operations and development, while front-end users benefit from the intuitive UI. Both interfaces are highly effective for their respective purposes.

One Identity Manager can handle all identity use cases.

It's easy to integrate SAP with One Identity. SAP has different modules, and you can manage users through the One Identity interface. Integrating through a stream connector is simple. 

It's role-based access control, and you can manage it. It's perfect for our customer's governance control. One of my customers is using One Identity's PAM solution. It is a separate component and licensing model.

One Identity should open the market with accessible training material and content so that more developers can be available. They have to improve their marketing strategy, partners, and vendors. One Identity should be attracting engineers to learn their product and get certified. They should have strong forums. They could have a certification program where any engineer can get certified. However, their overall approach is complex, which I do not prefer.

The platform isn't very intuitive like the others, but One Identity Manager has migrated their review scripting to the Angular framework, so now it's good, and they're competing with others from the UI perspective.

One Identity Manager is a little complex from a development perspective. If you compare it to SailPoint, it is easy, but One Identity Manager has so many separate components that it is quite complex for development. And sometimes, we have seen some performance issues.

I have used One Identity Manager for more than 10 years. 

I rate One Identity Manager eight out of 10 for stability. 

One Identity is scalable.

One Identity must improve its support because they have a very limited pool of engineers, and they're often occupied. 

I have used SailPoint.

I rate One Identity seven out of 10 for affordability. It's reasonably priced. 

I rate One Identity Manager eight out of 10. It's more suitable for the enterprise level. I wouldn't recommend it for small or medium-sized enterprises. 

In terms of the use case, the traditional use case related to IAM is to synchronize the accounts to the user ID.

Most of the time, we connect it to Active Directory, Azure AD, SAP One, and one or two other systems at the first stage of the project. At the next stage, we start to integrate it with other systems.

My company is an integrator and a partner. I am not the final customer. I deliver solutions to our customers. I also have other solutions in my portfolio, but my strength is Identity Management.

One Identity Manager delivers SAP-specialized workflows and business logic.

It provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts.

The user interface is not a big problem nowadays. About 10 years ago, it could have been a problem, but now, it is easy to do proper localization in Portuguese, Brazilian Portuguese, and Spanish. We have multiple language support. Of course, it is not yet 100%.

When it comes to customization, we need to model the business rules for customers. Every customer has different business rules. For a similar use case, you can have different business rules. I split the ability to model that into two categories. There is the ability to do the parameterization, and there is the ability to do customization with coding, which can have some risks.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers.

It also helps to create a privileged governance stance to close the security gap between privileged users and standard users.

One Identity Manager helps consolidate procurement and licensing. One of the valuable use cases that this solution provides is to take care of the licensing for some of the applications.

One Identity Manager helps streamline the following aspects of application governance: a) application access decisions; b) application compliance; and c) application auditing. We can deliver a use case where when a user requests access, the user may receive a warning that the access being requested conflicts with some other access that the user may already have. We can now model the SOD rules to validate a request when it is made. It is very important to be able to use One Identity Manager to do this kind of validation at the time of the request.

One Identity Manager enables application owners or line-of-business managers to make application governance decisions without IT. We can model that kind of personas, participate in the process, and make some decisions in the workflow process.

One Identity Manager helps to achieve an identity-centric Zero Trust model. That is a very strong use case of One Identity Manager. They claim that they are the only vendor that can deliver the Zero Trust model or Zero Trust architecture for identity, but I do not know if they are the only vendor.

One Identity Manager connects SAP accounts to employee identities under governance. The connector from One Identity for SAP is the most powerful one in the market. This connector can touch all the levels of the objects in SAP. It can not only be connected to SAP ERP but also to SAP HANA, GRC, etc. One of the strengths of One Identity Manager is the SAP connector. You can touch a lot of the SAP environment and also have deep granularity.

It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side. There can be more documented templates where you can take a piece of code and deliver a specific use case. I cannot find that in the documentation. Sometimes, you can go to the community, and sometimes, you have to use their support.

If you implement it properly and finetune it, it is very stable.

I have used their Premier Support. It is called PSO. It is very easy to book an appointment. You can use the calendar to find a slot. You can take half an hour or one hour. Once you are connected, the guy knows it is very important. Based on my experience, they were able to provide the resolution and tell me about the button that I needed to hit and what I needed to do. At that time, I asked them why it was not documented, and the answer from the PSO was that for specific matters, they wanted us to contact PSO. 

I prefer not to involve PSO because the prices are huge. We try to avoid it. When I need to involve PSO, it adds value, but it is very expensive. Whenever I involved PSO, I got the answers I needed within the time in which I needed the answers. I would rate them a ten out of ten.

Premier Support has not been an influence in purchasing additional licenses or products from the vendor.

Positive

I never implemented the SaaS model because of the pricing. My experience is for on-prem.

Its implementation is easy for me, but it is very complex for those who are doing it the first time. It is not straightforward. They do provide documentation, but it is not easy. I usually build my documentation and enable my team. After that, it is easy.

For its implementation, one project manager and two more people are required. One is senior, and the other one is of intermediate experience. Sometimes, developers are also required for customization.

We licensed it from a distributor. In Brazil, it is not possible to directly license One Identity. The distributor's name is ADISTEC. We did not take their help with implementation. We implemented it ourselves. They help me with other solutions but not with One Identity because it is very specific. In Brazil specifically, I do not have resources to help me with implementation. Quest in Brazil has a structure only for commercials. They do help with presale but for implementation, I do not have any kind of help. I usually take the help of the YouTube channel, the official documentation, and the community. We are pretty much doing everything ourselves.

The maintenance usually involves changing the logic, roles, or workflows. After the sign-off for the implementation, I also provide sustainability services where I take care of any problems and also contact the vendor. I also help with the environment and sometimes help implement a new connector if it is easy to implement or is a native connector from an API, for instance. I take care of the sustaining phase issues where we are not installing everything again. We are doing a little bit of parameterization. These services are helpful for revenue and important for our business.

Its price is okay. 

Overall, I would rate One Identity Manager an eight out of ten.

We have several use cases. I work with the German police, who use it to manage use cases. When the forensic examiner goes to the field to gather evidence, they have to transfer this evidence to investigators. We handle the entire process of data cleaning. When the forensic examiner goes to the field, an identity and governance process takes that data, creates an evidence file for it, and transfers that file to an investigator in that team. We also do email password provisioning.

We improve case processes for the bank we work with. They're also using One Identity for account management and provisioning. I'm working with an architecture firm onboarding new employees. There's a global assignment process where an identity or an employee can be assigned to a different country, and he still has to retain his employment. We map the identities even though he's given employment in another country. 

The main benefit of One Identity is process management. Processes are easier to handle. With the police, if a forensic editor or examiner goes to the field and gets all the data, he would need to go to another office with his flash drive and all of those devices. 

He has to call the investigator and tell them he's coming to their office. If the investigator isn't there, he cannot go in. When the guy has time, he will open the door. He goes in, plugs in the device, and waits for hours because they must upload terabytes of data. It takes a lot of time to transfer data because of the internal processes they use. We streamlined the process so the investigator could upload data from the field. 

We also helped a client who had employees traveling to another country on a global assignment. If you must create a new identity for that user because he needs a new identity to work in that country, he can't because we always have to separate objects from different countries. We can manage one user in two different countries and create a sub-identity for that user. 

One Identity Manager helps us minimize governance coverage gaps among test, dev, and production servers. One thing I love about it is the database transport tool. You can model data from the Dev environment and not necessarily push the data. You can model the processes, projects, scripts, business roles, etc., in the dev environment and move them to the testing environment. Once the testing is finished, you can move the transport file to production. It's powerful because you don't need to manually alter the data. 

With business roles, you can close the gap between privileged users and standard users. You can assign business roles to people based on their position and Active Directory group access. 

It streamlines the audit process. Let's say certain users aren't supposed to have access to application data based on their AD group membership or business roles. We can check this for audits and see which users can access applications based on their identities. You can provision applications to specific users based on their membership and identity.

One Identity Manager is identity-centric. Every object is treated as a different entity. Because of this, you can monitor the life cycle of every identity when it comes into the system and how it behaves in the system. You can monitor every identity's access throughout that identity's life cycle. The zero-trust model says that this identity can't access anything it isn't supposed to access at any point in its life cycle. be able to access anything that this identity is not supposed to access. You can trust that once the configurations are done properly, no identity can access any other property that it doesn't have access to.

The solution streamlines licensing. When a user gets employed, we assign them to the group for new employees. When they belong to that group, a trigger creates licenses for each new user. When the user signs into all those accounts, we have a table that shows Microsoft access. Once they are granted Teams access, all of this information is updated for the users. We use that for licensing, but I've never worked with procurement.

The designer tool is one of the most powerful features because you can manage permissions and permission groups in it. The designer is a tool for adding and removing permission. The manager lets you create IT Shop objects and determine which type of user can access an object.

One Identity is versatile and complex. There are no limits to what you can do with this tool. It integrates well with Active Directory and has a powerful API integration. They also introduced the new Angular platform to replace the old web portal, which was too complex. Angular is a simplified web UI for users to do whatever they want to do.

We can leverage JavaScript and the Angular framework to build interactive UIs with the new Angular portal. Also, the new API server makes a lot of sense because using Angular is the front end, and the API server is on the back end. You can do anything you want. It's limitless at this point.

We use One Identity to manage SAP and logically disconnected SAP accounts. From an architectural point of view, you can create request staging tables to sync to the SAP through API calls to the SAP module. You can link the data source to the One Identity staging table to ensure all data goes into the One Identity testing table. You ensure all the necessary fields are there and create a staging table where you would load all the information from SAP. 

You can sync into the One Identity object. From there, you can do whatever you want to do. You can create Active Directory groups and add permissions. SAP is also robust. For example, let's say you have a department's table in SAP. You can also get the department information from the SAP and tie it to the object depending on how you want to sync and structure your project. My approach would be to create a staging table and make an API call to SAP, filling up and syncing the table to the SAP objects in One Identity, adding all the necessary permissions from SAP to the same user, and creating the AD groups if that's also part of the plan. 

There are many approaches to connecting One Identity Manager to SAP accounts under governance. There is no written-in-stone way to do this. The cleanest approach would be using a staging table where you can add all the permissions. A staging table contains the user information and the groups the user belongs to. All of that information will be in any staging table you want. From that table, you write information into the object. 

It helps manage some of the more difficult aspects of SAP. If you have a staging table with all the information from SAP stored there, you have all the rules, Active Directory group names, and permissions. You have all the information. You can use that information to create an identity in One Identity. If you have an SAP account, you must create that SAP identity in One Identity. You can tag and call it SAP and import the source. You can add a SAP tag to it to show that this is an SAP account. 

Before Angular was introduced, the user experience was bad. To do a small custom change in the web UI, you had to do a lot of configuration on the back end. The new Angular portal solved that problem. I don't have any complaints now. The user interface is perfect, making the experience good for the users. Loading objects, caching, and handling errors are way faster with Angular.  

One Identity's business roles help us with provisioning. The whole idea of business roles is to provision based on the user's role. You create business roles for a department with a manager, assistant manager, technician, etc., so you can create custom business roles for all these positions in the same department. Each has permission to do certain things because of their business role. Business roles assign resources and permission groups based on role. It's critical because it limits access based on those roles. We can use business roles to extend governance to cloud apps. 

One Identity can be complex to customize, depending on the scope of the project, the existing system, and the architecture. If the underlying architecture does not suit what the user wants, you must rebuild it entirely by moving data, changing data objects, etc. In a production environment, that can do much harm because these processes and data inputs will change. If the scope is not so robust, you can customize as much as you want. 

On an existing project, the standard was kind of poor because they didn't use experienced consultants to do it. You had to consider rewriting a lot of things, changing how the code works, or redesigning processes. These are not hard things to do, but may just take time. Time will always be a major factor to consider when customizing.

I have actively used One Identity Manager for three years.

One Identity is highly stable. Some companies are still using the 2013 version, and it works perfectly for them. They have not updated it since then. You don't need to upgrade to the latest version. It comes with a lot of benefits like the Angular portal, but it's highly stable. As long as it meets all your needs, why change?

One Identity is scalable, depending on your architecture. 

I rate One Identity support six out of 10. They have bad support. Sometimes, they're fast, and sometimes not. They have 24-hour support, so when you message them, they try to fix their problems. One Identity can give you a technical engineer who can guide you through what to do or give you custom scripts for a problem.

Neutral

Deploying One Identity is straightforward, and configuration is not complex at all. If you have access to the database and application server, initial deployment can be completed in a day. Once you install it, there isn't much maintenance aside from updating to a newer version. You also need an engineer or a consultant to monitor the data for inconsistencies. 

I'm a developer, and I can see the relief from companies because when a person who needs access doesn't have it, emails fly everywhere, and everything stands still. If someone needs access over the weekend to a business-critical task and they can't do it, those problems lead to a lot of waste. It has saved a lot of time and saved some companies a lot of money.

One Identity isn't cheap for small or medium-sized businesses, but I don't think it's necessary for a small company to use. The price is fair for large enterprises with thousands of employees that want to adopt a zero-trust model. 

People talk about CyberArk, but I've never used it before. I don't know how better it would be than this. I don't see anybody competing with this. One Identity is on another level.

I rate One Identity Manager eight out of 10. If you plan to implement One Identity Manager, I recommend finding an experienced consultant. They are not cheap. If you're thinking about implementing One Identity at a small business, I would tell you not to waste your time. At a mid-sized business with a lot of identities or a contractor for a big company, you can use One Identity, but you still need an experienced consultant, depending on the scope of the project. 

We started using the solution for the supply chain. We are a retail organization (FMCG) and we use it in the distribution center, at the head office, and for all of our employees in the stores, even the stock clerks.

The solution has made it possible for us to give everyone in the store a personal account for application access. That was not possible without One Identity. In the past, only management had a personal account in Active Directory and could use the computer and applications. It allows everyone to reach whoever they need in the store. It's also allowed us to move to the cloud and keep security. It helps us monitor users as well.  

The solution helps us to efficiently manage lots of authorizations automatically. We started initially using One Identity as a tool for security reasons. But then we noticed that management in the supply chain embraced One Identity for operational efficiency reasons. Today It allows all 100,000 employees to automatically access all kinds of applications.

We use it for SAP. We have multiple SAP systems. We use it for HANA and the cloud environment, for example.

One Identity Manager provides an enterprise view of management for logically disconnected SAP accounts. It's very good yet also difficult. Technically, it's a good solution, however, you need to have people who understand it and can use it the correct way. Being just a One Identity developer is not enough. You need to be specialized in this kind of module to use it to be efficient and effective. We are not there yet to use all this additional functionality.

One Identity Manager connects SAP accounts to employee identities under governance. It is important to see who has which SAP role, and if it's assigned based on the HR function, or assigned after an additional request.

There is a special SAP connector. There is reporting. You can build reports yourself. There are lots of possibilities, however, you need to know how to use it.

The solution is good for providing a single platform for enterprise-level administration and governance of users, and access to applications and data. We use it only for personal accounts. We have a separate PAM solution to manage privileged accounts. But to request access to PAM-tooling initially, needs to be done in One Identity. It's a two-step approach.

What I noticed, is that the user experience in version nine is good. We’re using an older version. The user experience is not very good in version eight. It’s a bit old-fashioned as it appears now. The latest version is much more modern.

We make use of the solution's business roles to map our company structure for Dynamic Application Provisioning. We are giving people the right authorizations based on the job and function. We use it a lot, especially in the stores and distribution centers where there is a high frequency in the joiner, mover, and leaver process, but the organizational structure is quite solid and doesn't change a lot.

We use One Identity also to give access to test environments, as self-service.

It has positively affected operations. There are a lot of things that are possible. It does what you want. 

It provides more insights because HR data and access to all systems are in one system. This information can help us to review who needs more access, or revoke access if it's necessary.  

One Identity Manager helps streamline application access decisions. There's an approval flow for additional access requests. For every application, you can have a different flow, in case you need extra security approvals or from a data-owner. 

It helps streamline application compliance and auditing. We can do a re-certification process and someone can give approval if it is needed or not. It's helped us improve governance. The re-certification process is very good. 

The solution helped enable application owners or line of business managers to make application governance decisions without IT. All employees and managers can request access as a self service in One Identity instead of going through IT.  The request for access is easier, and faster, because after approval the access is automatically granted.

It's customizable. However, that's also the downside. It's a bit complex and there are so many possibilities. You need to have good developers who know what is standard and how it's meant to be used before they adjust all kinds of stuff. It is possible to configure and change a lot of things and if it's not good enough, you can use custom code.

They should offer more best practices and documentation for every functionality. It would be helpful if there was a demo environment to show the possibilities and how they can be used. That would help with the learning curve. 

I've used the solution for quite a long time. It's likely been about seven years. 

The stability is very good. 

We have 100,000 users on the solution currently.

The solution is scalable. 

I'm satisfied with the level of support we receive. 

We use regular support. I was not aware premier support was an option.

Positive

I did not previously use a different solution.

The initial setup was complex. The start of the project took a bit more time than we expected.

We're still busy with the solution. We have a DevOps team, and every week we have things to do and improve. It's not a project you start and finish. It's a continuous process. 

We currently have a team of six people working with it. 

The solution requires a lot of maintenance. That includes updating, patching, and monitoring all kinds of processes that are running. On top of that, there are incidents that you want to improve and make better. 

It's important to have a good partner, a good process, and good people involved for the initial setup. We started the project with another team and moved to another partner. The partner was involved with training staff on the solution. 

The first partner we started with didn't understand what we really wanted and we went our separate ways. Our second partner understood our business much better and we have had a more successful partnership. They've been involved with post-implementation support. 

I cannot speak to the pricing. I don't deal with the licensing. 

We are a customer and end-user. 

It is hard to pinpoint when we noticed a benefit with this solution. It was step-by-step. We didn't dive in all at once. It might have taken two years of working with it and implementing small steps before all stores and franchises were under the solution. 

I'd advise others to start with the solution as a managed service so that you don't have all of the technical hassles. 

I'd rate the solution eight out of ten. 

The purpose of One Identity Manager is to implement identity and access management tools. For on-premises use, we must connect various target systems and trusted sources with the central identity and access management tools. This involves integrating Workday or other HR management systems with One Identity Manager and linking authentication sources, such as Active Directory or Azure AD, with One Identity Manager. Additionally, One Identity Manager has a specialized connector library for SAP solutions.

This solution can be deployed on the cloud and on-premise.

One Identity Manager connects SAP accounts to employee identities under governance from the connections that are provided. 

For customers who already have an SAP system in place, the availability of readily available, specially-designed connectors is crucial. This would be highly beneficial for all clients with SAP systems.

The solution delivers SAP-specialized workflows and business logic. 

This vendor provides end-to-end solutions that cover a wide range of areas related to user administration and governance, such as identity governance and administration, identity management, access management, and cloud-based solutions. They are also one of the few vendors to offer complete privileged account management solutions. Recently, they acquired OneLogin, which adds customer identity and access management to their comprehensive offering.

One Identity has solutions for all needs related to the IDE and privileged identity.

One Identity Manager provides a Web UI interface for users, which is currently being modernized through their latest initiative UI. Looking at their roadmap, we can expect to see more advanced UI from One Identity Manager in the future, reflecting ongoing product improvement.

Customizing One Identity Manager to fit specific needs is moderately difficult. With the help of experts, customization is possible, although it may not be a straightforward process. While it is not extremely difficult, it does require some level of expertise to carry out successful customization. One Identity Manager offers various tools for different customization requirements. Having the appropriately skilled resources available can greatly facilitate the customization process.

We make use of the solution's business rules to map our company structure for dynamic application provisioning. The importance of the business rules functionality lies in its ability to assist business analysts in designing organizational approval and provisioning policies. When gathering requirements, business analysts can utilize business rules to create effective policies that meet their needs and achieve their goals.

Connectors are available for both on-premise solutions and cloud-based applications or systems. One Identity Manager offers Starlink connectors specifically for connecting to cloud-based solutions. Although I have not personally worked with this offering, I am aware that it is available.

One Identity Manager helps to minimize gaps in governance coverage across test, dev, and production servers. They offer a feature that allows for the import and export of work, which is useful for moving content between different environments.

Reducing gaps in operations is crucial, not just for identity management but for any product. One way to achieve this is by synchronizing test, dev, and production environments as closely as possible. While it may not be feasible to replicate production exactly, having a miniature model that closely resembles it can greatly reduce gaps and potential problems. This concept applies to all identity and access management products when implementing them. The closer your test or dev environment is to production, the better you can reduce gaps and find potential problems that could arise in production. By identifying these issues in the test or dev environment, you can address them before they occur in the production environment.

The solution has helped create a privileged governance stance to close the security gap between privileged users and standard users.

The critical capabilities of any identity management product are operational activities such as providing access, provisioning, and deep provisioning. These tools are essential to efficiently manage identity and access. However, I am a bit confused about how licensing works with these capabilities.

The solution aids in simplifying application governance aspects such as making decisions regarding application access, ensuring application compliance, and conducting application audits.

The application governance requirements are being taken into consideration while designing and implementing streamlined solutions, which prove to be helpful.

One Identity Manager provides a dedicated module that enables us to set up a test station as per specific requirements. These test stations can be reviewed by the respective managers and their subordinate application orders based on roles. There is also a notification system in place to keep users informed.

In One Identity Manager, there is a module for review and attestation cycles. Whenever this cycle is triggered, notifications are sent to the respective parties who need to take action on their subordinates or evaluate role members. All of these features are available in One Identity Manager and can help fulfill business requirements. Moreover, One Identity Manager can indirectly assist in managing compliance auditing by tracking all actions, such as who performed them and when. This can be beneficial during external or internal audits as it helps in generating reports.

The solution positively impacted our operations and business by allowing us to streamline account provisioning for new hires and employees transferring between departments. When a new member joins my department, their line manager can request the creation of their account in advance. The request is then approved by concerned approvers and notifications are sent out. This reduces the onboarding time for new employees and ensures a smooth transition when an employee moves to a new department. Access can be removed or granted as per the requirements of the new department and line managers can request these changes through the portal, further simplifying the process.

The zero trust model can be implemented based on our understanding of the requirements. We need to design the business policies, rules, role membership, dynamic role membership, group memberships, etc., based on our understanding of zero trust. We need to set up the rules and policies according to the zero trust model and then implement them to achieve our business objectives. This includes designing policies based on departments, roles, job titles, and locations. By doing this, we can effectively implement the zero-trust policy.

The most valuable feature of One Identity Manager is it simplifies user-account provisioning and administration. One Identity offers a comprehensive range of solutions that cater to almost every aspect of the identity and access management domain. Their solution suite includes a login solution for access management that can be seamlessly integrated with your IGS solution. Additionally, they offer a dedicated tool for IGA that fulfills all your identity and assessment requirements. In addition, they have a solution called One Identity Safeguard for identity management and access management, which is gaining increased importance. With One Identity, you can obtain end-to-end solutions from a single vendor, whereas with other vendors, you would need to combine various vendors to achieve the same result. 

The tools within One Identity Manager are distributed, meaning there is no unified platform that covers all development, configuration, and installation details. Instead, there are separate tools for each requirement, such as object browser designer, manager tool, synchronization editor, report designer, job queue, and DBQueue. While these tools have built-in functionality, it can be tedious to learn and implement them all. This is in contrast to SharePoint, where all requirements related to role management, workflows, provisioning, and connector configuration can be implemented in one portal. In the case of One Identity Manager, different tools need to be used for each respective requirement. For example, the sync editor is used for connector configuration and related synchronization, while the job queue and DBQueue are used for monitoring jobs.

One Identity Manager is currently in the process of modernizing its UI, which I hope will result in a more user-friendly interface for its Identity Manager. However, it is uncertain whether they have plans to consolidate their various tools into a unified system to simplify configuration and tasks.

It is important to note that this modernization effort is a long-term goal, given that this solution has been in the industry for over 20 to 30 years. Despite its age, it remains one of the leading solutions in the market and is recognized by Gartner and other similar institutions as a top solution.

I have been using One Identity Manager for approximately one year.

The solution is stable in my usage. Since the setup is distributed, there are several components in the environment. Regular monitoring allows us to take appropriate actions when necessary. The solution is stable and scalable according to the available data and comparisons with other vendors' products, as evidenced by reports from Gartner and other evaluators such as Scooping Your Coal. Based on a comparative analysis of multiple products, including those of leading competitors, I have come to this conclusion. These analysis reports are typically released annually.

I rate the stability of One Identity Manager a seven out of ten.

One Identity Manager loads various identity and access management tools, it necessitates multiple instances for applications, web servers, and job server services. Therefore, the installation requires a substantially distributed setup but overall it is scalable.

I rate the scalability of One Identity Manager a seven out of ten.

I have not used the support from the vendor. One Identity has various support sites, such as the support center and community sites, which can help address any questions or issues related to One Identity products. However, my experience with these sites is limited, and I cannot provide more detailed information.

Installing One Identity Manager can be considered moderately difficult, but not overly so since it is based entirely on the Microsoft Windows platform. In comparison to other software installations, it is moderate in difficulty and should not be too challenging to complete.

The deployment timeframe for One Identity Manager varies depending on the size and scope of the project or proof-of-concept. It is difficult to provide a specific estimate without knowing more about the project requirements. Generally, it can take anywhere from three to six months to complete the deployment based on the project scope.

If you want to showcase the functionality of One Identity Manager, the solution provides a cloud environment to its partners with a pre-installed setup. You can use this environment to demonstrate to the customer for a limited time of about one week. This is a quick and easy way to showcase a few use cases that align with your project scope. However, the actual implementation timeframe will depend on the specific project requirements.

I rate the initial setup of One Identity Manager a seven out of ten.

Typically, the installation and configuration of One Identity Manager are handled by a specialized team, while the development and configuration of individual tools to meet business requirements are done by other parties. For installation and configuration alone, it may require at least two individuals with the necessary expertise to ensure a successful setup.

The requirement for maintenance and support varies depending on the situation. If it's a 24/7 operation, then three resources would be needed to cover all three shifts. However, the need for resources depends on the different aspects of maintenance, such as infrastructure installation, configuration, daily health checks, and level three support, which involves the development and making of changes. Typically, organizations have dedicated teams for these three areas, team members should be assigned accordingly based on this information. The tool is comprehensive and able to meet identity and access management needs. However, it can be complex as it contains multiple tools to address requirements in specific areas.

I rate One Identity Manager an eight out of ten.