Like any other identity manager product, the best use cases for One Identity Manager are where you need to use a lot of business logic, and you'll have to configure the processes the way the business wants. In my opinion, One Identity Manager is the best product for business logic and administration. The solution is pretty scalable and can be used in finance, health care, and higher education. One Identity Manager would help if you have an SAP in your environment. It's a top product related to active directory and integration.
Founder at a consultancy with 1-10 employees
An incredibly powerful and scalable product that can be used for business logic and administration
Pros and Cons
- "The most valuable feature of One Identity Manager is its object-oriented architecture."
- "The solution should come up with a lighter version so people can buy different versions."
What is our primary use case?
What is most valuable?
The most valuable feature of One Identity Manager is its object-oriented architecture. According to this architecture, every element written inside of the system is an object and can be granularly given to someone. The solution's control is amazing. Another great feature of One Identity Manager is its ability to delegate responsibilities to different types of people through granulated access.
What needs improvement?
One Identity Manager is an incredibly powerful product, but sometimes people need something simpler. The solution should come up with a lighter version so people can buy different versions. I want to see more analytics and not just analytics in terms of reports but actionable analytics.
For how long have I used the solution?
I have been using One Identity Manager for about 14 years.
Buyer's Guide
One Identity Manager
December 2024
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
How are customer service and support?
One Identity Manager's technical support is pretty good.
How would you rate customer service and support?
Positive
What other advice do I have?
One Identity Manager is the best product in the market.
We are implementing OneLogin right now.
Overall, I rate One Identity Manager ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Identity Management Consultant at a computer software company with 5,001-10,000 employees
It is user-friendly, provides user roles, and helps simplify application auditing
Pros and Cons
- "One Identity Manager's most valuable asset is the ability to customize its front-end website."
- "The One Identity Manager documentation could be improved."
What is our primary use case?
We use One Identity Manager to synchronize SAP inbound and outbound Exchange data. More generally, we aim to synchronize data between target systems, such as those used in banking or other companies, and One Identity Manager.
How has it helped my organization?
One Identity Manager includes a default SAP connector that we utilize. Its simplicity is evident in connecting to SAP sites through a straightforward click or by completing a connection filtering form. We can easily establish mapping and workflow for SAP sites, making it a streamlined process. While exceptions may exist for specific customers, we can accommodate their needs by customizing workflow mappings based on their requests. Overall, the SAP connector provided by One Identity Manager is remarkably user-friendly and accessible to all, in my opinion.
We've used the web designer module, but it won't be available next year. One Identity has transitioned from web designer to Angular web development, offering complete freedom to create custom web pages and websites. While Angular requires JavaScript knowledge, it provides unrestricted development capabilities, unlike the complex web designer module. New employees struggled with learning web design, but Angular's accessibility empowers developers to modify everything within the One Identity website and backend, including database interactions and custom code development. This flexibility makes One Identity Manager a powerful tool for connecting various systems and databases.
Business roles are crucial for our customers because they are an essential identity management tool. Without them, we'd need to manually authorize every employee and group. However, Business roles allow us to create and assign business roles automatically. This is vital for our customers as we develop best practices for business workflows. A key component is creating business websites, for which we establish job descriptions and roles. Subsequently, we automate role assignments based on organization or title, which significantly streamlines our processes.
One Identity Manager is user-friendly for the end user.
One Identity Manager significantly simplifies application auditing. The auditing site we use extensively is one of its most valuable features. One Identity Manager is remarkably effective for auditing because it empowers us to create and deliver new attestation or compliance tools. We can generate all these audits through both the website and Manager modules. The audit screen on the website is exceptionally user-friendly. Customers consistently praise the audit feature, and we have received no complaints about the auditing site. We are highly satisfied with using the audit site for One Identity Manager.
What is most valuable?
One Identity Manager's most valuable asset is the ability to customize its front-end website.
What needs improvement?
The One Identity Manager documentation could be improved. Despite using the solution for six years, I encounter difficulties understanding certain features due to unclear explanations in the documentation. Additionally, while the One Identity Manager community has the potential to be a valuable resource, the community site does not effectively assist all users.
The report site could be improved because while One Identity Manager offers around forty default reports, our customers find them insufficient for their needs. Consequently, we must create custom reports to meet their specific requirements. Although building custom reports within One Identity Manager is straightforward, enhancing the existing default reports would greatly benefit our users.
For how long have I used the solution?
I have been using One Identity Manager for six years.
What do I think about the stability of the solution?
I would rate the stability of One Identity Manager nine out of ten. While all software products are prone to errors or bugs, I have encountered none, specifically in version nine. Compared to previous versions like eight and seven, which did experience issues that required resolution, version nine represents a significant improvement in stability and reliability, making it the best version of One Identity Manager thus far.
What do I think about the scalability of the solution?
One Identity Manager is well-suited for large-scale environments, making it an ideal solution for enterprise clients.
How are customer service and support?
We use Premier Support from One Identity Manager. They respond quickly to our tickets, and our customers are extremely happy with the support.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment is straightforward and takes a week to complete.
What's my experience with pricing, setup cost, and licensing?
Prices in Turkey are high due to inflation, a challenge we've heard about from our customers. We understand that European consumers may have different expectations, but we must reduce the pricing to attract customers.
What other advice do I have?
I would rate One Identity Manager nine out of ten.
Generally, we don't utilize a governance site but instead rely on an identity management site. Initially, our customers define the SAP architecture or structure, outlining user roles that must be created and associated with specific rules. We then establish the SAP site's structure and architecture, focusing on user management before addressing roles. Subsequently, we incorporate the business side to enable dynamic role calculation for users by creating business rules for role management and assigning roles to users.
I highly recommend One Identity Manager to others. Its ability to develop everything within a single platform is incredibly valuable for customers. Many other products or software often encounter challenges or require custom development, but One Identity Manager offers a comprehensive solution. Its simplicity and customization options make it a standout choice. While I haven't used other identity management products extensively, I am familiar with some features of competitors like SailPoint. However, One Identity Manager's flexibility allows for modifications to accommodate specific needs, unlike some out-of-the-box alternatives.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Aug 19, 2024
Flag as inappropriateBuyer's Guide
One Identity Manager
December 2024
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Works at a consultancy with 10,001+ employees
It is a highly adaptable platform that bridges governance gaps and streamlines application access decisions
Pros and Cons
- "One Identity Manager offers a wide range of connectors, allowing it to interface with multiple target systems and perform provisioning and de-provisioning tasks within them."
- "The reporting and auditing functionalities within One Identity Manager could be enhanced, particularly in the reporting area, which would benefit from a wider range of pre-built reports."
What is our primary use case?
I use One Identity Manager to implement an identity governance and administration solution for end users.
How has it helped my organization?
One Identity Manager is a highly adaptable platform capable of integrating both connected and disconnected target systems through connectors and APIs. Its extensive customization options allow it to accommodate a wide range of customer use cases. Additionally, the tool can be scaled to support a large user base and effectively handles role provisioning, joiners, movers, and leavers automation. With its rich feature set and out-of-the-box functionality, One Identity Manager is a powerful solution.
Previously, our user interface relied on a legacy web portal built with VB.NET technology, which suffered from slow loading times. However, One Identity has significantly enhanced the user experience by upgrading to Angular technology for the web portal. This transition has resulted in a much more interactive interface and greatly improved response times. The codebase is entirely based on Angular, which we can leverage to create custom components and enhance the web portal with a more interactive user experience.
We leverage business roles to assign default access permissions. New employees automatically receive specific role-based access upon joining the company. This process is facilitated through the implementation of business roles. We can easily accommodate diverse user types using these roles. For example, a new sales employee can be assigned a corresponding business role. We can create hundreds of business roles to match different departments. Additionally, we can schedule when these business roles are executed, allowing for system operation flexibility. However, it's important to note that frequent scheduling can significantly impact overall system performance and efficiency.
We have integrated EntraID with One Identity Manager for application onboarding. Since authentication can be provided through EntraID, extending governance to cloud applications is necessary. Therefore, all cloud-based applications that are not connected to on-premises systems require integration with EntraID. Failure to integrate will result in authentication errors and prevent user logins. Consequently, EntraID is mandatory for all cloud-deployed applications.
When we deploy the portal, most projects involve migrating from other IGA solutions to our new platform. Initially, users may take time to familiarize themselves with the portal's web interface, but its navigation is intuitive. We provide extensive documentation on accessing the portal, its features, and how to submit requests, along with customer support. While there may be a brief learning curve, the user-friendly design should minimize difficulties.
One Identity Manager helps bridge governance gaps between test, development, and production servers. Development is migrated to a test environment for testing before approval and subsequent migration to production. One Identity Manager is installed on all three environments, each with its own database to facilitate this. Changes are developed in the development environment, packaged, and moved to the test environment for testing. Approved changes are then migrated to production. Maintaining identical One Identity Manager versions across all three environments is crucial to ensure successful package migration, as packages from one version are incompatible with others.
One Identity Manager allows us to establish a privileged governance framework to bridge the security gap between privileged and standard users. Our system defines roles with specific permissions, enabling us to display additional information to users with privileged roles while restricting access to this information for standard users. Our defined roles and permissions make this granular control possible.
We have an approval workflow and policy to streamline application access decisions. Obtaining a specific role must undergo an approval process, and only designated individuals can grant permission. This workflow ensures that role assignments are controlled and efficient, preventing unauthorized access.
What is most valuable?
One Identity Manager offers a wide range of connectors, allowing it to interface with multiple target systems and perform provisioning and de-provisioning tasks within them. This extensive connector library, available out-of-the-box, is one of its most valuable features.
What needs improvement?
One Identity Manager is a comprehensive but complex solution. Even for developers, gaining a deep understanding and implementing customizations would require significant effort. It is a challenging product to both implement and comprehend.
The reporting and auditing functionalities within One Identity Manager could be enhanced, particularly in the reporting area, which would benefit from a wider range of pre-built reports.
For how long have I used the solution?
I have been using One Identity Manager for three years.
How are customer service and support?
Technical support is helpful whenever we need troubleshooting services.
How would you rate customer service and support?
Positive
How was the initial setup?
The complex deployment took approximately seven months and involved a team of business analysts, a technical architect, and developers.
What about the implementation team?
We implement One Identity Manager for our customers.
What other advice do I have?
I would rate One Identity Manager eight out of ten.
We are a service provider, and we provide the license to our customers.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Aug 11, 2024
Flag as inappropriateTechnical Consultant at a tech services company with 51-200 employees
Helped minimize governance gaps which significantly streamlined our operations
Pros and Cons
- "The most valuable features are centralized Identity Management, robust Access Governance, and One Identity Manager workflow automation."
- "Improvements in documentation would be beneficial."
What is our primary use case?
My clients use One Identity Manager to streamline and enhance their identity and access management processes. Whether it is a university simplifying student onboarding, or a global corporation managing employees across multiple branches worldwide, One Identity Manager helps them efficiently onboard, move within the organization, and offboard individuals.
How has it helped my organization?
One Identity has transformed our organization, particularly in streamlining the join, move, and leave processes. It has shifted these from being manual or non-existent to around 80% automation, making a significant and beneficial impact. Clients, especially in large enterprises, have experienced drastic improvements with One Identity.
One Identity Manager has helped minimize governance gaps, particularly in the transition from test to development and production servers. This has significantly streamlined our operations and simplified the delivery of functionality for our customers who utilize One Identity Manager.
One Identity Manager has helped establish a privileged user governance stance, particularly in recommending regular reviews or rotations of privileged accounts. This approach is not only for privileged accounts but also for general usage analysis, ensuring unused accounts are closed, and optimizing licensing. Overall, it contributes to a more robust IT governance framework.
One Identity Manager helps consolidate procurement and licensing processes effectively.
What is most valuable?
The most valuable features are centralized Identity Management, robust Access Governance, and One Identity Manager workflow automation, simplifying user management and compliance.
What needs improvement?
In terms of improvement, the web portal for end-users in One Identity Manager has improved but could still see enhancements. The training for admins is crucial, and once you gather the knowledge, it becomes fairly easy. However, documentation could be better, especially for new features. It currently doesn't cover everything comprehensively, making it challenging to navigate some aspects. Improvements in documentation would be beneficial.
For how long have I used the solution?
I have been working with One Identity Manager for four years.
What do I think about the stability of the solution?
It is quite a stable product. I would rate the stability as a nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of the product as an eight out of ten.
How are customer service and support?
As a partner, we have access to a higher level of support, either gold or platinum. The support experience is generally good, and I would rate it around an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Compared to Microsoft, One Identity Manager provides more granular and customizable solutions, and although it can be used for managing cloud applications and user directories, it's primarily made for managing on premise tenents. The downside of OneIM is the documentation and training.
How was the initial setup?
The initial deployment of One Identity Manager can be straightforward with the right tools and knowledge, especially if using specific deployment tools. It typically takes around two working days for a basic installation. The solution requires maintenance mainly in the form of periodic upgrades to stay current. Other than upgrades, regular day-to-day maintenance is minimal, focusing on ensuring the application is up and running.
What about the implementation team?
We are consultancy specialising on OneIM implementation. We are experts.
What was our ROI?
When properly planned and executed, it should be pretty decent ROI
What's my experience with pricing, setup cost, and licensing?
One Identity Manager is fairly priced, especially for large corporations or enterprises.
What other advice do I have?
We use One Identity Manager for SAP integration, but it has some limitations. Managing logically disconnected SAP accounts can be challenging, and the solution feels somewhat incomplete. As a consultant, there is often a need for additional customization to address the intricacies of SAP integration within the broader One Identity Manager framework.
One Identity Manager connects to SAP accounts for identity governance. However, it is not the primary feature our clients emphasize. While useful, it is not the main driver for most organizations adopting One Identity Manager.
One Identity Manager provides Identity Governance and Administration for challenging aspects of SAP, including key codes, profiles, and rules. In a broader sense, it addresses these complexities within the SAP environment.
One Identity Manager is a solid choice for enterprise-level administration and governance. It effectively handles users, data, and accounts. While not perfect for privileged accounts, its integration with a complementary solution makes it a sophisticated option in the on-premise IGA landscape.
The user experience of One Identity Manager is unique, but it is not straightforward for an outsider. It requires some learning, and the navigation can be challenging without guidance. Overall, it is a complex system that benefits from the expertise of consultancies like ours.
Customizing One Identity Manager depends on your expertise. For experienced users, it is straightforward, but for beginners, especially in the first year, it often requires consulting with senior experts. Customization can be simplified with the right knowledge.
I use the solution's business roles to map the company structure for dynamic application provisioning. The business role functionality is crucial for us and our clients.
We use One Identity Manager to extend governance to cloud apps. It is essential, and I would rate its importance around seven on a scale of one to ten. Many customers, including us, find it valuable even if they don't plan to move entirely to cloud servers.
One Identity Manager helps streamline aspects of application governance, particularly in making application access decisions. The effectiveness largely depends on the implementation by the consultancy. If done correctly, it can greatly enhance application governance.
One Identity Manager has enabled application owners and business managers to make governance decisions without involving IT. If implemented correctly, there is minimal to zero IT involvement, allowing them to approve applications, manage access, and handle licenses directly through the One Identity Manager web UI. This aligns well with achieving an identity-centric zero-trust model.
I would recommend One Identity Manager, especially for large enterprises. However, it is crucial to consult with the customer first to ensure it aligns with their specific needs and requirements. Performing a proof of concept could be beneficial to validate its suitability for their environment. Overall, I would rate the product as an eight out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Senior Business Analyst at Nordea Bank Denmark
It's user-friendly and easy to customize, but the user interface could be improved
Pros and Cons
- "One Identity Manager is user-friendly and easy to customize. One Identity's business roles enable me to map company structures for dynamic application provisioning, which is fairly important."
- "The user interface needs to improve."
What is our primary use case?
We provide IT services for several European clients, so their individual use cases vary. For example, one is a research center in Sweden.
How has it helped my organization?
One Identity Manager helps minimize gaps in governance coverage. The privilege governance feature enables us to close the security gap between privileged users and standard users, positively affecting our overall operations.
What is most valuable?
One Identity Manager is user-friendly and easy to customize. One Identity's business roles enable me to map company structures for dynamic application provisioning, which is fairly important.
What needs improvement?
The user interface needs to improve.
For how long have I used the solution?
I have used One Identity Manager for about five years.
How are customer service and support?
I rate One Identity technical support six out of 10.
How would you rate customer service and support?
Neutral
What other advice do I have?
I rate One Identity Manager seven out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
IIMB expert at a tech services company with 1,001-5,000 employees
Helps create a unified platform, is flexible, and offers numerous connectors
Pros and Cons
- "One Identity Manager is flexible and offers numerous connectors that enable us to serve as the core component of the system, as well as to construct our own connectors using the API."
- "One Identity Manager can be made more user-friendly for end users."
What is our primary use case?
We utilize One Identity Manager to oversee all the identities within the company, and we are constructing workflows to enable self-service keys for compliance and access matters.
How has it helped my organization?
One Identity Manager is the optimal solution for creating a unified platform for enterprise-level user administration and governance.
One Identity Manager provides a unified platform for managing both data and privileged accounts. We receive alerts for privileged access and, based on specific criteria, we can determine whether the request is for an end-user account or a privileged account, and apply the appropriate permissions seamlessly.
The user experience and interactivity of One Identity Manager are straightforward for non-IT individuals to utilize.
Customizing One Identity Manager is easy to do.
The business roles of the solution that maps company structures for dynamic application provisioning are important because they help our organization fulfill the needs of any employee automatically, based on the structure. This provides users with immediate access, eliminating the need for human intervention.
The ability of One Identity Manager to extend governance to cloud applications is of great importance because cloud applications have become a new tool in our society. Whether we use private or public clouds, every company will eventually have to transition to the cloud. Therefore, it is crucial to be able to manage all our access within a single platform, which is the best approach. Hence, we obviously require a platform that can connect to the cloud and also handle compromised applications, making it transparent for business use.
One Identity Manager's ability to automate tasks that previously required human intervention has benefited our organization by freeing up the time of our IT department to concentrate on other tasks.
The solution helps us minimize gaps in governance coverage among test, development, and production servers because we can provide access through any environment within the system, freeing up time for our business.
The solution has helped us create a privileged governance stance to close the security gap between privileged users and standard users. We can now view all the accesses from a single interface, which enables us to be proactive in our compliance efforts. Without One Identity Manager, we would have to depend on multiple tools and reports, which can sometimes be delayed. By utilizing One Identity Manager, we can establish preventive rules to avoid any SOC problems or on-the-fly access. While certain access can be granted without risk, it is crucial to have a clear overview, of which One Identity Manager provides.
One Identity Manager helps streamline application access decisions for both permissions and licenses. Using a web designer, we have designed routines that allow us to create disclaimers or automated questions. Based on the user's responses, we can propose either a free license or a pro license, depending on the specific case. Additionally, we have implemented routines to uninstall and deactivate licenses when they are not in use. However, this is always a challenging task because we want to ensure that users do not waste time if they need the software again. The fact that we can easily request any application through an automated process is advantageous. Furthermore, canceling a license does not significantly impact the business since it can be reinstated within minutes if needed again after a few months of not being used.
Streamlining application compliance and application auditing is essential. The single pane of glass visibility helps us maintain compliance, and for application auditing, we can utilize all the reports provided by the IT team. Additionally, we can conduct our own audit reviews and collect evidence to ensure that the process is followed without relying solely on the IT team. This approach aligns with our automation mindset, which we aim to introduce.
One Identity Manager facilitates application owners or line of business managers in making application governance decisions without involving IT. We can provide them with a view where they can see the individuals who have worked on it, the process of their request, and the validating authority, all without needing to inquire from the site.
One Identity Manager has assisted us in achieving an identity-centric zero-trust model through the implementation of various processes.
What is most valuable?
One Identity Manager is flexible and offers numerous connectors that enable us to serve as the core component of the system, as well as to construct our own connectors using the API.
What needs improvement?
One Identity Manager can be made more user-friendly for end users. Out of the box, it can be difficult to navigate through the drop-down menu, especially when it comes to accessing the subcategories.
For how long have I used the solution?
I have been using One Identity Manager for four years: two years as an integrator and two years as a user.
What do I think about the stability of the solution?
One Identity Manager is stable.
What do I think about the scalability of the solution?
I give the scalability of One Identity Manager a ten out of ten. We are able to scale no matter what. It's completely compatible with the S5 and can achieve load balancing on web servers. It can be integrated into a single database or a cluster for scalability. I can confidently say that if my company were to triple in size tomorrow, it could handle that. I don't have to install what I don't see. I just need to make some improvements to the database and convert it into a web server that will be accessible to users.
How are customer service and support?
If we experience a major incident in production, we can expect to receive a response within one hour. We find solace in knowing that any significant problems will be promptly addressed.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We had previously worked with Evidian Identity Governance and Administration, among others, but none of them provided all the features in a single solution, unlike One Identity Manager.
How was the initial setup?
The initial setup is complex. Every identity solution is complex because the most important thing is not really linked to the project. It's linked to the analysis we have made before, and then our solution is not linked to the project. Every time, I think that whenever we have to put the analysis management solution in place, it will be complex because we have to take care of the processes that are already in place and also what is happening in the same tool. We have to consider all the existing processes and challenge them to make them better. Many times, some processes are difficult because we couldn't execute them perfectly with the previous solution. So we have to be able to identify if the process is in place like this because of the previous solution that doesn't handle every aspect easily, or if it needs to be redone. The deployment took one year to complete.
We had two individuals from the integrator and two internal employees dedicated full-time to the deployment.
What about the implementation team?
The implementation was completed by our integration partner who provided us with an excellent expert from their team, even though the solution required additional personnel capable of integrating everything within one year. Overall, the experience was positive.
What other advice do I have?
I give One Identity Manager a nine out of ten. This is a solution I want to work with because it brings satisfaction to our users.
We have a complex environment with over 50 locations, various departments, and multiple companies, each with hundreds of distinct functions.
We have two individuals responsible for maintenance, updates, and access to integrators who can provide assistance if necessary. We have around 5,000 end users.
I recommend that organizations wishing to utilize One Identity Manager should first provide internal training for their employees. This approach will enable them to develop their own understanding of the company and reduce dependence on external integrators.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director, Global Identity and Access Technologies at a financial services firm with 10,001+ employees
Enables us to automate SOX recertification, saving a significant amount of time
Pros and Cons
- "The most valuable features include the automated attestations or recertification... The time that people have to focus on their real jobs and not spend it doing recertifications is huge."
- "[Regarding] their upgrades, we're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing."
What is our primary use case?
One of the key use cases is certifications for SOX applications. Another is centralized onboarding and offboarding. Another use case is the Self Service using the IT Shop, which gives us a repository of entitlements that people can request and then have the approval workflows, and document the approvals for SOX and other regulatory requirements.
The appliances we use for this solution are VMs. We went with that version because we're forced to. We're not allowed to use physical hardware. Our infrastructure group requires us to use VMs.
How has it helped my organization?
The process prior to One Identity was very manual for certification for SOX applications, using Excel spreadsheets etc. We were able to automate that process. Right now we're doing approximately 250,000 automated attestations every quarter. The time it takes to do those is greatly reduced. For example, with our financial system, reviews used to take two-and-a-half months to complete and now we have 90 percent compliance within two days.
When it comes to onboarding and offboarding, prior to our launching of One Identity Manager, users were provisioned disparately across the globe in all of our offices. There was no consistency or structure. We have centralized that and it's based on the HR data for new hires. And more importantly for "leavers" — and that was always an audit point, for not catching the leavers — we have a feed from Oracle as well that promptly disables access on the user's last day of work. That is a key use case.
In terms of integrations, we have a custom connector with our ERP system, JD Edwards. The process to build the connector was lengthy. It took us about six months. It was not easy. But with it in place, we improved the time for doing the recertifications. Once they saw the efficiency of the attestations for that, everyone was wanting to get on board with other apps as well.
What is most valuable?
The most valuable features include the
- automated attestations or recertification
- IT Shop, which reduced calls to the help desk by 60 percent from users not having to contact someone to request access to something. Now, they go to the Self Service portal.
Those two are the biggest wins.
In addition, when it comes to usability and functionality, users are always the most difficult to please. But when we went to version 8, we actually had zero negative feedback. We had people who were praising the UI of the new version. It was very well received. We had no pushback or anything negative that we had to address.
Another huge win is that a lot of our producers and salespeople are constantly on the road, and making them log into a portal for approval was very difficult. Once we implemented the approval feature, those users were extremely happy with it. It saves time and helps the end-users to become productive sooner because they can do the approvals.
What needs improvement?
There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking.
Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.
For how long have I used the solution?
We've been using One Identity Manager since 2013.
What do I think about the stability of the solution?
Once we went to version 8 it became very stable. Version 6 had a lot of issues with performance. But all of those were resolved with the new infrastructure and table structures. We are never down. We are 99.999 up.
What do I think about the scalability of the solution?
One of the reasons we bought One Identity was for scalability because we grow through acquisitions. We have about 40,000 internal users currently, but two years ago we only had 20,000. We knew that we would grow and would have to have something that would grow with us.
How are customer service and technical support?
We have really good support. We tend to deal with one support person in particular, so he knows our environment well. We have a great relationship with their support in general.
Which solution did I use previously and why did I switch?
Avatier was our previous solution. It couldn't scale with us. It was for a company with one domain, but we have about 12 domains and one forest. Even though it sat on a .NET framework, we could not do our own development so we were constantly going back to the vendor for enhancements.
How was the initial setup?
The initial setup was straightforward. It's really easy to install. The out-of-the-box functions really are out-of-the-box. You're not having to do a lot of custom development.
This is our second-generation tool, our first generation being Avatier. With our use cases already defined in that — and that's probably the longest thing that it will take to get done to get across the finish line — we had One Identity up and running within less than three months.
Because we have multiple divisions around the world, we broke up our implementation by region and then by division within those regions. We would launch a division and then leave a week between and then launch the next one so that we always had time in between. That's one of the things that I tell people: Do not do a big-bang launch because it will not be successful. You have to do a rolling launch, in my opinion.
When it came to training, we broke it up into the various populations. We did end-users, we did managers, and we did requesters. We developed that training internally. We did on-demand training modules as well as live training. From an engineering perspective, I did send engineers to One Identity. However, out-of-the-box, it was pretty straightforward. Based on the knowledge transfer from Professional Services, they were able to adequately manage the tool.
What about the implementation team?
For our initial implementation, we used One Identity's Professional Services. Our experience with them was good. They knew the system and they were able to deploy our use cases.
Our migration project with iC Consult happened about two years ago. We were on version 6 and we had just started to undertake a move to version 7 but 8 had come out. We decided to go ahead and jump from 6 to 8. The reason we decided to do so was that that migration took nine months and, while version 7 did not have a UI change, 8 was going to have a UI change and we could not put our users through two upgrades. We had to think about our end-users and jumped straight to 8.
But iC Consult is phenomenal. I recommend them a lot. Many of their consultants and engineers came from the original Volcker Informatiks, which created the tool that we see today. Their employees have fundamental, foundational knowledge of the tool inside and out. They had the scripts, they knew the tables that needed to be restructured, inside and out. It was just an amazing, smooth process. I have colleagues who have fired up to three partners, in trying to get themselves migrated off of 6 to 7, because they were not successful. They are still on 6 and are trying to get funding — because they've thrown away so much money — so they can get iC Consult to come in because iC Consult just knows its stuff around the tool so well.
Our experience with iC Consult was outstanding. They were very involved. During our go-live weekend, Ulli, who is CEO of the Americas now, was pulled onto another project. They felt confident we would get through it without him, but at their own cost they sent another engineer to the US to be here during the migration. They were always very thoughtful around making sure that it would be successful and that we felt confident that the right resources were available.
Because of their knowledge, the iC Consult consultants were able to hit the ground running. So many consulting companies will come in and it takes them a while to get the lay of the land. They've got junior people on the account. We did not have that experience, thank goodness. I had come from a consulting company that was renowned for just not putting the best resources on projects and thus it stumbled and failed. The iC Consult consultants' maturity levels and their knowledge around the tools allowed them to hit the ground running with no issues.
We were completely satisfied. We have used them continuously since then. I have a very lean team — I only have three engineers to handle the global program. So iC Consult will do special projects that we just don't have the time to focus on. They can go off, uninterrupted, and handle those for us.
What was our ROI?
We have seen return on our investment with this solution, especially, as I mentioned, regarding the attestation recertification. The time that people have to focus on their real jobs and not spend it doing recertifications is huge.
Which other solutions did I evaluate?
We had gone into PoC, originally, with Avatier, CA, and Quest. But Volcker had been purchased by Quest soon after. We liked Quest, we liked our salesperson and when the tool began to grow and when we re-org'd and I was allowed to choose a different tool, we decided to do a PoC.
From a cost perspective, One Identity has the biggest bang for the buck. We do not have a large team and I cannot spend a lot on services. I wouldn't even look at the likes of IBM and Oracle because I know how expensive they would be.
What other advice do I have?
It isn't just this product. IAM projects never come in on time or on budget. It's just the nature of the beast. But definitely have your use cases thoroughly defined. If you have those, the configuration will come rather easily.
Even though customization is available, you need to be aware of the dependencies and the other features that may be negatively impacted if you don't do best practices. You want to make sure that you're using best practices and not just configuring something because that's the way it's done in your company. That could negatively impact the other features that do adhere to best practices.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Manager Global IT Operations at a healthcare company with 10,001+ employees
Automation simplifies multiple-account and role management
Pros and Cons
- "The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc."
- "More integration with SAP and with the internet of things would be good. We also have system devices that we could manage as identities, so that would be a feature to add."
What is our primary use case?
We use it to manage all identities within the company. We use it to monitor users when onboarding and offboarding. We also use it for all the related accounts, such as SAP accounts and AD, to give permissions to our employees within these systems.
We do all the privileged management as well within One Identity Manager, which mainly consists of monitoring and control of users, especially who's changing what.
How has it helped my organization?
There are users within SAP, the so-called "firefighters," who need to have a little bit more access to SAP. They are the ones who are allowed to switch down modules, put down the systems, and so on. They require high-privilege access. One Identity helps us to monitor those activities and ensure that we make the changes that are required so the users will have those permissions.
When we have a request from HR for onboarding a new employee, before having One Identity, we had all manual processes. If the user was going to be assigned to a specific application, we needed to contact the responsible person on that team to open multiple tickets, multiple requests. Today, those activities, are completely managed by the Service Desk. That means we have reduced the time it takes for the onboarding process enormously. It used to take two or three weeks to do a full onboarding, but today we can do it in two or three days, providing access to the systems.
The solution has reduced Service Desk calls by 75 to 85 percent. In terms of automation with this system, we now have 94 percent coverage of our users and systems. That means we increase security as well, and not only reduce calls to the Service Desk.
In addition, when it comes to compliance, One Identity is used to cross-reference between the identities and accesses. This has improved the detection time of security events and has helped us with both data protection and compliance. One Identity is a main driver and helper in improving this area.
What is most valuable?
It's the automation. With One Identity you can have multiple accounts and everything is managed in the same system. You don't need to manage different systems at different times. With just one, you can do everything. It saves a lot of time for us and simplifies things.
In terms of the policy and role management features, through the automation that we have within the system, we are able to simplify those processes. The role management is really a great solution because we assign and define roles within the system and then apply them to the identities that we create for our employees.
It is definitely a flexible solution. The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc.
What needs improvement?
We are currently on an old system, an old version. We're working on upgrading to the latest version. So when it comes to cloud-IT strategy, for example, at the time we implemented this version it was not yet a consideration. We are now starting to develop this area, and One Identity will play a key role in our cloud strategy.
Most of the issues that we are suffering from today will be fixed with the new version.
The more we have integrations with other systems, for creation of user accounts for different applications, the simpler the scalability and the usability of the system will be. That's what will make our lives easier.
I've seen that in the new version we're going to have connectors related to ServiceNow. That's a huge feature that will be important for us because we're using that system. Salesforce integration, more integration with SAP and with the internet of things would be good.
We also have system devices that we could manage as identities, so that would be a feature to add.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
The system we are using is five years old and we have had no issues at all. It is fully stable.
What do I think about the scalability of the solution?
It's scalable. We grew over the last year. We integrated companies within the group, which included creating more and more users in the system. Scaling is pretty simple. We didn't have to make major changes to the system itself. It was something that the system could support easily, especially from a functional point of view.
It can scale vertically and horizontally without any problems. With the upgrade, we are scaling up technically, adding more servers, and it's pretty easy as well.
How are customer service and technical support?
We are working with a One Identity partner. This is really important. One of the most important things to do when going with One Identity is to choose a partner wisely. We are currently working with a partner and we're still evaluating that. It needs to be assessed a little bit better and to ensure that they can support us. It has nothing to do with One Identity support itself. The important thing is ensuring that the partner is able to support requests. That's what we are currently assessing and evaluating.
We are working with IPG because our headquarters are based in Germany. We have a history with them. We are currently ensuring that they are capable of providing the support that we require, and especially provide us the agility and flexibility we need.
The partner is important because the implementation of the systems and the configuration of the systems are done by the partner. It is key for One Identity to ensure that the partners can do the work properly.
Which solution did I use previously and why did I switch?
We had nothing before using One Identity.
We implemented One Identity in 2015 with the main goal of controlling SAP access and users, especially the privileged access in SAP and the segregation of duties. That's what we wanted to control. One Identity was the best system at the time, with really exceptional out-of-the-box functionality. It was mainly done, at that time, for SAP. It was a risk and compliance issue that was fixed with One Identity.
What was our ROI?
We are seeing return on investment although I can't quantify it. If we just think about the reduction in the onboarding time which is impacting other teams, that is an area of ROI. And especially with the Service Desk, there has already been a benefit and a return of investment in terms of resources.
What other advice do I have?
The tool is one of the best tools, out-of-the-box. It has great integration, especially for companies using SAP. On the other side, choose the right partner and don't look at only one system, but other systems as well. If a company is looking for a system to control SAP, don't focus on your SAP. Look at one system which is able to manage in general, and with good integrations. One identity is one of those systems.
It is also important to have a defined process. We establish it and then, with the use of the tool, we apply it.
I would rate the solution at nine out of ten. I like the out-of-the-box functionality. You don't need to do specific customizations; you can quickly use the system as it comes. And the solution has flexibility.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
Microsoft Entra ID
SailPoint Identity Security Cloud
Omada Identity
Fortinet FortiAuthenticator
ForgeRock
Microsoft Identity Manager
Oracle Identity Governance
SAP Identity Management
OneLogin by One Identity
NetIQ Identity Manager
EVOLVEUM midPoint
Symantec Identity Governance and Administration
RSA Identity Governance and Lifecycle
OpenIAM Identity Governance
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which one is best: Quest One Identity Manager or Forgerock Identity Management
- Looking for an Identity and Access Management product for an energy and utility organization
- Which Identity and Access Management solution do you use?
- Sailpoint IdentityIQ vs Oracle identity Governance
- OpenIAM vs Ping identity
- Which is the best legacy IDM solution for SAP GRC?
- What are some tips for effective identity and access management to prevent insider data breaches?
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- How to convince a client that Identity and Access Management (IdAM) is essential for risk elimination?
- What access management tools would you recommend to help with GDPR compliance?