One Identity Manager Reviews

The primary use case is the JML role-based access provisioning and access re-certification.

We don't use the solution exactly for SAP, but for provisioning and reconciliation. We manage an integrated environment. We use SAP as one of our information sources. Although SAP is one of our trusted sources, it is not an authorized source.

One Identity Manager connects SAP accounts to employee identities under governance which is important for our organization.

The solution delivers SAP-specialized workflows and business logic. The good part is the customization; whatever way we customize the solution, the product is superb. But at the same time, complexity can be difficult because if we do a lot of customization, it's not easy for the new team to think exactly the same way as someone who has implemented the solution. 

We use the solution's business roles to map company structures for dynamic application provisioning.

We use the solution to extend governance to cloud apps. I don't have real-time experience with One Identity Manager Cloud One. I believe the solution extends governance to cloud apps because some of our cloud-based target systems are currently integrated, including Azure. I don't see any challenges, and One Identity Manager seems to be functioning smoothly.

The solution has improved the way our organization functions. In the latest version, some of the basic challenges and bugs have been improved. One Identity Manager is definitely one of the most robust enterprise identity manager platforms. One of the advantages is the cost-effectiveness of the solution. The solution is also a light-based application, has easy-to-manage infrastructure, and an easy-to-use UI. The reporting features and auditing features are all up to the mark. There are no issues, no security concerns, or risks. The risk handling is up to par, with features like managing privileged systems and accounts. This makes it a safe and reliable choice for businesses.

The solution helps us minimize gaps in governance coverage among testing, development, and production servers. One Identity Manager provides a number of out-of-the-box tools to help migrate the solution from one environment to another. This makes it easy to transport our package from the development environment to the testing environment to the production environment.

It helped us create a privileged governance stance to close the security gap between privileged users and standard users. One Identity Manager is a data-based application that provides a large scope compared to other IGA products such as SailPoint and Saviynt. The solution separates the identifier between the privilege and standard account as well as access certification, auditing, and reporting.

One Identity Manager is compliant with our business requirements regarding procurement and licensing consolidation.

The solution helps streamline application governance and application access decision compliance. One of the benefits of using the solution to certify privileged accounts and users is that it minimizes risk. This is done by applying proper governance, which is something that is needed in any organization.

The solution helps enable application owners or line of business managers to make application governance decisions without IT.

One Identity Manager helped us to achieve an identity-centric zero-trust model through risk minimization and segregation of duties.

We have Premier support services. If there's any product work or product limitation based on the requirements or any new challenges that come up, we can access the Premier support services, but we need to opt in.

Premier support has added value to our overall investment. We have a weekly follow-up call with their support team.

Having Premier support has influenced us to purchase additional licenses and products from the vendor. We also use Password Manager.

The most valuable feature is the JML. Unlike other identity manager tools, the JML is more customizable, making it easier to find.

The solution provides IGA for the difficult-to-manage aspects of SAP such as T-codes profiles.

It provides a single platform for enterprise-level administration and governance of users' data-privileged accounts. We have end-to-end JML features, including role-based access provisioning, access certification, and reporting. One Identity Manager is a very good platform, especially for those who have been working with it for the last two or three years. They are likely to be very happy with it.

Another good feature of One Identity Manager is its multi-language support. I give the solution a seven out of ten for its single platform feature.

One Identity Manager has an intuitive interface that is customizable.

One Identity Manager needs to come up with many more out-of-the-box connectors, similar to Workday and ServiceNow. There's a scope for One Identity Manager to improve itself.

The reporting feature should be improved similarly to other IGA products.

Unlike other solutions, One Identity Manager doesn't have a strong support team.

I consider One Identity Manager as a niche solution because we have a demand for it, but we can't find the proper skill set in the market. That is the highest pain point with this solution. Other vendors, such as SailPoint, Saviynt, and even Oracle and IBM, reach out to people to provide materials and make them aware of their products. This leaves One Identity Manager at a disadvantage.

I have been using the solution for four years.

The solution is stable.

It is scalable.

Technical support needs some improvement.

Neutral

The initial setup is straightforward. There are more than 20 components. It takes almost eight hours to deploy. 

It is deployed in our customer environments. We monitor around 300 thousand identities.

We require over 50 administrators.

The implementation is done in-house with the help of our team.

One Identity Manager's pricing is one of its strong points. It is very reasonable compared to other IGA solutions. The licensing cost is per user.

I give the solution a six out of ten.

I have worked with similar solutions such as Oracle One, CA, RSA, SailPoint, and IBM. Other identity manager platforms mostly use Java J2EE-based frameworks. The challenging part with One Identity Manager is that it uses the .NET Framework, for example, VBScript. It's a struggle to find the properly skilled resources in the market. VBScript is considered a niche skill right now. 

One Identity Manager seems to be lagging behind its competitors in terms of its out-of-the-box connectors. Almost every other identity manager product has connectors for a variety of applications, such as ServiceNow, Workday, and SAP, but One Identity Manager does not. The auditing and reporting modules of the solution definitely need to be improved. It needs to be more intuitive for business people, especially those who don't deal with IT.

Each solution has its own pros and cons. Oracle has a little heavier deployment compared to One Identity Manager. However, when compared to other vendors' solutions - such as Saviynt or SailPoint that can be deployed within two to three hours, One Identity Manager requires a full day. 

The amount of maintenance required for the solution depends on the type of implementation.

One Identity Manager is good for organizations looking for multilingual support, low-cost, and highly customizable solutions.

The underlying technology of the UI is going to change. One Identity Manager is moving from VBScript and HTML to Angular with the latest version.

We are a system integrator and used One Identity Manager for our client.

One Identity has many built-in features. It's a highly suitable platform for enterprise-level organizations to integrate with existing systems for complete account management and other related functions.

Although someone new to One Identity may initially find it a little difficult, the intuitive interface is easy to navigate for experienced users.

Due to its many built-in features, customizing the solution to meet our customers' specific needs is straightforward. With sufficient knowledge of the platform and tool, we can easily tailor the solution according to our customers' preferences. Simply exploring the available features will help us uncover the possibilities.

Without One Identity Manager, we would need multiple platforms to connect our source and target identity systems. However, One Identity allowed us to consolidate role management, access management, identity management, and other functions into a single platform, significantly streamlining our processes.

One Identity Manager simplifies application governance by streamlining access decisions, ensuring compliance, and facilitating auditing. Previously, users required individual interactions with application teams to gain access. However, with One Identity integrated into multiple applications, users can now submit access requests through a dedicated portal. This initiates an automated workflow that grants access directly through One Identity, significantly reducing users' and administrators' time and effort.

We successfully implemented an identity-centric zero-trust model, but its effectiveness depends on the people and the architecture used to implement the solution. The platform provides the necessary tools, but the success of its application hinges on the users' ability to leverage its features effectively within their specific use cases. If users can successfully implement these features, One Identity proves to be a valuable platform. However, the underlying architecture within the platform and our processes also play a crucial role in overall success.

One Identity Manager provides a wide range of features that enable connection to numerous target systems. It also includes built-in capabilities to automate user onboarding and offboarding processes.

One Identity Manager offers numerous features, including role management. We can create custom bot-specific roles, integrate with external systems, and grant users access upon onboarding within our system. The tool's automation capabilities are particularly valuable. They allow us to schedule tasks for execution at specific times, eliminating the need for manual intervention.

The platform's user experience presents several challenges. Its complex features and numerous tools make it difficult to understand without significant effort. The web portals and documentation are also not user-friendly, hindering knowledge acquisition.

We must create business roles specifically for the platform rather than due to architectural requirements. While this is unnecessary additional work, it is mandated by the platform. We believe utilizing system roles to grant application access would be more efficient. However, the platform necessitates the creation of business roles on top of system roles for access control, which we find challenging.

The documentation I found in their repository is neither interactive nor engaging. They should include simple examples or sample use cases demonstrating how to use the product for specific features.

For most applications, we must configure connections. One Identity Manager lacks a robust built-in connection system or connectors for diverse target systems. This area could be improved. Consequently, for built-in applications, we must define connections ourselves.

We are using an on-demand version for our client and have encountered some database agent issues. Therefore, the number of database agent issues needs to be reduced.

I have been using One Identity Manager for one and a half years.

The stability of One Identity Manager hinges on the project's specific implementation or architecture. We must analyze project requirements to select the appropriate One Identity version; in this case, the on-demand version is necessary due to our high user count. This choice will help maintain platform stability. While One Identity itself is not inherently flawed, its success relies heavily on the architecture team's design.

One Identity Manager's scalability depends on the specific implementation or architecture.

SailPoint is a platform similar to One Identity Manager that we also use, both offering identity management solutions. While One Identity Manager offers more features, making it a strong choice for us given our expertise, it has limitations regarding target system integration and user interface. One Identity should expand its default integration options to include popular systems and enhance the user interface with a more intuitive and visually appealing design to maximize its potential, improving the overall user experience for extended work sessions.

We engaged our One Identity Partner, Quest Global, to provide post-implementation support, and we are pleased with their responsiveness. The issue's priority level determines their response time. High-priority issues receive immediate attention with a scheduled troubleshooting call, while medium-priority issues are addressed within hours. Lower-priority issues will also be resolved promptly. Overall, we are satisfied with their support.

I would rate One Identity Manager eight out of ten.

I participated in a one-week training session provided by the partner, and it was exhausting because we had to listen to the trainer for eight hours each day and then work.

The support that our One Identity partner provides is valuable.

Due to our implemented automation, One Identity Manager requires ongoing maintenance. Constant monitoring is necessary to ensure the workflow operates as intended. This monitoring demands individuals with expertise in the tool to comprehend the process and identify potential issues.

Our One Identity partner helped us implement the customized features that our client required.

We currently have 100,000 users and have connected with around 15 target systems.

I recommend One Identity Manager to others. I suggest the on-demand version for organizations with a high user count.

Our company uses it internally to request access to different customer environments. We use it as a centralized RGA for distributing different kinds of VR-managed service providers.

When you first deploy One Identity Manager, it feels a bit overwhelming because there are many features, but you quickly get accustomed to the tool and what it does. You start realizing how much automation and the ease of use simplifies your daily work. 

It depends on your starting level. If you know how to script a bit and how the target systems work, it's quite easy. I've worked with many tools I didn't understand, but One Identity was clear from the start. It has a good graphical interface and the ability to code XML files. 

One Identity helps us to minimize governance coverage gaps between test, dev, and production servers. It provides a holistic overview of everything connected to the system. You can apply for any access you need. It requires approval, but everything else is automated on the back end. A lot is happening that the end users don't see. 

It provides privileged identity governance, but when combined with a PAM solution, we get high-level privilege access governance. It helps streamline application procurement and licensing. It also enables us to streamline application-access decisions. The graphical interface lets you draw the process rather than code it. We have multiple approval processes implemented. Once the line of business managers becomes accustomed to it, they like it. It brings accountability. There is no single email here and there, but you can see the implications. No more Excel spreadsheets. You have a portal where you can decide, and it goes forward from there.

One Identity is one of the most feature-rich platforms on the market. It covers every use case. The user interface has been improved, making it easier to make it look like what customers want. It's easier to customize than a lot of competition solutions. There are nearly a thousand built-in processes that you can edit and customize according to your needs. 

The solution has a graphical synchronization engine program to generate synchronization and provisioning for you. If those aren't enough, you can create your own, which we often do. Our developers can handle that kind of integration quickly. If we have the definitions ready, it usually takes only a day or two.

The ability to extend governance to cloud applications is critical. The Microsoft 365 integrations are particularly important. All the cloud applications are crucial, especially in the Nordic countries, where we have a lot of SaaS applications.

I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer. 

I have used One Identity Manager for 10 years.

One Identity is highly stable. It's rare for Identity Manager to crash. It happens periodically, but usually, the problem is in the infrastructure or the network. 

One Identity is highly scalable. We have deployed it for environments with 2,000 to 140,000 users. It's capable of scaling for organizations with  500,000 to 1 million users. a

I rate One Identity support nine out of 10. It's good most of the time. As a long-term partner, we don't create tickets that are easy to resolve. We typically go through three support layers before creating a ticket. Those take longer to resolve, but they have resolved everything so far. 

Positive

SailPoint is One Indentity's top competitor. I have not used it, but many of my colleagues work on it. It's the only solution that has comparable features. 

All the deployment options are available, and partners can create our own deployment through the container. It's easy to deploy. A wizard guides you through the initial installation. The full deployment takes four months to a year, depending on the scope. 

You can do it yourself if it's a small environment, but we primarily work in a regulated environment, so we need a team of people for example, testing, approvals, etc. 

After deployment, One Identity requires little maintenance, depending on how it's deployed. If it's a cloud-based deployment, everything happens automatically. For an on-prem deployment, someone from the database team has to back up the databases.

You get a lot of bang for your buck with One Identity. It has many features that are included in the standard IGA license. Most people who are considering buying One Identity don't understand how much power is behind it in engines.

I rate One Identity Manager nine out of 10. Before implementing One Identity, you should test it and do a proof of concept. Look at your application portfolio. If you have a lot of Microsoft applications and SaaS, One Identity will be a good fit for your environment. 

I work as a tester and qualitative analyst for a German client. They use One Identity Manager for identity management, which connects to various downstream applications such as SAP, DLCM, and RSA Archer. This requires numerous connectors, including Azure Active Directory and Microsoft Active Directory. Additionally, we create custom records from SuccessFactors using its integration with One Identity Manager. We sync data from SuccessFactors to create personal accounts and provision user accounts. We also create external identities for all vendors. Furthermore, we use One Identity Manager for reporting and auditing purposes.

We deployed One Identity Manager using a hybrid model through a CI/CD pipeline.

We can create, modify, use, and delete business roles directly from the web shop. Users can request and manage their business roles and entitlements, and we utilize them for our purposes.

We have recently migrated several applications, including RSA, DLCM, Majesco, and ServiceNow, from their native apps to the end-user environment. Previously, these applications were connected to LDAP, and before that, VLCM. We have now transitioned them to cloud-based Starling and CSM connectors, which are currently being used. In total, we have approximately four to five applications running on the One Identity Manager cloud service, utilizing these Starling connectors. It is helpful to have this extension of governance in the cloud.

We recently onboarded a new company using our Angular Web Shop. This is a new Angular-based Web Shop released by One Identity Manager. We've begun implementing Angular for this new company as a pilot application, and the front end has been very intuitive. We've tested the Manager, designer, and object browser for back-end operations, finding them easy to use. The object browser allows direct querying of results, and the designer is efficient in modifying configuration schedules. I've exclusively used One Identity Manager for the past five years and found it to be a good fit for our needs.

For privileged user requests, we require dual approval, with both the manager and application owner sign-off. Also, we conduct attestation reviews every six months to make sure that we have continued authorization. We implement two-factor authentication to enhance security using tools like MF Authenticator for all privilege access management. This requires users to provide an OTP upon login. For password storage and management, we utilize CyberArk's GPAM solution. Access to sensitive information is restricted to authorized users and is regularly reviewed to maintain security.

One Identity Manager assists in streamlining application access decisions, compliance, and auditing. As a financial organization, we have been leveraging One Identity Manager to audit various aspects of our operations. We use Power BI as a reporting tool to monitor current user access, access levels, testing dates, role assignments, and other relevant information. One Identity Manager effectively supports both access governance and reporting.

The automated provisioning feature streamlines user access by dynamically assigning roles and privileges based on user attributes like location and role. For example, a user with a manager role or from a specific location will automatically gain access to the system, eliminating the need for manual requests. This dynamic role conditioning runs daily, ensuring users receive appropriate access based on their current attributes. However, users or their managers must still submit requests through the web shop for additional privileges. If a manager requests on behalf of a user, the request is typically auto-approved within a few minutes due to the manager's authority. The system verifies that the requester is the recipient's manager before granting automatic approval, further streamlining the process.

The One Identity Manager's user-friendly interface allows for easy external identities and user account creation. To request a new account, we can just navigate to the appropriate section and provide the necessary information. Existing identities can also be managed through this platform by requesting entitlements. This streamlined process eliminates manual intervention and ensures efficient account management.

One Identity Manager's slow loading speed has been a recurring issue for users. This is likely due to the overwhelming number of entitlements, nearly 100,000 associated with the products. The high load is further exacerbated by the simultaneous access of thousands of users during peak times. To address this, we have implemented measures such as increasing server RAM, but the underlying issue of product-related entitlements remains a contributing factor.

While out-of-the-box features are typically user-friendly, our clients' customized user account creation and the added complexities of sub-entities and account sub-entities have made it challenging to leverage these features effectively. We plan to phase out these customizations and revert to a more standard configuration to streamline our processes and reduce long-term maintenance costs. Unfortunately, this transition has temporarily limited the availability of certain out-of-the-box functionalities. Furthermore, the extensive testing for our customized system is time-consuming and resource-intensive, as numerous scenarios must be evaluated to identify potential bugs.

The user interface of our web shop, which customers interact with directly, needs improvement. The front end's speed could also be enhanced. This might be related to the infrastructure of our client systems, but I need clarification. Regardless, the front end, which is the customers' primary point of contact, should be redesigned and optimized for a better user experience.

I have been using One Identity Manager for five years.

The backend tool occasionally experienced slowness due to the servers we used. Since 2012, we have been using outdated Microsoft SQL servers. However, last month, we upgraded these servers to the 2022 version. As a result, the tool's performance has significantly improved. Our client has used One Identity Manager for 14 years with no significant stability issues.

I would rate the stability nine out of ten.

One Identity Manager has demonstrated exceptional scalability in our organization. Despite initially lacking applications for DLC and relying on LDAP, our seamless migration to the cloud was a testament to its adaptability. We've successfully integrated over 200 SAP applications into Identity Manager, ensuring smooth operation without significant issues. This ongoing scalability, evident from day one, has allowed us to manage and secure our growing identity infrastructure effectively.

I would rate the scalability nine out of ten.

The deployment is straightforward. Our team consists of eight developers, including leads and team leads. We are organized into two separate development teams. One team focuses on developing new features and connectors, while the other enhances existing connectors and addresses product bugs. Each team has core developers and two leads. Additionally, we have an architect, a solution architect, and a business architect. For operations, we have a team of 12, and our testing team has eight members. Our IT department includes approximately 30 people, encompassing development, operations, and testing.

I would rate One Identity Manager nine out of ten.

We have 33,000 users for our clients.

One Identity Manager requires minimal maintenance. We upgrade it from the previous version when a major update is released every two years, and minor updates are released annually. To ensure continued support, we must upgrade our client's installation every two years to the latest version. This aligns with the manufacturer's support policy, which is limited to the current and previous major releases.

I recommend One Identity Manager to others due to its user-friendly interface. Although it may occasionally experience loading delays, its underlying infrastructure ultimately determines its performance. We have significantly improved its speed and reliability by upgrading from 2012 to 2022 servers. Additionally, the tick lines we use for operations, governance, subject matter experts, and backend operators are invaluable for managing the system efficiently. With them, managing One Identity Manager would be considerably more manageable. We utilize tick lines and desktop applications for operations and development, while front-end users benefit from the intuitive UI. Both interfaces are highly effective for their respective purposes.

We have several use cases. I work with the German police, who use it to manage use cases. When the forensic examiner goes to the field to gather evidence, they have to transfer this evidence to investigators. We handle the entire process of data cleaning. When the forensic examiner goes to the field, an identity and governance process takes that data, creates an evidence file for it, and transfers that file to an investigator in that team. We also do email password provisioning.

We improve case processes for the bank we work with. They're also using One Identity for account management and provisioning. I'm working with an architecture firm onboarding new employees. There's a global assignment process where an identity or an employee can be assigned to a different country, and he still has to retain his employment. We map the identities even though he's given employment in another country. 

The main benefit of One Identity is process management. Processes are easier to handle. With the police, if a forensic editor or examiner goes to the field and gets all the data, he would need to go to another office with his flash drive and all of those devices. 

He has to call the investigator and tell them he's coming to their office. If the investigator isn't there, he cannot go in. When the guy has time, he will open the door. He goes in, plugs in the device, and waits for hours because they must upload terabytes of data. It takes a lot of time to transfer data because of the internal processes they use. We streamlined the process so the investigator could upload data from the field. 

We also helped a client who had employees traveling to another country on a global assignment. If you must create a new identity for that user because he needs a new identity to work in that country, he can't because we always have to separate objects from different countries. We can manage one user in two different countries and create a sub-identity for that user. 

One Identity Manager helps us minimize governance coverage gaps among test, dev, and production servers. One thing I love about it is the database transport tool. You can model data from the Dev environment and not necessarily push the data. You can model the processes, projects, scripts, business roles, etc., in the dev environment and move them to the testing environment. Once the testing is finished, you can move the transport file to production. It's powerful because you don't need to manually alter the data. 

With business roles, you can close the gap between privileged users and standard users. You can assign business roles to people based on their position and Active Directory group access. 

It streamlines the audit process. Let's say certain users aren't supposed to have access to application data based on their AD group membership or business roles. We can check this for audits and see which users can access applications based on their identities. You can provision applications to specific users based on their membership and identity.

One Identity Manager is identity-centric. Every object is treated as a different entity. Because of this, you can monitor the life cycle of every identity when it comes into the system and how it behaves in the system. You can monitor every identity's access throughout that identity's life cycle. The zero-trust model says that this identity can't access anything it isn't supposed to access at any point in its life cycle. be able to access anything that this identity is not supposed to access. You can trust that once the configurations are done properly, no identity can access any other property that it doesn't have access to.

The solution streamlines licensing. When a user gets employed, we assign them to the group for new employees. When they belong to that group, a trigger creates licenses for each new user. When the user signs into all those accounts, we have a table that shows Microsoft access. Once they are granted Teams access, all of this information is updated for the users. We use that for licensing, but I've never worked with procurement.

The designer tool is one of the most powerful features because you can manage permissions and permission groups in it. The designer is a tool for adding and removing permission. The manager lets you create IT Shop objects and determine which type of user can access an object.

One Identity is versatile and complex. There are no limits to what you can do with this tool. It integrates well with Active Directory and has a powerful API integration. They also introduced the new Angular platform to replace the old web portal, which was too complex. Angular is a simplified web UI for users to do whatever they want to do.

We can leverage JavaScript and the Angular framework to build interactive UIs with the new Angular portal. Also, the new API server makes a lot of sense because using Angular is the front end, and the API server is on the back end. You can do anything you want. It's limitless at this point.

We use One Identity to manage SAP and logically disconnected SAP accounts. From an architectural point of view, you can create request staging tables to sync to the SAP through API calls to the SAP module. You can link the data source to the One Identity staging table to ensure all data goes into the One Identity testing table. You ensure all the necessary fields are there and create a staging table where you would load all the information from SAP. 

You can sync into the One Identity object. From there, you can do whatever you want to do. You can create Active Directory groups and add permissions. SAP is also robust. For example, let's say you have a department's table in SAP. You can also get the department information from the SAP and tie it to the object depending on how you want to sync and structure your project. My approach would be to create a staging table and make an API call to SAP, filling up and syncing the table to the SAP objects in One Identity, adding all the necessary permissions from SAP to the same user, and creating the AD groups if that's also part of the plan. 

There are many approaches to connecting One Identity Manager to SAP accounts under governance. There is no written-in-stone way to do this. The cleanest approach would be using a staging table where you can add all the permissions. A staging table contains the user information and the groups the user belongs to. All of that information will be in any staging table you want. From that table, you write information into the object. 

It helps manage some of the more difficult aspects of SAP. If you have a staging table with all the information from SAP stored there, you have all the rules, Active Directory group names, and permissions. You have all the information. You can use that information to create an identity in One Identity. If you have an SAP account, you must create that SAP identity in One Identity. You can tag and call it SAP and import the source. You can add a SAP tag to it to show that this is an SAP account. 

Before Angular was introduced, the user experience was bad. To do a small custom change in the web UI, you had to do a lot of configuration on the back end. The new Angular portal solved that problem. I don't have any complaints now. The user interface is perfect, making the experience good for the users. Loading objects, caching, and handling errors are way faster with Angular.  

One Identity's business roles help us with provisioning. The whole idea of business roles is to provision based on the user's role. You create business roles for a department with a manager, assistant manager, technician, etc., so you can create custom business roles for all these positions in the same department. Each has permission to do certain things because of their business role. Business roles assign resources and permission groups based on role. It's critical because it limits access based on those roles. We can use business roles to extend governance to cloud apps. 

One Identity can be complex to customize, depending on the scope of the project, the existing system, and the architecture. If the underlying architecture does not suit what the user wants, you must rebuild it entirely by moving data, changing data objects, etc. In a production environment, that can do much harm because these processes and data inputs will change. If the scope is not so robust, you can customize as much as you want. 

On an existing project, the standard was kind of poor because they didn't use experienced consultants to do it. You had to consider rewriting a lot of things, changing how the code works, or redesigning processes. These are not hard things to do, but may just take time. Time will always be a major factor to consider when customizing.

I have actively used One Identity Manager for three years.

One Identity is highly stable. Some companies are still using the 2013 version, and it works perfectly for them. They have not updated it since then. You don't need to upgrade to the latest version. It comes with a lot of benefits like the Angular portal, but it's highly stable. As long as it meets all your needs, why change?

One Identity is scalable, depending on your architecture. 

I rate One Identity support six out of 10. They have bad support. Sometimes, they're fast, and sometimes not. They have 24-hour support, so when you message them, they try to fix their problems. One Identity can give you a technical engineer who can guide you through what to do or give you custom scripts for a problem.

Neutral

Deploying One Identity is straightforward, and configuration is not complex at all. If you have access to the database and application server, initial deployment can be completed in a day. Once you install it, there isn't much maintenance aside from updating to a newer version. You also need an engineer or a consultant to monitor the data for inconsistencies. 

I'm a developer, and I can see the relief from companies because when a person who needs access doesn't have it, emails fly everywhere, and everything stands still. If someone needs access over the weekend to a business-critical task and they can't do it, those problems lead to a lot of waste. It has saved a lot of time and saved some companies a lot of money.

One Identity isn't cheap for small or medium-sized businesses, but I don't think it's necessary for a small company to use. The price is fair for large enterprises with thousands of employees that want to adopt a zero-trust model. 

People talk about CyberArk, but I've never used it before. I don't know how better it would be than this. I don't see anybody competing with this. One Identity is on another level.

I rate One Identity Manager eight out of 10. If you plan to implement One Identity Manager, I recommend finding an experienced consultant. They are not cheap. If you're thinking about implementing One Identity at a small business, I would tell you not to waste your time. At a mid-sized business with a lot of identities or a contractor for a big company, you can use One Identity, but you still need an experienced consultant, depending on the scope of the project. 

We use Identity Manager for several things, such as automating our XML process, user provisioning and reprovisioning, and governance-related activities like access reviews and degradation of duties.

Identity Manager sits at the center of the organization. We integrate our systems, like Workday, into other HR systems for employees and contractors. If there are any vendors and customer-related identities, we feed the data from those systems into One Identity. One Identity Manager is configured to the initial access established when someone joins the organization, such as email, Active Directory, desktop logins, timesheets, and common apps that everybody in the organization requires.

We also have request systems in ServiceNow integrated with One Identity Manager on the back end. The request tool goes through ServiceNow, and One Identity creates a notification that a user has requested access to an application. Identity Manager will provision those users on those systems. Some requests are automated and others are semi-automated. When a ticket is opened in ServiceNow, the team will pick up the ticket and work on it. Once they do that, an update comes into the IDM system saying that this user has been granted this access. One Identity Manager is the central book of records or identities and their access levels. 

One Identity Manager has improved our overall user experience by automating processes related to password rests, access requests, and provisioning. This has reduced the number of tickets and help desk calls. It has also decreased the time new employees take to start working. Their laptops and applications are ready to use when they sit at their desks on their first day. We have designed the process so they can spend one or two hours setting things up and starting work. 

The solution streamlines application access decisions, compliance, and auditing.  One Identity has improved the access request process. It's quicker, and we only need to check the identity management system if there are any issues. The users can go into the system to request roles and see if they've been approved. If they're missing something or don't know what to request, they can look it up in the catalog. It's more user-friendly and based on self-service, so the help desk doesn't need to handle all these requests. Everything is centralized, allowing us to pull all the information we need for regulatory audits quickly. 

One Identity's user interface is excellent. It has a timeline view that shows when a user received access and when access was removed. This provides a solid overview of all the users' activities since they were onboarded. 

Another visualization tool not in the main UI shows the identity in the center and links to the target applications. You can drill down and see the details for those target systems. That is very helpful for us to look up something related to a user quickly. 

We use One Identity to manage SAP. We did a lot of customization, integrating the GSA components of SAP. We brought in all those rules, and it wasn't straightforward, but One Identity has some additional support and capabilities for SAP that helped us a bit. We brought all those GSA-related activities in through process changes and some customization. 

One Identity is good at automated user provisioning and de-provisioning. The system processes things quickly. We had an issue where we mistakenly disabled nearly 4,000 Active Directory accounts due to a developer error. We had to get those accounts back up again and were pushing the records to AD to make the changes. It was running a bit slowly, but we have a cloud setup, so we bumped the resources, and it handled that load quickly.

The compliance reports are good, and custom reports can be easily generated. One Identity provides separate built-in user roles for auditors, compliance officers, and others. The SOC exemption process and associated reporting are excellent. 

It's critical that One Identity extends identity governance to cloud apps because most organizations are hybrid. The cloud is maturing and becoming more affordable. More organizations are shifting from legacy Oracle EBS systems to Microsoft 365 or Salesforce. All these vendors have also picked up cloud offerings and offer them as a managed service or complete service, where we don't have to worry about anything.

The interface could be more customizable and developer-friendly. There's a different tool for everything in Identity Manager, so it would help if they could consolidate everything into one or two tools. A developer needs to use three or four tools to do various things, so we need to log in to multiple tools when we make changes. It's a pain if we want to do something quickly, and it's harder for new developers because they have to remember which tool they need for a task. It would shorten the learning curve.

I've worked with two versions of One Identity. The earlier version was heavy on customization. We had mastered that because we were doing customizations. We knew how to change things and had our own SOPs, documentation, etc. In the last year, One Identity changed its UI. That involved a lot of code that is invisible to us, minimizing the amount of customizations we can do. To do some minimal customization, we had to try different things and almost break our dev environment. Once, we had to reset it using the backup because it was not coming up because of all the changes we did. Also, there is no clear documentation

According to feedback from my users, the user experience is more of a mixed bag. Many of my users had problems with the password reset portal. It asks for a CAPTCHA code before they can log in. It's a standard feature, but how the CAPTCHA is displayed isn't user-friendly. People did not like it. We tried to customize and change that as well but had limited options. Aside from that, the normal UI is good, and we have not had much pushback.

While the export and import feature is handy for minimizing gaps in governance coverage, we still need to use separate products like GitHub and other similar tools to maintain consistency between environments. There is nothing built-in to help us maintain configurations across environments. If they come up with something where I can quickly compare both my environments and see the differences, that'll be great.

Identity Manager is good at managing identities, but I don't think it suits privileged accounts. IAM is split into three subdomains: IGA, access management, and PAM. One Identity is sufficient for IGA but cannot handle the others. 

The compliance reporting could be improved. One of the key requirements of SOC or any other audit is a snapshot of the system's configuration. The audit requires you to certify that the queries for generating the report have not been changed and that the configuration is the same as it was the day before the audit.  

We take screenshots with the timestamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity stores the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do.

I have worked on it for around two years.

I rate One Identity Manager nine out of 10 for stability.

I rate One Identity Manager seven out of 10 for scalability because the scaling process isn't smooth.

I rate One Identity support eight out of 10. We worked closely with the One Identity team, and they assigned us a dedicated support manager. It has been a positive experience. They quickly resolve issues and help us execute projects faster. 

Positive

I work as a solution architect, so I've used lots of tools, including the Oracle toolset, NetIQ, and Sailpoint. One Identity is better than Oracle, which has lost market share. Oracle is resource-intensive. You need 16 GB to install the base. Initially, that tool was good, but it became a mess. Oracle is no match for Identity Manager. NetIQ is a lightweight tool suitable for small organizations, but it cannot process things the way Identity Manager can. 

Microsoft tools lack One Identity's IGA capabilities, but I would say SailPoint is better because of the number of connectors it has. It's also far easier to operate. Sailpoint's tools are all in one place, and it's more developer-friendly. It's a complete SaaS tool along the same lines as One Identity Manager. We don't have to buy professional services to do anything out of the box, even if it is a minor customization. 

One Identity was deployed on the cloud and offered to the customer as a service. On average, it takes three or four months to install One Identity and integrate it with key systems like Active Directory and HR solutions. That includes the time needed to gather requirements and implement them. For the timeline I mentioned, the standard deployment team size is around five to six people. 

I don't remember the numbers, but we did realize an ROI of about 10 to 15 percent. 

One Identity is cost-efficient from a licensing perspective. However, one drawback is that it's expensive on the hardware side for the customer to set up. One Identity's professional services team recommends various components. They lose some of the cost advantage because the hardware is expensive and requires maintenance. 

I rate One Identity Manager eight out of 10. 

I use One Identity Manager for all the IAM capabilities in my day-to-day use cases, such as Identity and Access Management.

When initially implemented, One Identity Manager comes with basic modules, but additional ones can be added to encompass data governance, complaints, audits, and more within a single platform. Many organizations limit its use to identity and access management processes, but its potential extends far beyond this, offering broader application and management opportunities. Ultimately, the system's effectiveness depends on how it is managed and implemented within an organization.

From a non-technical perspective, there isn't much customization we could do on the portal apart from seeing whatever our IT admins have given us access to. However, One Identity Manager can be customized heavily on the back end. Customizations are easy because they have a lot of documentation. They have provided extensive documentation. But at times, following the documentation can be a bit difficult. It can help you. For example, if we know the product, we can easily manage everything.

One Identity Manager maps out company structure through its business role feature, which offers dynamic role-sensing capabilities. Unlike other tools, it allows for assigning approvers and managers to business roles, effectively managing multiple access modules under a single umbrella. This functionality is useful for achieving least privileged and role-based access metrics, making it a valuable asset in various use cases.

We have some integration with cloud apps, and One Identity Manager recently introduced Starling Connect, offering several out-of-the-box features. However, current functionalities are limited, so significant customization might require exploring additional API endpoints. The available attributes and tools are sufficient for basic cloud management tasks.

The benefits of implementing One Identity Manager would be immediate as its out-of-the-box configurations can be enabled right away. However, realizing these benefits might take longer if the enterprise requires end-user customizations. In essence, the speed of reaping the advantages depends on whether we utilize the tool's standard features or need to tailor it to specific organizational needs.

One Identity Manager effectively reduces governance coverage gaps across production servers by offering a comprehensive suite of governance-related capabilities. Its built-in transporter tool facilitates seamless migration of changes between environments, eliminating the need for manual configuration or reliance on third-party solutions. Unlike other tools that may require custom integrations or external dependencies, One Identity Manager provides a complete, out-of-the-box solution for managing environment transitions.

One Identity Manager can help establish a privileged governance framework to bridge the security gap between privileged and standard users. The specific capabilities depend on the enabled modules. The privileged access governance module offers advanced features like risk indexing and out-of-the-box support for identifying high-risk identities based on configurable rules or violations. Even without this module, the platform provides customization options for managing privileged users and includes basic risk assessment functionalities.

One Identity Manager can assist in consolidating procurement and licensing, but the extent of its capabilities depends on the target system being managed. While it offers licensing management features for SAP systems, including the ability to fill in gaps, managing licensing for other products requires customizations utilizing Active Directory or Azure Active Directory groups. In these cases, the process differs from the integrated licensing management available for SAP within the One Identity Manager platform.

One Identity Manager simplifies application access decisions by consolidating all entitlements for any integrated system into a single product within the IT department. This unified platform enables efficient access requests, approvals, and multi-level approval workflows, with customization options to manage application entitlements according to specific needs. Additionally, the system's rules can merge multiple access entitlements into a single request, which can be submitted through the front-end portal.

One Identity Manager's ability to streamline application compliance varies depending on the integrated application. Out-of-the-box applications offer built-in compliance capabilities, but third-party tools or custom solutions may be required for those without pre-built connectors. However, compliance functionalities are available for all out-of-the-box target systems.

While One Identity Manager cannot perform a full application audit, it can assess access entitlements and identities within the application.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. With appropriate permissions, these managers can establish business roles, assign applications and items, and create corresponding system roles accessible to other organizational users. While this capability exists, most organizations avoid this approach due to the potential for invalidating business roles without proper verification.

Achieving a zero-trust model with One Identity Manager is feasible but heavily reliant on the policies configured within the system. We can effectively establish a zero-trust environment with carefully crafted policies and conditions. However, limiting the tool's use to provisioning, de-provisioning, and data manipulation processes restricts its potential. By fully exploring and leveraging One Identity Manager's capabilities, we can significantly enhance our ability to implement a robust zero-trust model.

From a technical perspective, One Identity Manager's greatest strength lies in its extensive customization options. The platform offers a wealth of functionalities and flexibility, allowing us to tailor solutions to meet our organization's specific needs without limitations. This unparalleled adaptability is One Identity Manager's most significant advantage.

The end-user interface is intuitive and easy to navigate, making finding information within the portal simple. However, extensive customization can complicate management. From a technical standpoint, the backend is more complex due to managing multiple client tools for various One Identity Manager modules. While these tools interact, their number can overwhelm new users, hindering their ability to effectively understand and utilize the system. The front end is user-friendly, but the back end presents significant challenges.

One Identity Manager is a complex tool with multiple components and a convoluted backend. Its various clients for managing different tasks can confuse IT and non-IT users. Simplifying the tool and streamlining processes would be beneficial. Additionally, while the out-of-the-box connectors are helpful, incomplete support for certain objects hinders efficiency. Providing full support for all objects would enhance the tool's usability.

I have been using One Identity Manager for almost four years.

We haven't encountered significant stability issues. If we follow the provided documentation, we should not experience multiple problems, and a clean environment is crucial for proper configuration. However, mismanagement of processes or queues can lead to crashes. Ultimately, system stability depends on environment management, deployment, and configuration within the system.

It is highly scalable, supporting both vertical and horizontal scaling. Deployment on orchestration platforms like Kubernetes simplifies management, especially with the right team and capabilities. Kubernetes environments offer significantly easier scaling compared to other solutions.

I have experience with Microsoft Identity Manager, Entra ID, and SailPoint Identity Security Cloud. While Microsoft Entra ID and SailPoint are relatively straightforward to manage with uncomplicated backends and easy-to-implement features, One Identity Manager is more complex. Due to its multifaceted functionalities, new users or organizations lacking a deep product understanding might need to reinstall the entire application to enable specific modules. Consequently, many only utilize its basic features instead of fully exploiting its capabilities. In contrast, SailPoint and Microsoft Identity Manager offer simpler installations and SailPoint offers broader compatibility beyond Windows, making it more adaptable to different environments than One Identity Manager.

Product knowledge significantly simplifies One Identity Manager deployment. However, the extensive documentation can pose challenges for newcomers unfamiliar with the product. Unlike concise, step-by-step guides, the current documentation requires navigating a complex structure, potentially leading to confusion. Implementing prerequisite checks and other validations will be necessary to successfully deploy the system, making it a demanding task for those new to One Identity Manager.

In addition to licensing fees, we may incur costs for professional services if product issues or implementation errors arise beyond our control. While a community exists, support can still be challenging. Furthermore, the product is relatively expensive compared to alternatives. Certification costs are also notably higher, requiring mandatory five to six-day training sessions and exams only offered to groups of 15 to 20 people. This contrasts with other products, such as SailPoint, which offer standalone exams for certification seekers.

I would rate One Identity Manager eight out of ten.

Due to its heavy customization, One Identity Manager requires ongoing maintenance, which necessitates a dedicated resource for complete system upkeep. Moreover, significant data inconsistencies within integrated systems can render data management within One Identity Manager a demanding task. Consequently, maintenance is not solely product-specific but primarily data—and process-dependent.

Its main purpose is identity management. It is an IGA tool. The organization where I am currently working is mainly using One Identity Manager for identity management and access control. We are also using it for various types of provisioning such as Azure AD, Exchange Online, or SAP account creations. When we talk about identity management, we also consider the various access recertifications. All those are being carried out as part of One Identity Manager.

It streamlines operations. Whatever you put in from an identity management perspective, access governance perspective, compliance perspective, or application perspective gets very easily streamlined. You can easily integrate multiple applications because it provides the inbuilt features or the default connectors. You do not have to know how cloud applications or other applications work. One Identity is doing everything. They provide custom connectors. You just get the details of a cloud application and then connect. One Identity by default will manage the things for you. They have inbuilt features, so you just have to study and implement them. In my last organization where I implemented One Identity, we integrated almost 12 SAP applications. It was easy. Once you define the framework, then implementation is very easy. Implementing multiple applications, managing users, and the entire JML lifecycle is streamlined.

We use One Identity Manager to help manage SAP. One Identity provides a connector for SAP. From an enterprise solution perspective, it can be implemented very safely. I have done multiple SAP implementations with One Identity. It provides all the inbuilt functions and everything related to SAP. It is a very good tool to implement SAP for an enterprise. If an employee has multiple SAP accounts or multiple SAP systems, One Identity provides a singular feature where you can have all the SAP accounts listed under an employee. From a management perspective, it can be easily managed. It is very good. It provides a unified view of all the accounts and various systems of SAP. Everything such as the SAP rules, groups, profiles, and access policies can be managed via One Identity, but I am not sure if workflows can also be managed.

One Identity is a complete and wholesome tool for managing any enterprise application. It provides a unified platform to manage everything. When you implement One Identity, you have all the features needed within an enterprise to manage various applications, such as SAP, Active Directory, Exchange Online, etc. From an enterprise perspective, it is wholesome and unified, and it supports everything. It supports the SaaS features, PaaS features, and cloud features.

We use business roles to map company structures for dynamic application provisioning. Normally, when any employee gets onboarded, they need access to certain company resources. You can assign any company resources to any business role, and you can assign that business role to an employee. That employee automatically gets access to the company resources. It is an important feature, and most organizations use the business roles part very frequently.

We are able to extend governance to cloud apps by using One Identity Manager.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. For the test environment and the production environment, you have a streamlined approach. The process of transporting from dev to production with One Identity is very smooth. It also provides a transporter tool or feature. You can just pull out the production configurations and put them in a lower environment. It just makes it as similar as production. In that way, the difference in the environments can be minimized. The configurations can be made similar. You do not have to pull the relevant production data. You cannot put it in a lower environment. From this perspective, it streamlines the environment and fills the gap.

It streamlines the application access decisions, application compliance, and application auditing aspects of application governance. It provides various compliance-related features and auditing features. They are inbuilt and very helpful for compliance and audits.

It provides various views. Employees have their own portal for requesting roles or accessing their profiles to see what type of access they have. Similarly, owners have a unified view within the portal for multiple roles, groups, or any resources. They have separate views. They can easily manage things. The views are well segregated within One Identity. There is the product owner's view, the manager's view, the employee's view, and the system administrator's view. There is also the business role owner's view and the call center's owner's view. Everything is well segregated.

There are various tools available in the market. The best part of One Identity Manager is that it provides wholesome features. Most of the things required for identity management are given out of the box in One Identity Manager. You can just define your use cases, take this tool, and right away implement the solution. The default features and the default setup are already embedded or built into One Identity Manager. That is what provides One Identity Manager an advantage over other tools where we have to customize things, whereas, in One Identity Manager, most of the things can be done out of the box. On top of that, if something needs to be customized, that can also be done in One Identity Manager. The inbuilt functions or features that One Identity Manager provides for identity management are very good.

I have been working on it for the last six years. It is very good from the user experience perspective.

Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work. This is the only thing. There are some gaps in that, but One Identity is trying to bridge those gaps.

I have been working with One Identity Manager since 2018. It has been around six years.

It is a very stable tool. There is about 80% stability.

It is scalable. I would rate it a ten out of ten in terms of scalability.

In my project, we have around 23 people using it.

We just take the normal support whenever we have any issues. For the premium support, you have to pay a lot.

The support from One Identity is very good. Whenever you reach out to them, they help you out. If you have a license, they have a technical support team. They also have a professional services team if you need any professional support. From the customer service perspective, they are pretty good. You can reach out to them anytime. That is a very flexible option they have.

In terms of documentation, they have everything. They have all the technical documentation and all the details. They also have a user forum where you can post your queries. It is a global forum where experts reply within an hour or two, which is very good. You can reach out to these experts, and they will help you out. The user experience is very good with One Identity.

Positive

In the current organization, we have had One Identity from the very beginning, but I have worked with other products. One Identity is far better than them. Pricing-wise, One Identity is more costly than others, but in terms of features, One Identity provides many features by default. It was not available in other tools. We have to do everything from scratch, whereas you do not have to do that in One Identity.

It is deployed on the cloud. If you want to install One Identity from the very beginning for the cloud application, it will hardly take three months. It can also be done before that. For a huge client, it takes time. For a small client, it can be implemented within two months.

It does require maintenance. From time to time, they have upgrades. They have long-term releases year after year, so it has to be updated. Sometimes, they do a cumulative update to fix many issues.

For upgrades, I am the only one, but when it comes to implementation, we have multiple teams. We have four to five members actively working, and then there are supporting resources.

It has saved us about 30% of the time.

It is fairly priced because they provide all the features by default. That is why they charge a bit more than other vendors. I am not sure about the exact cost part, but One Identity is a little bit more expensive than IBM and other tools.

I would definitely recommend implementing One Identity, but you have to understand how One Identity works and how it has been developed. You will be able to easily implement it then.

One Identity is a unified solution, and most of the features are inbuilt. Before you make any customizations, you need to understand how One Identity works. That is a critical bit. Normally, developers have a development mindset. They do not think from the framework perspective, but One Identity has been implemented from a framework perspective. They have designed this solution keeping in mind the needs of enterprises and how enterprises manage their accounts, employees, and applications. You should look at it from the framework perspective and not the customization perspective. However, even if you have to make any customization, it is very easy. You just have to learn .Net and MS SQL. If you understand how One Identity works, implementation and customization are very easy.

Overall, I would rate One Identity Manager an eight out of ten.