One Identity Manager Reviews

The time needed to see the benefits depends on how you roll it out. You have two or three primary areas where you see the benefits. One is from the operations and process perspective. If you automate the processes, you can make a mess because the system creates the identity from the HR system and provisions it for all the target systems, like Active Directory. 

This is one area where your processes will be more mature because they're all automated. Another area is governance because you collect all the data from different systems into one system. Manager lets you start to govern the data when it comes to entitlements.

Identity Manager helps you minimize gaps in governance coverage among test, dev, and production servers. It depends on your setup, but if you have it configured correctly, it will help. 

We can close the security gap between privileged users and the standard users. However, it depends on how you define privileged users because this might be might have different meanings. From a business perspective, you have users who are business-critical. You can set up these compliance rules to control this and have additional checks if required. 

A typical use case is setting up privileged users twice a year or a recertification campaign compared to standard users. The other point of view you need to consider is the typical admin accounts with critical entitlements and permissions to applications that have significant positive or negative impacts on the organization.

It streamlines application decisions, improving application compliance. That's what makes One Identity strong. It's like an octopus with lots of connections to your environment and applications. You get the old data and create your rule set and governance based on that. At the end of the day, these applications or entitlements are under the control of your rule set.

One Identity streamlines application auditing. If the application is under Active Directory, you have security groups where the permissions are managed in the application. It's easy because you have a standard connector, which means all the application permissions are automatically managed and controlled in One Identity Manager. 

On the other hand, if you have an application with its own user and application governance, you must integrate this with an appropriate API integration. If this isn't possible, you need a ticketing system in between with a manual process. You are good if your process aligns with your governance and audit.

One Identity has the biggest out-of-the-box functionality set. I've worked with other platforms like SAP that have a lot of features, but One Identity Manager is on top. 

One Identity provides an enterprise view of the more logically disconnected SAP accounts. It has the strongest SAP connector on the market and it can fully replace SAP centralized administration. It connects SAP accounts to employee identities under governance. One Identity is the only solution that offers IGA for the harder-to-manage aspects of SAP on a deep level. 

It has out-of-the-box SAP workflows and allows you to customize workflows, but you need an SAP specialist to handle these customizations. One Identity provides a comprehensive perspective for governing identity and access processes, reports, compliance stuff, etc. 

One of the biggest challenges organizations have is setting up borders with other processes and enterprise applications like ServiceNow. You could handle these processes, but it would make no sense. A typical example for better understanding is the joiner-mover-lever process of an employee and the topic of hardware where an employee gets their notebook, mobile phone, etc. These are something you would not challenge in a solution like One Identity. 

It can be easy to customize depending on the integrator's expertise. It has many out-of-the-box functionalities, but it also provides full flexibility to customize it. You can do it the right way or the wrong way, and this depends strongly on the integrator's knowledge and expertise. You can build on out-of-the-box elements or code everything from scratch, but this is not recommended.

One Identity's business roles are one of the most critical features. They enable you to reflect the entire entitlement structure up to the manager abstraction layer. For example, you can form a role for marketing and assign access to everything people in the marketing department need to do their work, including all the entitlements on the Active Directory and Azure levels. 

You can also assign a role to the IT shop, so people can request roles through the UI that are automatically assigned by the marketing team. Without these role functionalities, people would need to know the exact entitlement they need to have for the work, or someone from the service desk needs to know which entitlements are required. 

That adds additional pitfalls when you are not using roles properly. People can choose the path with fewer obstacles. They can find the people in the marketing department and copy-paste the entitlement, which might be a way but not the correct way when it comes to audits and revisions.

We have started extending governance to cloud applications in the past two or three years. It has challenges because it strongly depends on the cloud applications and especially on the API end endpoint. The connection is done technically on the API level, so you are strongly dependent on the restrictions of the API.

The migration from one version to another requires a huge amount of effort. The user interface could be modernized. The old one is outdated and will be completely deprecated next year. 

I have worked on One Identity Manager for nine years as a consultant. I am the person companies call when they need someone to introduce and integrate it with their enterprise. 

One Identity is a mature, stable system. Issues can happen, but it's generally stable. 

There are two points that affect performance. One is the power of the database system because the application is strongly database-focused. Adding memory and processing speed on the data base level has a huge impact. These are mostly virtualized, so that's typically quite easy. 

The second level is on the back end where you have so-called drop servers. If you don't have enough, you can install new ones, add them to the queue, and you are good. 

One Identity support has a lot of room for improvement. I work with support for my clients identifying bugs and issues, and the quality has gone down considerably in recent years. The premium support is somewhat better.

If you get a good support engineer and the issue is obvious, I would rate One Identity support eight out of 10. If you get a new technician dealing with a sophisticated problem, I would rate their support two out of 10. For a mixture, I would say a five out of 10.

Neutral

My company has worked with all the big players in this field, including SailPoint, Omada, and Saviynt, so I have some knowledge of these products. 

One Identity is one of the best products on the market, but it might be too overloaded compared to some of the others. Some smaller organizations may not need a full-stack solution. A lighter or cloud-based solution would be a better fit for them.

We integrate One Identity for other companies, so we have it deployed on a test environment to demo it. Europe is more on-prem, whereas companies prefer deploying to the cloud in the United States. If you have the prerequisites ready, you can deploy it in one day. The only maintenance involved is updating the solution. 

I'm not involved in procurement.  One Identity isn't the most expensive, but it's not the cheapest. It depends on what the clients need. 

I rate One Identity Manager eight out of 10. 

We use the solution for the management of identity and access identity, mostly for our employees.

It really helps in application access decisions, application compliance, and application auditing. That is what we mainly use it for: to have governance and compliance.

The solution has helped application owners make application governance decisions without IT. That's how we configured it. That has been a positive effect.

There are a lot of valuable features, including connectors, attestations, and workflow.

For the governance of users, data, and privileged accounts, it's really strong. It's really good, a 10 out of 10.

We also make use of its business roles to map company structures for dynamic application provisioning. That aspect is super important.

It has problems with performance. This is a very serious issue for us. Other than that, it's really capable. The performance is what is missing. It's really poor.

A second problem is the visibility in the search functionality. You don't have flexible search capabilities when you look for either roles or users. You cannot use multiple attributes. The search fields are very limited and that definitely needs improvement.

Also, the interface is really old. From that perspective, it's a six out of 10.

Another issue is that it is really difficult to customize it to our needs. If "10" is super-difficult, I would rate the customization at eight. When it comes to the options, it is super flexible. From that perspective, it is really strong.

I have been using One Identity Manager for almost two years.

It's a stable solution.

So far, it has been scalable when it comes to connecting new systems. When it comes to the performance of the tool, as I mentioned, if you want to have multiple users using it at the same time, it really lacks scalability.

We currently have around 60,000 users of the solution.

I believe we use Premier Support. To be perfectly honest, we were not very happy about Premier Support, and it was escalated.

The answer we usually get is that something will be fixed in the next release, or the release after that. Sometimes they help, but most of the problems are not solved.

Neutral

We had a previous solution, RSA, previously known as Aveksa, but it was not scalable enough for our needs, and it had internal bugs and problems.

We upgraded to One Identity mainly for the connectors. Because of the performance, we're struggling a little bit with One Identity. Other than that, it gives us what we need.

Taking into account our requirements, the deployment had to be complex because we're a complex organization. In general, we have one central solution that is delivered to the entire organization. We operate in a tenant model where particular entities can manage their scopes of applications and roles.

We were super-fast in the deployment. It took us about one and a half years. But we migrated the previous solution into One Identity, so we had already built most of the structures. We also had the connectors and definitions.

We had 10 to 14 people involved.

There is a lot of maintenance, including patching, upgrading versions, implementing improvements, and building new functionalities. It includes the whole life cycle.

I don't have access to how much we pay for licenses. That usually depends on how the company negotiates. But I believe the pricing is fair.

We recently started connecting One Identity Manager to SAP. I'm not an expert on SAP, but it's not the main system that we're interested in. One Identity Manager connects SAP accounts to employees' identities under governance, but it's just in one of the countries where we operate, and it's not even the biggest one that is using SAP. It's critical for them, but our entire company is not based on SAP.

If you configure One Identity Manager and use it properly, it helps minimize holes in data coverage for test, dev, and production servers. But it usually depends on the coverage.

In terms of Zero Trust, that requires a lot of more things, not only One Identity Manager, and we don't use other products from them.

The performance problems are a pain point, but if I compare it to not having the solution in place, it really has a positive impact. One Identity Manager really can help you, but compared to our previous process, because of the performance issues, it is actually a little down from what we had before.

Overall, I would definitely recommend One Identity Manager because we were struggling previously with our other solution, which was a little bit worse.

Our company uses it internally to request access to different customer environments. We use it as a centralized RGA for distributing different kinds of VR-managed service providers.

When you first deploy One Identity Manager, it feels a bit overwhelming because there are many features, but you quickly get accustomed to the tool and what it does. You start realizing how much automation and the ease of use simplifies your daily work. 

It depends on your starting level. If you know how to script a bit and how the target systems work, it's quite easy. I've worked with many tools I didn't understand, but One Identity was clear from the start. It has a good graphical interface and the ability to code XML files. 

One Identity helps us to minimize governance coverage gaps between test, dev, and production servers. It provides a holistic overview of everything connected to the system. You can apply for any access you need. It requires approval, but everything else is automated on the back end. A lot is happening that the end users don't see. 

It provides privileged identity governance, but when combined with a PAM solution, we get high-level privilege access governance. It helps streamline application procurement and licensing. It also enables us to streamline application-access decisions. The graphical interface lets you draw the process rather than code it. We have multiple approval processes implemented. Once the line of business managers becomes accustomed to it, they like it. It brings accountability. There is no single email here and there, but you can see the implications. No more Excel spreadsheets. You have a portal where you can decide, and it goes forward from there.

One Identity is one of the most feature-rich platforms on the market. It covers every use case. The user interface has been improved, making it easier to make it look like what customers want. It's easier to customize than a lot of competition solutions. There are nearly a thousand built-in processes that you can edit and customize according to your needs. 

The solution has a graphical synchronization engine program to generate synchronization and provisioning for you. If those aren't enough, you can create your own, which we often do. Our developers can handle that kind of integration quickly. If we have the definitions ready, it usually takes only a day or two.

The ability to extend governance to cloud applications is critical. The Microsoft 365 integrations are particularly important. All the cloud applications are crucial, especially in the Nordic countries, where we have a lot of SaaS applications.

I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer. 

I have used One Identity Manager for 10 years.

One Identity is highly stable. It's rare for Identity Manager to crash. It happens periodically, but usually, the problem is in the infrastructure or the network. 

One Identity is highly scalable. We have deployed it for environments with 2,000 to 140,000 users. It's capable of scaling for organizations with  500,000 to 1 million users. a

I rate One Identity support nine out of 10. It's good most of the time. As a long-term partner, we don't create tickets that are easy to resolve. We typically go through three support layers before creating a ticket. Those take longer to resolve, but they have resolved everything so far. 

Positive

SailPoint is One Indentity's top competitor. I have not used it, but many of my colleagues work on it. It's the only solution that has comparable features. 

All the deployment options are available, and partners can create our own deployment through the container. It's easy to deploy. A wizard guides you through the initial installation. The full deployment takes four months to a year, depending on the scope. 

You can do it yourself if it's a small environment, but we primarily work in a regulated environment, so we need a team of people for example, testing, approvals, etc. 

After deployment, One Identity requires little maintenance, depending on how it's deployed. If it's a cloud-based deployment, everything happens automatically. For an on-prem deployment, someone from the database team has to back up the databases.

You get a lot of bang for your buck with One Identity. It has many features that are included in the standard IGA license. Most people who are considering buying One Identity don't understand how much power is behind it in engines.

I rate One Identity Manager nine out of 10. Before implementing One Identity, you should test it and do a proof of concept. Look at your application portfolio. If you have a lot of Microsoft applications and SaaS, One Identity will be a good fit for your environment. 

We have several use cases. I work with the German police, who use it to manage use cases. When the forensic examiner goes to the field to gather evidence, they have to transfer this evidence to investigators. We handle the entire process of data cleaning. When the forensic examiner goes to the field, an identity and governance process takes that data, creates an evidence file for it, and transfers that file to an investigator in that team. We also do email password provisioning.

We improve case processes for the bank we work with. They're also using One Identity for account management and provisioning. I'm working with an architecture firm onboarding new employees. There's a global assignment process where an identity or an employee can be assigned to a different country, and he still has to retain his employment. We map the identities even though he's given employment in another country. 

The main benefit of One Identity is process management. Processes are easier to handle. With the police, if a forensic editor or examiner goes to the field and gets all the data, he would need to go to another office with his flash drive and all of those devices. 

He has to call the investigator and tell them he's coming to their office. If the investigator isn't there, he cannot go in. When the guy has time, he will open the door. He goes in, plugs in the device, and waits for hours because they must upload terabytes of data. It takes a lot of time to transfer data because of the internal processes they use. We streamlined the process so the investigator could upload data from the field. 

We also helped a client who had employees traveling to another country on a global assignment. If you must create a new identity for that user because he needs a new identity to work in that country, he can't because we always have to separate objects from different countries. We can manage one user in two different countries and create a sub-identity for that user. 

One Identity Manager helps us minimize governance coverage gaps among test, dev, and production servers. One thing I love about it is the database transport tool. You can model data from the Dev environment and not necessarily push the data. You can model the processes, projects, scripts, business roles, etc., in the dev environment and move them to the testing environment. Once the testing is finished, you can move the transport file to production. It's powerful because you don't need to manually alter the data. 

With business roles, you can close the gap between privileged users and standard users. You can assign business roles to people based on their position and Active Directory group access. 

It streamlines the audit process. Let's say certain users aren't supposed to have access to application data based on their AD group membership or business roles. We can check this for audits and see which users can access applications based on their identities. You can provision applications to specific users based on their membership and identity.

One Identity Manager is identity-centric. Every object is treated as a different entity. Because of this, you can monitor the life cycle of every identity when it comes into the system and how it behaves in the system. You can monitor every identity's access throughout that identity's life cycle. The zero-trust model says that this identity can't access anything it isn't supposed to access at any point in its life cycle. be able to access anything that this identity is not supposed to access. You can trust that once the configurations are done properly, no identity can access any other property that it doesn't have access to.

The solution streamlines licensing. When a user gets employed, we assign them to the group for new employees. When they belong to that group, a trigger creates licenses for each new user. When the user signs into all those accounts, we have a table that shows Microsoft access. Once they are granted Teams access, all of this information is updated for the users. We use that for licensing, but I've never worked with procurement.

The designer tool is one of the most powerful features because you can manage permissions and permission groups in it. The designer is a tool for adding and removing permission. The manager lets you create IT Shop objects and determine which type of user can access an object.

One Identity is versatile and complex. There are no limits to what you can do with this tool. It integrates well with Active Directory and has a powerful API integration. They also introduced the new Angular platform to replace the old web portal, which was too complex. Angular is a simplified web UI for users to do whatever they want to do.

We can leverage JavaScript and the Angular framework to build interactive UIs with the new Angular portal. Also, the new API server makes a lot of sense because using Angular is the front end, and the API server is on the back end. You can do anything you want. It's limitless at this point.

We use One Identity to manage SAP and logically disconnected SAP accounts. From an architectural point of view, you can create request staging tables to sync to the SAP through API calls to the SAP module. You can link the data source to the One Identity staging table to ensure all data goes into the One Identity testing table. You ensure all the necessary fields are there and create a staging table where you would load all the information from SAP. 

You can sync into the One Identity object. From there, you can do whatever you want to do. You can create Active Directory groups and add permissions. SAP is also robust. For example, let's say you have a department's table in SAP. You can also get the department information from the SAP and tie it to the object depending on how you want to sync and structure your project. My approach would be to create a staging table and make an API call to SAP, filling up and syncing the table to the SAP objects in One Identity, adding all the necessary permissions from SAP to the same user, and creating the AD groups if that's also part of the plan. 

There are many approaches to connecting One Identity Manager to SAP accounts under governance. There is no written-in-stone way to do this. The cleanest approach would be using a staging table where you can add all the permissions. A staging table contains the user information and the groups the user belongs to. All of that information will be in any staging table you want. From that table, you write information into the object. 

It helps manage some of the more difficult aspects of SAP. If you have a staging table with all the information from SAP stored there, you have all the rules, Active Directory group names, and permissions. You have all the information. You can use that information to create an identity in One Identity. If you have an SAP account, you must create that SAP identity in One Identity. You can tag and call it SAP and import the source. You can add a SAP tag to it to show that this is an SAP account. 

Before Angular was introduced, the user experience was bad. To do a small custom change in the web UI, you had to do a lot of configuration on the back end. The new Angular portal solved that problem. I don't have any complaints now. The user interface is perfect, making the experience good for the users. Loading objects, caching, and handling errors are way faster with Angular.  

One Identity's business roles help us with provisioning. The whole idea of business roles is to provision based on the user's role. You create business roles for a department with a manager, assistant manager, technician, etc., so you can create custom business roles for all these positions in the same department. Each has permission to do certain things because of their business role. Business roles assign resources and permission groups based on role. It's critical because it limits access based on those roles. We can use business roles to extend governance to cloud apps. 

One Identity can be complex to customize, depending on the scope of the project, the existing system, and the architecture. If the underlying architecture does not suit what the user wants, you must rebuild it entirely by moving data, changing data objects, etc. In a production environment, that can do much harm because these processes and data inputs will change. If the scope is not so robust, you can customize as much as you want. 

On an existing project, the standard was kind of poor because they didn't use experienced consultants to do it. You had to consider rewriting a lot of things, changing how the code works, or redesigning processes. These are not hard things to do, but may just take time. Time will always be a major factor to consider when customizing.

I have actively used One Identity Manager for three years.

One Identity is highly stable. Some companies are still using the 2013 version, and it works perfectly for them. They have not updated it since then. You don't need to upgrade to the latest version. It comes with a lot of benefits like the Angular portal, but it's highly stable. As long as it meets all your needs, why change?

One Identity is scalable, depending on your architecture. 

I rate One Identity support six out of 10. They have bad support. Sometimes, they're fast, and sometimes not. They have 24-hour support, so when you message them, they try to fix their problems. One Identity can give you a technical engineer who can guide you through what to do or give you custom scripts for a problem.

Neutral

Deploying One Identity is straightforward, and configuration is not complex at all. If you have access to the database and application server, initial deployment can be completed in a day. Once you install it, there isn't much maintenance aside from updating to a newer version. You also need an engineer or a consultant to monitor the data for inconsistencies. 

I'm a developer, and I can see the relief from companies because when a person who needs access doesn't have it, emails fly everywhere, and everything stands still. If someone needs access over the weekend to a business-critical task and they can't do it, those problems lead to a lot of waste. It has saved a lot of time and saved some companies a lot of money.

One Identity isn't cheap for small or medium-sized businesses, but I don't think it's necessary for a small company to use. The price is fair for large enterprises with thousands of employees that want to adopt a zero-trust model. 

People talk about CyberArk, but I've never used it before. I don't know how better it would be than this. I don't see anybody competing with this. One Identity is on another level.

I rate One Identity Manager eight out of 10. If you plan to implement One Identity Manager, I recommend finding an experienced consultant. They are not cheap. If you're thinking about implementing One Identity at a small business, I would tell you not to waste your time. At a mid-sized business with a lot of identities or a contractor for a big company, you can use One Identity, but you still need an experienced consultant, depending on the scope of the project. 

We are utilizing One Identity Manager as a provisioning engine. The main use case for us is to manage the identity life cycle of enterprise users in our context.

In my current role where I am managing this overall program, not only from the administration aspect but as the one whom all other departments reach out to with their request, one clear benefit is delegation. One aspect that I like about this solution is delegation. We have delegated administration in a way that we have access to new campaigns configured. This solution has a prebuilt option where we can configure campaign managers, and those campaign managers have a very nice prebuilt dashboard where they can monitor the campaign itself. That is very helpful. We can give these department's folks access.

Our identity landscape is very customized and unique. We are not only providing access for different users; we also have a huge set of non-human identities. We have a huge set of provisioned and service accounts. In our previous legacy solution, the issue that we were facing was that the solution was not very robust. We could not come up with some self-governed scenarios, such as moving the ownership of non-human identities, moving the ownership of service accounts based on the change in the managerial hierarchy, or based on users' movements within the organization. With One Identity, there are very good features that come prebuilt. For example, the department hierarchy within the One Identity solution helped us to build some automated logic, which was missing in the legacy solution. Other than the self-service features, there is also the ability to use ready-made capabilities and scale up on top of it. That was another reason to go for this solution at that time.

We make use of the solution’s business roles to map company structures for dynamic application provisioning. We use it quite heavily. In our context, we have two types of roles. We are using more of the requestable roles, not dynamic roles, and we also have dynamic role-based access control configured as per our organization hierarchy. We have defined entitlements and accesses that each department leverages. Accordingly, we have defined roles in our system.

The capabilities of this solution, in terms of out-of-the-box features and the ability for us to do customization on top of it, have helped us to come up with some automated processes, which were earlier taken care of manually by our staff. Whenever human intervention is involved, it is prone to error. It has helped us to bridge those gaps, which ultimately enhanced our governance score.

It has overall helped us to create a privileged governance stance to close the security gap between privileged users and standard users. With the processes that we had earlier, there were gaps in terms of changing the ownerships of privileged accounts and managing them in a way to have notifications in place. The majority of the stuff is provided out of the box to manage privileged accesses. Also, if you are a One Identity shop and have the Privileged Access Management product from One Identity, you are covered 100% out of the box. You do not have to do any customizations. If you are using any other tools for privileged access management, the product has very good features, which you can scale up and customize in your own context.

It has helped enable application owners or line-of-business managers to make application governance decisions without IT, but we are not using it that extensively for that. In terms of the product having features to do it, it has the features because we are using business roles where we have defined owners of business roles. Product-wise, there is out-of-the-box functionality for business owners to manage the membership. In this way, those lines of business owners are empowered to either revoke access or conduct a review on it. Earlier, with the legacy product, they were not able to do that because there was no such functionality.

In terms of user experience, once you get an understanding of the overall working of the product, it is not that difficult. There are so many underlying components within the product, and they are interlinked and working together. The initial impression is that it is just way too complicated for any developer to customize, but once you get familiar with how it is processing the information and how each box is working in silos, and what is the linkage in between, it makes sense. On a scale of ten, I would give it a seven. Three points to spare are for One Identity to enhance its documentation and maybe come up with more. They have a very good YouTube channel where they post content about One Identity. That is very helpful. However, in terms of explaining to new developers, there is room for improvement.

It has a lot of depth. It has advanced features. As a customer or as someone who is managing the solution, I like its self-service capabilities where it has lots of powers, and the users can select any reference users. The majority of the time, we face an issue where new joiners are not aware of what they need to have in order for them to do their job. One Identity has the answer where they can know this by selecting any reference users, which are basically their colleagues. This way, they can quickly know what sort of access they have in the system, and they can raise the same. The system will automatically identify it for them. It saves a lot of time and is also a very useful feature.

Another valuable aspect is the depth of the product. It allows the support team to reroute certain requests to different people, and within their request flow itself, you can ask questions. All these features are very helpful in our context.

There is room for improvement in terms of the ease of adding custom forms to onboard contingent workers. IT Shop is a great tool, specifically in terms of the self-service mechanism where it allows users to request different accesses. However, there are no prebuilt or easily customizable forms that developers can use to create onboarding forms for contingent workers. In most organizations, contingent workers do not have any authoritative source as HR. The majority of the time, the only authoritative source is the Identity Manager or the Identity Management department itself. I would love to see any enhancement in this regard. For user experience and intuitiveness, on a scale of ten, I would rate it an eight out of ten.

There is no out-of-the-box or very easy way to configure processes to manage non-human accounts. The functionalities that we have built are totally customized on top of what One Identity provided out of the box. It would have been nice to see some out-of-the-box or plug-and-play features available for it. However, the functionality was there, and we were able to scale up in terms of customization. Whatever we did was totally customized.

There should be some ready-to-use templates or utilities as the other Identity product providers have. There should be some sort of features that you can enable or there should be utilities that you can even purchase at extra cost. For example, it would be nice to see the utilities to manage privileged accounts or forms, onboarding forms, or other small things that different clients can leverage, even if it comes at a fraction of the cost.

The overall documentation needs improvement. This product has a lot of features, but people are not aware of it. The depth itself is still unknown.

Skilled resources are very difficult to find for One Identity, which leads us to the conclusion that there is very little certification or free information that users can just opt for and learn. In addition to the documentation, they should also provide more resources. Free training for partners would be nice because being a manager, it is very hard for me to locate skilled resources for this tool.

I have been using this solution for a total of five years. I have worked with it for three years in a technical role and for two years in a managerial role where I am managing people who are directly and technically managing the solution.

It is very stable. We do not need to do anything even with patching. I would rate it a nine out of ten for stability.

I would rate it a seven out of ten for scalability because I feel that the architecture of the product is such that you cannot have very effective active-to-active integration between the job servers.

For critical issues, it is good because you can call them, but for the regular issues, I feel that there is a lack of skilled resources on their side.

Neutral

We had another solution from a different vendor, and we replaced that solution with One Identity. We switched because of the self-service capabilities and advanced governance features, which were missing in the earlier solution.

Onboarding from authoritative sources and onboarding directly to One Identity Manager for contingent workers was never an issue for us, even with the legacy solution that we had earlier. The main use case for which we mainly deployed One Identity Manager and replaced the legacy solution was the self-service capabilities. There were limited self-service capabilities in the legacy solution. So, we brought this solution, which complemented the automated provisioning of users in a way that not only the solution is capable of automatically provisioning accesses based upon the policies and templates that we define in our system, but it also has very good features where it allows the end users to do many tasks by themselves. There is a self-service portal, which is called IT Shop in One Identity's terminology.

In terms of consolidation of procurement and licensing, we have not used any other solutions in such depth or so extensively. We still have one use case, which we had with the previous product as well, where we have all Oracle E-Business Suite accesses published on our self-service. The same flows are valid with One Identity as well. However, they are managing the POs and other things. That is still with the ERP itself. We have not gone to the extent of taking responsibility for the functionality of each responsibility within our identity management.

It is deployed on-prem. Our project was not just a deployment. It was also replacing the legacy solution. It was quite a unique and complex project. It took us around eight months to complete it fully because we not only deployed it, we also replaced the whole solution, and we had many integrations in place.

It requires maintenance in terms of product upgrades and security patching. In terms of One Identity upgrades, every two years, we have to upgrade because the previous version is not supported. The other thing for every organization is infrastructure vulnerability patching, so it does require maintenance.

The team that performed the deployment and did the migration had three people: two technical and one architect. The team that is currently managing includes one administrator, one architect, and one developer.

It is cost-efficient compared to its competitors. It is cost-effective. I do not know about the other regions, but here in the Middle East, the competitors are almost double the price.

I would recommend One Identity Manager in terms of value for money, but I would not recommend it in terms of skilled resources. If One Identity increases education, then it is a very good value product.

In terms of the extension of governance to cloud apps, we do have such a mechanism, but we are not directly connecting with any cloud apps. We follow our process. We do it through a proxy or some sort of data power or middleware tool. So, we do have some integration with cloud apps, but we have not used the new feature. I suppose they now have out-of-the-box connectors to connect with cloud apps, but we are not using that feature as of now because it requires a separate license. Unfortunately, we have a short budget on that ground. However, from what I heard from my developers, it is a very nice feature, and it is easy to connect, but we do not have the use case to validate.

Overall, I would rate One Identity Manager an eight out of ten.

We use One Identity Manager to synchronize SAP inbound and outbound Exchange data. More generally, we aim to synchronize data between target systems, such as those used in banking or other companies, and One Identity Manager.

One Identity Manager includes a default SAP connector that we utilize. Its simplicity is evident in connecting to SAP sites through a straightforward click or by completing a connection filtering form. We can easily establish mapping and workflow for SAP sites, making it a streamlined process. While exceptions may exist for specific customers, we can accommodate their needs by customizing workflow mappings based on their requests. Overall, the SAP connector provided by One Identity Manager is remarkably user-friendly and accessible to all, in my opinion.

We've used the web designer module, but it won't be available next year. One Identity has transitioned from web designer to Angular web development, offering complete freedom to create custom web pages and websites. While Angular requires JavaScript knowledge, it provides unrestricted development capabilities, unlike the complex web designer module. New employees struggled with learning web design, but Angular's accessibility empowers developers to modify everything within the One Identity website and backend, including database interactions and custom code development. This flexibility makes One Identity Manager a powerful tool for connecting various systems and databases.

Business roles are crucial for our customers because they are an essential identity management tool. Without them, we'd need to manually authorize every employee and group. However, Business roles allow us to create and assign business roles automatically. This is vital for our customers as we develop best practices for business workflows. A key component is creating business websites, for which we establish job descriptions and roles. Subsequently, we automate role assignments based on organization or title, which significantly streamlines our processes.

One Identity Manager is user-friendly for the end user.

One Identity Manager significantly simplifies application auditing. The auditing site we use extensively is one of its most valuable features. One Identity Manager is remarkably effective for auditing because it empowers us to create and deliver new attestation or compliance tools. We can generate all these audits through both the website and Manager modules. The audit screen on the website is exceptionally user-friendly. Customers consistently praise the audit feature, and we have received no complaints about the auditing site. We are highly satisfied with using the audit site for One Identity Manager.

One Identity Manager's most valuable asset is the ability to customize its front-end website.

The One Identity Manager documentation could be improved. Despite using the solution for six years, I encounter difficulties understanding certain features due to unclear explanations in the documentation. Additionally, while the One Identity Manager community has the potential to be a valuable resource, the community site does not effectively assist all users.

The report site could be improved because while One Identity Manager offers around forty default reports, our customers find them insufficient for their needs. Consequently, we must create custom reports to meet their specific requirements. Although building custom reports within One Identity Manager is straightforward, enhancing the existing default reports would greatly benefit our users.

I have been using One Identity Manager for six years.

I would rate the stability of One Identity Manager nine out of ten. While all software products are prone to errors or bugs, I have encountered none, specifically in version nine. Compared to previous versions like eight and seven, which did experience issues that required resolution, version nine represents a significant improvement in stability and reliability, making it the best version of One Identity Manager thus far.

One Identity Manager is well-suited for large-scale environments, making it an ideal solution for enterprise clients.

We use Premier Support from One Identity Manager. They respond quickly to our tickets, and our customers are extremely happy with the support.

Positive

The deployment is straightforward and takes a week to complete.

Prices in Turkey are high due to inflation, a challenge we've heard about from our customers. We understand that European consumers may have different expectations, but we must reduce the pricing to attract customers.

I would rate One Identity Manager nine out of ten.

Generally, we don't utilize a governance site but instead rely on an identity management site. Initially, our customers define the SAP architecture or structure, outlining user roles that must be created and associated with specific rules. We then establish the SAP site's structure and architecture, focusing on user management before addressing roles. Subsequently, we incorporate the business side to enable dynamic role calculation for users by creating business rules for role management and assigning roles to users.

I highly recommend One Identity Manager to others. Its ability to develop everything within a single platform is incredibly valuable for customers. Many other products or software often encounter challenges or require custom development, but One Identity Manager offers a comprehensive solution. Its simplicity and customization options make it a standout choice. While I haven't used other identity management products extensively, I am familiar with some features of competitors like SailPoint. However, One Identity Manager's flexibility allows for modifications to accommodate specific needs, unlike some out-of-the-box alternatives.

We use Identity Manager for several things, such as automating our XML process, user provisioning and reprovisioning, and governance-related activities like access reviews and degradation of duties.

Identity Manager sits at the center of the organization. We integrate our systems, like Workday, into other HR systems for employees and contractors. If there are any vendors and customer-related identities, we feed the data from those systems into One Identity. One Identity Manager is configured to the initial access established when someone joins the organization, such as email, Active Directory, desktop logins, timesheets, and common apps that everybody in the organization requires.

We also have request systems in ServiceNow integrated with One Identity Manager on the back end. The request tool goes through ServiceNow, and One Identity creates a notification that a user has requested access to an application. Identity Manager will provision those users on those systems. Some requests are automated and others are semi-automated. When a ticket is opened in ServiceNow, the team will pick up the ticket and work on it. Once they do that, an update comes into the IDM system saying that this user has been granted this access. One Identity Manager is the central book of records or identities and their access levels. 

One Identity Manager has improved our overall user experience by automating processes related to password rests, access requests, and provisioning. This has reduced the number of tickets and help desk calls. It has also decreased the time new employees take to start working. Their laptops and applications are ready to use when they sit at their desks on their first day. We have designed the process so they can spend one or two hours setting things up and starting work. 

The solution streamlines application access decisions, compliance, and auditing.  One Identity has improved the access request process. It's quicker, and we only need to check the identity management system if there are any issues. The users can go into the system to request roles and see if they've been approved. If they're missing something or don't know what to request, they can look it up in the catalog. It's more user-friendly and based on self-service, so the help desk doesn't need to handle all these requests. Everything is centralized, allowing us to pull all the information we need for regulatory audits quickly. 

One Identity's user interface is excellent. It has a timeline view that shows when a user received access and when access was removed. This provides a solid overview of all the users' activities since they were onboarded. 

Another visualization tool not in the main UI shows the identity in the center and links to the target applications. You can drill down and see the details for those target systems. That is very helpful for us to look up something related to a user quickly. 

We use One Identity to manage SAP. We did a lot of customization, integrating the GSA components of SAP. We brought in all those rules, and it wasn't straightforward, but One Identity has some additional support and capabilities for SAP that helped us a bit. We brought all those GSA-related activities in through process changes and some customization. 

One Identity is good at automated user provisioning and de-provisioning. The system processes things quickly. We had an issue where we mistakenly disabled nearly 4,000 Active Directory accounts due to a developer error. We had to get those accounts back up again and were pushing the records to AD to make the changes. It was running a bit slowly, but we have a cloud setup, so we bumped the resources, and it handled that load quickly.

The compliance reports are good, and custom reports can be easily generated. One Identity provides separate built-in user roles for auditors, compliance officers, and others. The SOC exemption process and associated reporting are excellent. 

It's critical that One Identity extends identity governance to cloud apps because most organizations are hybrid. The cloud is maturing and becoming more affordable. More organizations are shifting from legacy Oracle EBS systems to Microsoft 365 or Salesforce. All these vendors have also picked up cloud offerings and offer them as a managed service or complete service, where we don't have to worry about anything.

The interface could be more customizable and developer-friendly. There's a different tool for everything in Identity Manager, so it would help if they could consolidate everything into one or two tools. A developer needs to use three or four tools to do various things, so we need to log in to multiple tools when we make changes. It's a pain if we want to do something quickly, and it's harder for new developers because they have to remember which tool they need for a task. It would shorten the learning curve.

I've worked with two versions of One Identity. The earlier version was heavy on customization. We had mastered that because we were doing customizations. We knew how to change things and had our own SOPs, documentation, etc. In the last year, One Identity changed its UI. That involved a lot of code that is invisible to us, minimizing the amount of customizations we can do. To do some minimal customization, we had to try different things and almost break our dev environment. Once, we had to reset it using the backup because it was not coming up because of all the changes we did. Also, there is no clear documentation

According to feedback from my users, the user experience is more of a mixed bag. Many of my users had problems with the password reset portal. It asks for a CAPTCHA code before they can log in. It's a standard feature, but how the CAPTCHA is displayed isn't user-friendly. People did not like it. We tried to customize and change that as well but had limited options. Aside from that, the normal UI is good, and we have not had much pushback.

While the export and import feature is handy for minimizing gaps in governance coverage, we still need to use separate products like GitHub and other similar tools to maintain consistency between environments. There is nothing built-in to help us maintain configurations across environments. If they come up with something where I can quickly compare both my environments and see the differences, that'll be great.

Identity Manager is good at managing identities, but I don't think it suits privileged accounts. IAM is split into three subdomains: IGA, access management, and PAM. One Identity is sufficient for IGA but cannot handle the others. 

The compliance reporting could be improved. One of the key requirements of SOC or any other audit is a snapshot of the system's configuration. The audit requires you to certify that the queries for generating the report have not been changed and that the configuration is the same as it was the day before the audit.  

We take screenshots with the timestamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity stores the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do.

I have worked on it for around two years.

I rate One Identity Manager nine out of 10 for stability.

I rate One Identity Manager seven out of 10 for scalability because the scaling process isn't smooth.

I rate One Identity support eight out of 10. We worked closely with the One Identity team, and they assigned us a dedicated support manager. It has been a positive experience. They quickly resolve issues and help us execute projects faster. 

Positive

I work as a solution architect, so I've used lots of tools, including the Oracle toolset, NetIQ, and Sailpoint. One Identity is better than Oracle, which has lost market share. Oracle is resource-intensive. You need 16 GB to install the base. Initially, that tool was good, but it became a mess. Oracle is no match for Identity Manager. NetIQ is a lightweight tool suitable for small organizations, but it cannot process things the way Identity Manager can. 

Microsoft tools lack One Identity's IGA capabilities, but I would say SailPoint is better because of the number of connectors it has. It's also far easier to operate. Sailpoint's tools are all in one place, and it's more developer-friendly. It's a complete SaaS tool along the same lines as One Identity Manager. We don't have to buy professional services to do anything out of the box, even if it is a minor customization. 

One Identity was deployed on the cloud and offered to the customer as a service. On average, it takes three or four months to install One Identity and integrate it with key systems like Active Directory and HR solutions. That includes the time needed to gather requirements and implement them. For the timeline I mentioned, the standard deployment team size is around five to six people. 

I don't remember the numbers, but we did realize an ROI of about 10 to 15 percent. 

One Identity is cost-efficient from a licensing perspective. However, one drawback is that it's expensive on the hardware side for the customer to set up. One Identity's professional services team recommends various components. They lose some of the cost advantage because the hardware is expensive and requires maintenance. 

I rate One Identity Manager eight out of 10. 

I use One Identity Manager for all the IAM capabilities in my day-to-day use cases, such as Identity and Access Management.

When initially implemented, One Identity Manager comes with basic modules, but additional ones can be added to encompass data governance, complaints, audits, and more within a single platform. Many organizations limit its use to identity and access management processes, but its potential extends far beyond this, offering broader application and management opportunities. Ultimately, the system's effectiveness depends on how it is managed and implemented within an organization.

From a non-technical perspective, there isn't much customization we could do on the portal apart from seeing whatever our IT admins have given us access to. However, One Identity Manager can be customized heavily on the back end. Customizations are easy because they have a lot of documentation. They have provided extensive documentation. But at times, following the documentation can be a bit difficult. It can help you. For example, if we know the product, we can easily manage everything.

One Identity Manager maps out company structure through its business role feature, which offers dynamic role-sensing capabilities. Unlike other tools, it allows for assigning approvers and managers to business roles, effectively managing multiple access modules under a single umbrella. This functionality is useful for achieving least privileged and role-based access metrics, making it a valuable asset in various use cases.

We have some integration with cloud apps, and One Identity Manager recently introduced Starling Connect, offering several out-of-the-box features. However, current functionalities are limited, so significant customization might require exploring additional API endpoints. The available attributes and tools are sufficient for basic cloud management tasks.

The benefits of implementing One Identity Manager would be immediate as its out-of-the-box configurations can be enabled right away. However, realizing these benefits might take longer if the enterprise requires end-user customizations. In essence, the speed of reaping the advantages depends on whether we utilize the tool's standard features or need to tailor it to specific organizational needs.

One Identity Manager effectively reduces governance coverage gaps across production servers by offering a comprehensive suite of governance-related capabilities. Its built-in transporter tool facilitates seamless migration of changes between environments, eliminating the need for manual configuration or reliance on third-party solutions. Unlike other tools that may require custom integrations or external dependencies, One Identity Manager provides a complete, out-of-the-box solution for managing environment transitions.

One Identity Manager can help establish a privileged governance framework to bridge the security gap between privileged and standard users. The specific capabilities depend on the enabled modules. The privileged access governance module offers advanced features like risk indexing and out-of-the-box support for identifying high-risk identities based on configurable rules or violations. Even without this module, the platform provides customization options for managing privileged users and includes basic risk assessment functionalities.

One Identity Manager can assist in consolidating procurement and licensing, but the extent of its capabilities depends on the target system being managed. While it offers licensing management features for SAP systems, including the ability to fill in gaps, managing licensing for other products requires customizations utilizing Active Directory or Azure Active Directory groups. In these cases, the process differs from the integrated licensing management available for SAP within the One Identity Manager platform.

One Identity Manager simplifies application access decisions by consolidating all entitlements for any integrated system into a single product within the IT department. This unified platform enables efficient access requests, approvals, and multi-level approval workflows, with customization options to manage application entitlements according to specific needs. Additionally, the system's rules can merge multiple access entitlements into a single request, which can be submitted through the front-end portal.

One Identity Manager's ability to streamline application compliance varies depending on the integrated application. Out-of-the-box applications offer built-in compliance capabilities, but third-party tools or custom solutions may be required for those without pre-built connectors. However, compliance functionalities are available for all out-of-the-box target systems.

While One Identity Manager cannot perform a full application audit, it can assess access entitlements and identities within the application.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. With appropriate permissions, these managers can establish business roles, assign applications and items, and create corresponding system roles accessible to other organizational users. While this capability exists, most organizations avoid this approach due to the potential for invalidating business roles without proper verification.

Achieving a zero-trust model with One Identity Manager is feasible but heavily reliant on the policies configured within the system. We can effectively establish a zero-trust environment with carefully crafted policies and conditions. However, limiting the tool's use to provisioning, de-provisioning, and data manipulation processes restricts its potential. By fully exploring and leveraging One Identity Manager's capabilities, we can significantly enhance our ability to implement a robust zero-trust model.

From a technical perspective, One Identity Manager's greatest strength lies in its extensive customization options. The platform offers a wealth of functionalities and flexibility, allowing us to tailor solutions to meet our organization's specific needs without limitations. This unparalleled adaptability is One Identity Manager's most significant advantage.

The end-user interface is intuitive and easy to navigate, making finding information within the portal simple. However, extensive customization can complicate management. From a technical standpoint, the backend is more complex due to managing multiple client tools for various One Identity Manager modules. While these tools interact, their number can overwhelm new users, hindering their ability to effectively understand and utilize the system. The front end is user-friendly, but the back end presents significant challenges.

One Identity Manager is a complex tool with multiple components and a convoluted backend. Its various clients for managing different tasks can confuse IT and non-IT users. Simplifying the tool and streamlining processes would be beneficial. Additionally, while the out-of-the-box connectors are helpful, incomplete support for certain objects hinders efficiency. Providing full support for all objects would enhance the tool's usability.

I have been using One Identity Manager for almost four years.

We haven't encountered significant stability issues. If we follow the provided documentation, we should not experience multiple problems, and a clean environment is crucial for proper configuration. However, mismanagement of processes or queues can lead to crashes. Ultimately, system stability depends on environment management, deployment, and configuration within the system.

It is highly scalable, supporting both vertical and horizontal scaling. Deployment on orchestration platforms like Kubernetes simplifies management, especially with the right team and capabilities. Kubernetes environments offer significantly easier scaling compared to other solutions.

I have experience with Microsoft Identity Manager, Entra ID, and SailPoint Identity Security Cloud. While Microsoft Entra ID and SailPoint are relatively straightforward to manage with uncomplicated backends and easy-to-implement features, One Identity Manager is more complex. Due to its multifaceted functionalities, new users or organizations lacking a deep product understanding might need to reinstall the entire application to enable specific modules. Consequently, many only utilize its basic features instead of fully exploiting its capabilities. In contrast, SailPoint and Microsoft Identity Manager offer simpler installations and SailPoint offers broader compatibility beyond Windows, making it more adaptable to different environments than One Identity Manager.

Product knowledge significantly simplifies One Identity Manager deployment. However, the extensive documentation can pose challenges for newcomers unfamiliar with the product. Unlike concise, step-by-step guides, the current documentation requires navigating a complex structure, potentially leading to confusion. Implementing prerequisite checks and other validations will be necessary to successfully deploy the system, making it a demanding task for those new to One Identity Manager.

In addition to licensing fees, we may incur costs for professional services if product issues or implementation errors arise beyond our control. While a community exists, support can still be challenging. Furthermore, the product is relatively expensive compared to alternatives. Certification costs are also notably higher, requiring mandatory five to six-day training sessions and exams only offered to groups of 15 to 20 people. This contrasts with other products, such as SailPoint, which offer standalone exams for certification seekers.

I would rate One Identity Manager eight out of ten.

Due to its heavy customization, One Identity Manager requires ongoing maintenance, which necessitates a dedicated resource for complete system upkeep. Moreover, significant data inconsistencies within integrated systems can render data management within One Identity Manager a demanding task. Consequently, maintenance is not solely product-specific but primarily data—and process-dependent.