One Identity Manager Reviews

We use One Identity Manager for classic identity management tasks like provisioning and de-provisioning. It is employed for user requests and identity governance. It supports a comprehensive setup that includes user access, requesting functionalities, and identity governance measures.

One Identity Manager has improved our organization by providing a centralized identity management solution. It allows us to connect various systems like Active Directory, SAP, and cloud applications, offering a more comprehensive and streamlined view of user identities and access. 

As an administrator, I can see the benefits immediately on deployment because now I have a visualization. Compliance officers also see the benefits quickly. However, for the people I supervise, it's hard to adjust to the idea that everything you do is exposed. Application administrators aren't happy because I can see what they're doing. 

The stakeholders and senior leadership will see the impact only if the people below them can produce good reports. Many reports are out of the box, but you have to deploy them, and people must subscribe. The benefits are immediate for people who deal with the product daily. 

One Identity Manager helps minimize coverage gaps among test, dev, and production servers. The transport feature lets you move whatever you did in development into the test and production. Let's say you need to develop a new workflow in a developer environment. You can move every object related to that workflow to the test and, ultimately, to production. All of that is smooth and clean. 

One Identity helps you streamline application access if there is a policy. A policy can be implemented through the policy engine if a company has a policy. How can they do this without a policy? I won't decide who's supposed to access what for the company. Anything related to access controls starts with the policy and ends with the implementation. It's easy if the company has a policy. 

Application compliance is the same story. Someone has to define what it is. One Identity does not provide tons of compliance already implemented in the workflow. There's no preset for SaaS or HIPAA compliance. 

It can tell you who is a member of an AD group, but it doesn't tell you what application this AD group controls. This information is supposed to come from an application owner, who can say you need to be a member of a specific group to access this application. We can see what happens inside the application if it allows us to do that, but we cannot audit if that person has any business in the application.

One Identity Manager helps us achieve an identity-centric zero-trust model in conjunction with a combination of something like OneLogin or any other access management product. We can control what's happening, but we cannot apply it to the application layer until we have an access control product. 

One of the most valuable features is the ability for business people to input their knowledge about business processes directly into the product. It's a good tool for anyone familiar with business or technical administration. The shopping cart capability for requests and the catalog features were also initially valuable.

It's the best product for providing an enterprise view of logically disconnected SAP accounts. Sometimes, it's doing better than the SAP IG, which probably got discontinued or will be. One Identity Manager helps us connect SAP accounts to employee identities under governance. It is critical because there's no such thing as just SAP, and you want to centralize. You have Active Directory, SAP, and all the cloud applications. Every product has its user accounts, and One Identity allows you to connect them all in one place.

One Identity Manager provides IGA for the more difficult-to-manage aspects of SAP. It lets you do many different things and go as deep as you want. The solution has a whole library of specialized SAP workflows for provisioning. 

You can build a customized web interface that you can do whatever you want with. The out-of-the-box interface for administrators or anybody else can take a little time to understand. It depends on the user's maturity. You must understand what's happening before touching the product. If you have experience using Identity Manager or similar tools, it's highly intuitive. It has so many features that it takes time to adopt, but that's not because it's difficult. 

The business roles are fundamental to role-based access controls. If you don't know how to build roles, it's very hard to do. One of the advantages of this particular product is that you don't have to be a technical person to build the role. You can log in as a business owner with a newly created project and add entitlements, users, or criteria. You can do it manually or using a formula. It's easy to do without any code. 

The client application should transition to a web-based interface to improve administration flexibility. Improvements are also needed in the analytics, peer comparison, and recommendation features, as these areas were added later and require more development. More flexibility in the portal is needed for multi-tenant environments.

I have been using One Identity Manager since 2009, back when it had a different name, Active Entry. I've seen the product evolve over time.

One Identity Manager is a very stable product. The only potential issue could arise from database management, particularly with MS SQL clustering, but with competent support and management, this is not a problem.

One Identity Manager is highly scalable. Its ability to deploy agents across various locations and integrate seamlessly into multi-country operations ensures it can grow alongside business needs without issues.

I rate One Identity support nine out of 10. Premier support offers fast responses, which is critical for banking operations to minimize downtime. The professional and quick handling of issues adds significant value to the investment.

Positive

I have used Oracle, Fischer, SailPoint, Saviynt, and Omada. Omada is particularly notable for its governance capabilities, while Saviynt offers speed in implementation and support. SailPoint is dominant in the market, particularly for compliance capabilities.

If there is no existing database, you must install and configure SQL, which can be time-consuming. However, with a database, the installation is fast, taking about half an hour.

One Identity Manager is priced in the middle range but offers good value due to lower implementation time compared to competitors. Total cost of ownership is crucial where the main expense is in implementation, not licensing.

Other solutions considered were Oracle, Fischer, SailPoint, Saviynt, and Omada. IBM was not used.

One Identity Manager is not for beginners due to its extensive functionality, so it requires prior experience or maturity in identity management to fully utilize its capabilities.

My main use case for One Identity Manager is company-wide identity and access management and administration. I use One Identity Manager for company-wide identity and access management by implementing data-based automated creation of user accounts and access management.

From my point of view, the best features that One Identity Manager offers are its synchronization in the web portal. I find the standard connectors particularly helpful in the synchronization in the web portal.

One Identity Manager has positively impacted my company by minimizing manual effort. The minimization of manual effort has specifically affected my team by providing time savings, efficiency, and data integrity.

Since it is company-wide, an estimate of how much time my team saves with One Identity Manager is rather difficult, but it definitely has a very large impact.

From my point of view, One Identity Manager could still be improved with a cleanup of legacy. In terms of cleanup of legacy, I would like to see improvements to the form framework, among other things.

I have been using One Identity Manager for four years in the company.

In my experience, One Identity Manager is stable in day-to-day operation, and I would rate it eight out of ten.

I would rate the scalability of One Identity Manager as very high.

The customer service of One Identity Manager is something I would rate six out of ten.

Positive

I have not previously compared or used One Identity Manager with another solution.

Before deciding on One Identity Manager, I evaluated One Identity Active Roles, which was functionally limited to AD administration.

I would not like to add anything else about the features of One Identity Manager. My advice for others who are considering One Identity Manager is to definitely invest in training courses and watch One Identity Manager's YouTube channel online, as the product and this solution are very powerful.

I found this interview to be generally good, but there were some questions where the AI engine got stuck, and I think that could be improved for future conversations. I have rated this review with an overall rating of eight out of ten.

One Identity Manager is a software tool specifically designed to manage and govern employee identities throughout their entire lifecycle within a company. Similar to other governance tools, it ensures employees have the right access to data and applications based on their role, from the moment they are hired until they leave the organization.

One Identity Manager is a centralized platform for managing user access to all enterprise applications. It focuses on governing regular user identities and access permissions, but it does not handle privileged accounts. If we need to manage privileged accounts, we'll need a separate Privileged Access Management solution in addition to One Identity Manager. One Identity Manager can handle all our other identity governance needs, but privileged accounts require a different approach.

Our customization of One Identity Manager has been relatively straightforward so far. This is likely because we took the time to establish a solid architecture upfront. By defining a clear vision and utilizing standard use cases, I believe I played a key role in minimizing the need for extensive product customization. One Identity Manager also appears to scale well to our needs, further reinforcing my satisfaction with our choice.

One Identity Manager's business role feature simplifies access management by reflecting your company's structure. When you move between departments, like from marketing to finance, your access permissions automatically adjust based on your new role. This eliminates the need for manual updates, ensures you have the right access for your job, and streamlines access governance for your organization. Overall, it's a valuable tool for scaling access management across different departments and scenarios.

Many companies use pre-built solutions like SAP for specific needs. One Identity Manager acts as a central hub for managing identities and access across various cloud applications, similar to how companies connect to ServiceNow for service management or Workday for HR. This centralized approach simplifies identity governance for cloud-based applications, making One Identity Manager a valuable tool, though other competing products offer similar functionalities.

Choosing the right tool is crucial, just like picking the appropriate car. A regular car will perform well on city roads, but attempting off-roading with it will lead to breakdowns. Similarly, our company prioritizes on-premise hosting, so One Identity Manager was ideal. As One Identity itself offers on-premise updates alongside cloud features, we won't be reliant on solely cloud-based solutions for new functionalities. This ensures we stay current with identity access management advancements without being pressured to migrate to the cloud, unlike some competitors who prioritize cloud-based updates over on-premise versions. With One Identity Manager, we access all new features, giving our company a significant advantage. Ultimately, success depends on understanding your company's needs and tailoring your chosen tool accordingly.

Having separate test, development, and production environments creates challenges for managing a product. While the product itself can improve efficiency, companies need to invest in installing and maintaining it across all three environments. This can be expensive, especially for less-used environments like testing. However, if the product is installed according to best practices, it can offer significant benefits.

One Identity Manager streamlines procurement and licensing by consolidating identity management within a single platform. This is particularly advantageous because One Identity Manager is part of a broader suite of security products offered by Quest, allowing our organization to benefit from volume discounts and a unified security approach when using multiple Quest products.

One Identity Manager simplifies application governance by managing access decisions, compliance, and auditing. For access control, One Identity Manager determines a user's privileges within an application based on their overall permissions, allowing granular control over what each user can do. This same system facilitates auditing by tracking all access requests and enabling the creation of compliance certifications.

One Identity Manager empowers application owners and line of business managers to handle access governance without relying on IT. However, this requires upfront effort from the company to set up the data structure. For instance, if we don't have a process for assigning application owners, no tool can automatically create that mapping. The tool can only utilize existing data to enforce our desired workflows. This initial data setup might be challenging for our company as it's still under development.

One Identity Manager supports an identity-centric zero trust model, which assumes no inherent trust and relies on verification for every access attempt. This means every action must be audited and approved, requiring a well-structured data model. To fully utilize One Identity Manager's capabilities for identity governance, our organization will need a data engineer who can create this optimal data structure.

One Identity Manager stands out because it offers a wide range of features without requiring complex installation or ongoing maintenance. While many identity governance products necessitate external integration specialists, One Identity Manager's user-friendly interface allows internal staff with some IAM knowledge to manage it effectively after hands-on training. This is particularly beneficial because the product's pre-built lifecycle features, the core functionality of any identity governance tool, are comprehensive enough to address the needs of most companies, including larger organizations, without extensive customization.

One Identity Manager's usability could be better. While user experience isn't a top priority for enterprise applications unlike customer-facing ones where ease of use is crucial, there's still room for improvement within the industry standard. One Identity Manager is on par with competitors like SailPoint and Omada, but overall, enterprise applications tend to prioritize functionality over a sleek user experience.

One key area for improvement is implementing continuous integration and deployment. CI/CD automates deployment across environments, streamlining the process and reducing the manual effort currently required. This would move the company away from a slower, waterfall-style deployment process and improve overall efficiency.

The user interface for submitting IT requests could be more user-friendly. While there have been improvements to the look and feel since we purchased One Identity Manager, there's still room for a more customer-driven experience on the end-user portal.

I have been using One Identity Manager for two years.

One Identity Manager has been stable with no downtime experienced. While the current user and transaction load is low, the system has significant capacity for increased volume and hasn't undergone any formal performance testing. However, based on real-world production use, One Identity Manager appears to be functioning well.

We have premier technical support through the partner. We were not intelligent enough to envision this could be a problem in the future. Luckily, we have expertise in identity access management in-house. Otherwise, it would have been a problem if we didn't have local expertise internally and we bought something that we didn't know how to use and our partner wasn't efficient. 

Our company is currently undergoing a split into two separate entities. Due to this unique situation, we haven't fully transitioned to a single solution. Our original company continues to utilize Omada Identity Governance, while the newly formed company will be implementing One Identity Manager. This transition process reflects the upcoming separation into two independent companies, requiring us to adapt our systems accordingly.

Our initial on-premises deployment of One Identity Manager was straightforward because we handled the two-tier installation ourselves. However, for the cloud version, there's no installation needed since it's pre-configured as a Software-as-a-service offering. Regardless of the deployment method, the most crucial tier is the database, which needs robust security as it stores sensitive information. Both Windows and Linux installations are supported, though Windows is generally preferred.

The actual deployment process can be completed in as little as half an hour, but that's only if all the preparatory work, like opening network ports, is done beforehand. In the worst-case scenario, where you need to do all the setup from scratch, the entire deployment could take half a day.

The implementation was completed in-house with the help of an external system integrator and a consultant from One Identity.

To an extent, we have seen a return on investment.

One Identity Manager's pricing is competitive and in line with what other companies offer. While we may have received a different pricing model due to the multiple Quest products we purchased compared to only One Identity Manager, the overall cost is considered average.

We bought the One Identity Manager license from a partner, but they weren't able to assist with implementation because they lacked experience with the product and even tried to steer us toward a different solution.

One Identity Manager stands out for its on-premise deployment option, allowing full internal hosting, unlike most competitors who push cloud-based SaaS solutions. While cloud offers convenience, our critical infrastructure necessitates on-premise control. One Identity Manager also delivers feature parity between cloud and on-premise versions, avoiding the typical delay where new features go to the cloud first. This flexibility caters to companies with strict security requirements or those who prefer a full cloud migration, making it a truly adaptable solution. The potential downside lies in its architecture, where heavy reliance on a single database creates a single point of failure. However, other drawbacks are yet to be discovered through further use.

I would rate One Identity Manager seven out of ten.

We don't use SAP connectors. One Identity Manager's SAP connector isn't unique; it allows connection to SAP systems like many other identity management products. While it simplifies SAP user provisioning within a centralized system, this functionality is common among competitor offerings.

There's a key distinction between privileged and normal business users. While some privileged use cases can be created, an identity governance tool like One Identity Manager, Omada, Okta, SailPoint, or Aviant alone won't handle them all. These tools focus on general identity management, and for comprehensive privileged access management, we need a dedicated privileged identity manager or privileged access manager alongside them.

Due to the partner's lack of experience with the solution, we received no training or post-implementation support. This highlights a challenge faced by organizations in Denmark, a small country with limited options, particularly in the area of identity access management.

Our One Identity Manager partner hasn't provided the value we expected. While choosing them may have been limited due to licensing restrictions, the consultants they sent weren't helpful enough. It seems our experience might have been better with a different product or a more capable partner for the specific solution we implemented.

Our company has a workforce of approximately 5,000 employees and utilizes roughly 1,000 applications, though not all are fully onboarded. This number is respectable considering the size of our country.

When choosing an identity access management solution, there's no one-size-fits-all answer. It's crucial to understand your specific needs first. Consider factors like your current IAM maturity e.g., do you need privileged access management yet?, scalability requirements, deployment options cloud vs. on-premise, and partner support. Don't be swayed by what others use; focus on what works for your business and regulations. One Identity Manager can be a good option for mid-to-large companies lacking internal IAM expertise, though it may have fewer partner integrators compared to competitors like SailPoint. However, it can be a more cost-effective choice.

My main use case for One Identity Manager is to manage the lifecycle of all people, including internal, external, business partners, and external personnel. We are currently in further development and are connecting several applications automatically to One Identity Manager, which is our main use case.

The best features that One Identity Manager offers include relatively no limitations when it comes to connecting, and if there is ever no API interface, you can create one yourself and write it in.

By using my own solutions such as scripts or email integrations, I can give an example of how I use this flexibility in everyday work. Currently, for an application called Fluency Direct, a custom PowerShell script was created for the automatic creation and setup of users and assignment of groups within Fluency Direct.

One Identity Manager has positively impacted my company through cost reduction and less effort in the individual departments for the technicians who used to manually create users in Active Directory, which now all happens automatically.

One Identity Manager could be improved by better prioritizing and processing bugs when tickets are submitted.

I have been using One Identity Manager for just under three years, as we set up the system almost three years ago.

One Identity Manager is stable in operation.

My experience with the scalability of One Identity Manager has been good.

One Identity Manager's customer support could be a bit faster, but otherwise it is acceptable.

Positive

I did not use another solution before One Identity Manager. I have only been working here for three years, and One Identity Manager has existed since I have been here.

Before deciding on One Identity Manager, I did not evaluate other solutions. One Identity Manager was already in place when I arrived and was then newly set up by us.

I would rate One Identity Manager an eight on a scale of one to ten. I chose an eight because it is very good, but there is still potential in small areas such as the usability itself for the admin within the interface. I find that everything is still not quite clear enough, especially with one or two things in Manager and Designer. You do not always quickly know where you have to click when you are looking for something, and you sometimes search a bit longer.

My advice to others who are considering One Identity Manager for themselves is to definitely hire people who have the skills and can quickly get to grips with an application that is relatively complex. My overall rating for this product is eight out of ten.

I use One Identity Manager for RBAC in my current project. We do provisioning and de-provisioning. After running certification campaigns, it automatically aggregates. I also onboard several applications in One Identity Manager. We also use it for audits, recordings, and activities like entitlements or policies with segregation of duties.

We use out-of-the-box connectors for SAP to automate account provisioning and de-provisioning and ensure the right access based on roles and responsibilities. For access governance, we also handle detecting and resolving conflicts. It reduces administrative overhead related to provisioning, de-provisioning, and role authorizations. When it comes to password synchronization with SAP systems, it ensures a smooth user experience. For disconnected SAP accounts, it helps to align the business processes and data flows. We have centralized dashboards providing a holistic view of identities, roles, and privileged access.

We also have Active Directory, Azure AD, and other enterprise applications. It serves as a single source of truth to ensure roles and privileges align with organizational policies. We can view policies and conflicts and also have custom rules.

It provides centralized administration through a single pane of glass. We can manage users' roles and entitlements, identity lifecycle management, and access review management. We can connect both on-premises and cloud systems, ensuring centralized provisioning. With automation for tasks like provisioning and password resets, we can efficiently manage a large user base in complex organization structures.

The analytics provide real-time insights into access, policy violations, and system health. We can also identify potential risks or inefficiencies.

One Identity Manager provides pre-built connectors, requiring minimal effort for standard user cases and workflows. All the common attributes are preconfigured. However, for customized and more complex use cases involving dynamic rules or unique compliance requirements, we need to use PowerShell scripts or APIs.

Business roles help map company structures for dynamic application provisioning. There are predefined templates for common business roles. It supports hierarchical roles and dynamic assignments. The drop-and-drag interface simplifies role creation and assignments and policy integrations. For example, when a new employee joins the finance department, the system dynamically assigns the required role containing the required access and privileges.

It has pre-built connectors for popular cloud apps such as Azure AD. It helps with policy enforcement for implementing RBAC and ABAC for governance across cloud and on-premises systems. We can automate access reviews and certifications for cloud applications ensuring ongoing compliance. We can also dynamically assign and revoke access to cloud apps based on the lifecycle events, such as onboarding, promotion, or termination. It supports monitoring user activities within the cloud apps, providing detailed audit logs and reports for compliance. It also helps with user access requests via self-service portals with automated approval workflows for cloud apps like Salesforce.

It helps with better license management and reduces over-provisioning. We can also track user licenses for cost-saving opportunities, audit reports for compliance, and vendor agreements. We can also create business rules to automatically revoke licenses with a role change. When it comes to the cloud application platform, it synchronizes license date and usage.

Its benefits were seen immediately after the deployment.

One Identity Manager offers identity-centric security, acting as a single source of truth by centralizing identity data for users, devices, and applications. It supports role-based access control and automatically assigns and reworks roles to minimize privileges. 

The solution integrates multi-factor authentication, enforcing stronger measures and requiring identity verification for accessing critical resources. It continuously monitors user behavior in real-time, triggering automated responses, and manages secure access for both on-premises and cloud applications using protocols such as SAML.

Additionally, it facilitates RBAC, provisioning and de-provisioning, certification campaigns, onboarding various applications, audits, and reporting with segregation of duties.

It can have a clearer navigation map of the user interface and user provisioning. The documentation lacks step-by-step details on common tasks like creating roles, running action reviews, and version control. Enhancements could also be made to feedback mechanisms. In development, understanding workflows and integrating ORDM skills with SAP could be improved.

I have been using One Identity Manager for approximately two to three years. I previously worked with an organization in India, where I utilized One Identity Manager. Currently, in my project in the US, I am working in the retail domain, and I am using One Identity Manager here as well.

I have worked a lot with SailPoint, so its deployment was easy for me. The deployment duration varies from project to project.

In terms of maintenance, it sometimes requires updates.

Pricing depends on licensing models, such as per-user licensing and feature-based pricing. Additional models like governance, provisioning, and reporting increase costs. Cloud or on-premises models follow different pricing approaches. On-premises might incur higher costs.

The cost also depends on integration systems like Active Directory, SAP, and custom connector requirements. Scalability influences costs, with larger organizations potentially benefiting from cloud setups. Cloud setups might be more cost-efficient compared to on-premises solutions.

I would rate One Identity Manager a seven out of ten.

The time needed to see the benefits depends on how you roll it out. You have two or three primary areas where you see the benefits. One is from the operations and process perspective. If you automate the processes, you can make a mess because the system creates the identity from the HR system and provisions it for all the target systems, like Active Directory. 

This is one area where your processes will be more mature because they're all automated. Another area is governance because you collect all the data from different systems into one system. Manager lets you start to govern the data when it comes to entitlements.

Identity Manager helps you minimize gaps in governance coverage among test, dev, and production servers. It depends on your setup, but if you have it configured correctly, it will help. 

We can close the security gap between privileged users and the standard users. However, it depends on how you define privileged users because this might be might have different meanings. From a business perspective, you have users who are business-critical. You can set up these compliance rules to control this and have additional checks if required. 

A typical use case is setting up privileged users twice a year or a recertification campaign compared to standard users. The other point of view you need to consider is the typical admin accounts with critical entitlements and permissions to applications that have significant positive or negative impacts on the organization.

It streamlines application decisions, improving application compliance. That's what makes One Identity strong. It's like an octopus with lots of connections to your environment and applications. You get the old data and create your rule set and governance based on that. At the end of the day, these applications or entitlements are under the control of your rule set.

One Identity streamlines application auditing. If the application is under Active Directory, you have security groups where the permissions are managed in the application. It's easy because you have a standard connector, which means all the application permissions are automatically managed and controlled in One Identity Manager. 

On the other hand, if you have an application with its own user and application governance, you must integrate this with an appropriate API integration. If this isn't possible, you need a ticketing system in between with a manual process. You are good if your process aligns with your governance and audit.

One Identity has the biggest out-of-the-box functionality set. I've worked with other platforms like SAP that have a lot of features, but One Identity Manager is on top. 

One Identity provides an enterprise view of the more logically disconnected SAP accounts. It has the strongest SAP connector on the market and it can fully replace SAP centralized administration. It connects SAP accounts to employee identities under governance. One Identity is the only solution that offers IGA for the harder-to-manage aspects of SAP on a deep level. 

It has out-of-the-box SAP workflows and allows you to customize workflows, but you need an SAP specialist to handle these customizations. One Identity provides a comprehensive perspective for governing identity and access processes, reports, compliance stuff, etc. 

One of the biggest challenges organizations have is setting up borders with other processes and enterprise applications like ServiceNow. You could handle these processes, but it would make no sense. A typical example for better understanding is the joiner-mover-lever process of an employee and the topic of hardware where an employee gets their notebook, mobile phone, etc. These are something you would not challenge in a solution like One Identity. 

It can be easy to customize depending on the integrator's expertise. It has many out-of-the-box functionalities, but it also provides full flexibility to customize it. You can do it the right way or the wrong way, and this depends strongly on the integrator's knowledge and expertise. You can build on out-of-the-box elements or code everything from scratch, but this is not recommended.

One Identity's business roles are one of the most critical features. They enable you to reflect the entire entitlement structure up to the manager abstraction layer. For example, you can form a role for marketing and assign access to everything people in the marketing department need to do their work, including all the entitlements on the Active Directory and Azure levels. 

You can also assign a role to the IT shop, so people can request roles through the UI that are automatically assigned by the marketing team. Without these role functionalities, people would need to know the exact entitlement they need to have for the work, or someone from the service desk needs to know which entitlements are required. 

That adds additional pitfalls when you are not using roles properly. People can choose the path with fewer obstacles. They can find the people in the marketing department and copy-paste the entitlement, which might be a way but not the correct way when it comes to audits and revisions.

We have started extending governance to cloud applications in the past two or three years. It has challenges because it strongly depends on the cloud applications and especially on the API end endpoint. The connection is done technically on the API level, so you are strongly dependent on the restrictions of the API.

The migration from one version to another requires a huge amount of effort. The user interface could be modernized. The old one is outdated and will be completely deprecated next year. 

I have worked on One Identity Manager for nine years as a consultant. I am the person companies call when they need someone to introduce and integrate it with their enterprise. 

One Identity is a mature, stable system. Issues can happen, but it's generally stable. 

There are two points that affect performance. One is the power of the database system because the application is strongly database-focused. Adding memory and processing speed on the data base level has a huge impact. These are mostly virtualized, so that's typically quite easy. 

The second level is on the back end where you have so-called drop servers. If you don't have enough, you can install new ones, add them to the queue, and you are good. 

One Identity support has a lot of room for improvement. I work with support for my clients identifying bugs and issues, and the quality has gone down considerably in recent years. The premium support is somewhat better.

If you get a good support engineer and the issue is obvious, I would rate One Identity support eight out of 10. If you get a new technician dealing with a sophisticated problem, I would rate their support two out of 10. For a mixture, I would say a five out of 10.

Neutral

My company has worked with all the big players in this field, including SailPoint, Omada, and Saviynt, so I have some knowledge of these products. 

One Identity is one of the best products on the market, but it might be too overloaded compared to some of the others. Some smaller organizations may not need a full-stack solution. A lighter or cloud-based solution would be a better fit for them.

We integrate One Identity for other companies, so we have it deployed on a test environment to demo it. Europe is more on-prem, whereas companies prefer deploying to the cloud in the United States. If you have the prerequisites ready, you can deploy it in one day. The only maintenance involved is updating the solution. 

I'm not involved in procurement.  One Identity isn't the most expensive, but it's not the cheapest. It depends on what the clients need. 

I rate One Identity Manager eight out of 10. 

We are currently using One Identity Manager for identity management, but not for access management. I have extensive experience with One Identity through previous work with large insurance and utility clients, both of which heavily utilized the platform for identity and governance.

One Identity Manager connects SAP accounts to employee identities under a governance framework. Many companies utilize SAP SuccessFactors for HR and customer management, including onboarding contractors. Since the HR data originates from SAP, seamless integration with the chosen product is crucial for efficient operations.

One Identity Manager delivers the subspecialized workflows and business logic.

In both of my organizations, One Identity Manager was not the primary interface for users. ServiceNow typically served as the front-end portal, while One Identity Manager functioned as the backend engine to fulfill requests. Consequently, primarily managers and administrators interacted with One Identity Manager for testing purposes, and their satisfaction with it was generally positive. Our current organization uses a request-based portal. In contrast, my previous organization employed six versions of One Identity Manager, which has since evolved to nine, indicating significant progress. While earlier versions required extensive customization, the current iteration is more functional.

Our SAP Security team manages several internal roles, each requiring specific access controls. To determine user access based on their position or SAP role, we need a mapping system, which is why we implemented business roles. We also utilize business roles for user onboarding lifecycle management. However, some applications remain disconnected and reliant on AD groups, necessitating additional rules for access control. The functionality of the business role is crucial for effectively managing these access requirements.

We use One Identity Manager to extend governance to cloud applications like ServiceNow. This is achieved through Starling Connect, a One Identity product that allows us to deploy connectors. While we can use generic connectors and APIs for connectivity, Starling offers pre-built connectors for specific platforms, such as SuccessFactors and ServiceNow, simplifying the onboarding process for these cloud applications. We leverage this capability to streamline our governance efforts.

Some of the benefits we have seen from One Identity Manager include its ability to streamline user lifecycle management and the use of attestation for verification. Additionally, request-based calls from ServiceNow have been significantly improved, providing a seamless user experience.

One Identity Manager helps minimize governance gaps across test, development, and production servers, particularly for Active Directory and SAP. We've developed attestation policies that enable regular verification of all accesses, effectively bridging these gaps.

Creating and managing admin accounts, including managing inactive users and potentially disabling their access, has significantly reduced the AD team's operational workload. Similarly, onboarding applications onto the SAP system has streamlined operations and minimized administrative effort.

One Identity Manager's structure is much cheaper than any other product in the market.

One Identity Manager helps streamline application access decisions, compliance, and auditing.

One Identity Manager helps application owners or line-of-business Managers make application governance decisions without IT. Many reports can be used daily, weekly, and quarterly to manage and validate user access.

Being able to manage access without the need for IT has helped reduce the workload of the Operations team.

The SAP integration is One Identity Manager's most valuable feature. It offers a strong, out-of-the-box integration that is easy to implement, a significant advantage over many other products that often lack this integration component.

While we are not currently using privileged accounts, data governance is a concern. Reports and customization are expensive, and the user interface reflects this complexity. We've encountered issues with the cumbersome user interface and slow performance. Unlike products like SailPoint, we have limited control over customizing performance and the user interface. The tools provided for UI customization are not user-friendly.

The UI customization is tricky. The web interface product that One Identity Manager offers is a bit tricky to use, and no extensive documentation is available on how to do the customization.

Their support is inadequate. Raising a query often results in days-long waits for responses. Even when tickets are acknowledged, cases progress slowly toward resolution. Overall, the product lacks sufficient support.

While generic connectors exist, some specialized connectors require additional capabilities. Simplifying the connector process would be a valuable improvement.

I have been using One Identity Manager for five years.

One Identity Manager remains stable as long as the environment doesn't change.

One Identity Manager is scalable by increasing the capacity of the servers. 

The technical support response time is lacking. It can take days to hear back from them.

Neutral

I've worked with IBM Tivoli, SailPoint, and RSA Aveksa.

The optimal identity manager depends entirely on a company's specific requirements. If a company primarily utilizes SAP and Active Directory, One Identity is suitable and easy to implement. However, for extensive customization, a product like IBM or SailPoint might be preferable due to their flexibility and ability to create a completely custom user interface. These platforms also excel in complex workflows, such as those found in banking, and offer robust CI/CD integration through Java scripting. In contrast, One Identity's change label system falls short of modern development practices, making it less appealing for organizations that prioritize agile methodologies.

The initial deployment is straightforward.

One Identity Manager requires a primary database to store all information. A secondary, optional history database can be used for archiving data to manage database size. We can combine the web server and job server functions on a single server, or use separate servers for each.

Provided all necessary requirements are met, a deployment can be completed within two days. While one person suffices for moderate deployments, larger or more complex projects necessitate a team of two or three individuals.

We have seen a return on investment.

One Identity Manager's pricing is reasonable.

I would rate One Identity Manager seven out of ten.

When we upgrade to the latest version, it includes three years of support.

We currently have 4,000 users and 20 applications that utilize One Identity Manager. We also have one team that manages it.

One Identity Manager is a suitable choice for simple implementations, but if your customizations are extensive, consider other solutions. Additionally, if your environment is not heavily reliant on SAP or Active Directory, or if you have Linux-based servers, carefully evaluate the feasibility of implementing One Identity Manager.

We use One Identity Manager as our primary solution for identity and access management. We use it for multiple functions including identity lifecycle, access management, provisioning, segregation of duties (SODs), and attestations. It is being used for the core IM functions.

We are a large insurance company based in Germany. We are compliance-driven. We have to fulfill BaFin requirements. BaFin is a governmental body that oversees banks and insurance. They have a big list of requirements that each financial institution needs to fulfill to stay on the market as a bank or as an insurance provider. One Identity Manager helps us to meet those requirements.

We differentiate between two types of accounts, personal and non-personal accounts. Personal accounts are accounts or usernames assigned to people, and then we have non-personal accounts, which are technical or service accounts used by software or machines. One of the BaFin requirements is that we have control of each and every account within the system. The sync editor is able to read each and every account into IAM. It discovers every account if you have given it the right to see everything in the SAP or any other system. The tool fulfills the base needs so that we can traverse every account available in the system and then match it to digital identities there, meaning that we get a linkage between each account and each digital identity that we get from the HR system. So, we do not have orphaned accounts or the ones that we are not able to match. It is up to each customer to utilize this. They can develop their own processes to handle this. They need to have their own processes to connect them, identify them, or report on them. There is not much that the vendor does there. It discovers them, and that is it. I am satisfied with what it offers. It fulfills our needs.

When it comes to core IGA, the functionality that we use is the life cycle of accounts. We use the life cycle of membership of these accounts into SAP roles, the membership of these SAP users, and the membership life cycle of SAP users in the SAP structural profile. These three are what we cover. There are also SAP groups and SAP profiles, but we do not actively manage them. From the access control structures, we use only this subset. That is all that we need. It is currently sufficient for our needs.

We use several objects to represent company structures. We use the department object and the location object, and we also use business roles pretty extensively. We have thousands of business roles in the system. If I traverse the table org, which is the technical name of the table, I will find thousands of entries there.

Compliance and automation are two reasons for implementing an IM solution. Automation helps save money. For compliance, even if we do not like it, we must install such a solution because we have to fulfill law obligations. We work actively on that and have a big team covering it. It will keep us busy over the next few years. The second one is automation. We have automated the whole onboarding process of employees within this company. Instead of having 50 different administrators, we have less than 10 administrators. It saves us money. We definitely save lots of effort for administrators of different systems. We save people and resources by automating and not having several dozen administrators for different systems. That saves us lots of money.

Another advantage is that it saves us time. We can onboard the person within a day in our company. As soon as the HR types in a new employee there and pushes it to us, we can provision the employee to all necessary systems roughly within a day. Without such a solution, it will probably take weeks.

It helps streamline application access governance. When you have different applications, such as Active Directory-based ones, SAP-based ones, and cloud-based ones, they all have different GUIs. They all have different approval processes. Once you connect them to a solution like One Identity, you have to order all of their entitlements through the IM WebShop, which is a web interface. There is a very homogeneous look and feel to how you order access to these applications. Otherwise, from the administration point of view as well as from the approval point of view, it is a very heterogeneous experience. Once you integrate applications with One Identity Manager, you get the same experience for your AD-based and SAP-based tools. Other competing products like SailPoint and Verix also provide a uniform experience.

It also helps with application auditing. That is one of the core features of the tool. We use it to audit the access to different applications and impose governance on these applications. The application life cycle is also one of the core features that we use. There is one package called the application onboarding package (AOB). We developed our own mechanism there about 15 years ago, so the tool does offer steps, and we utilize it.

I like the provisioning feature of One Identity Manager. It is very powerful and flexible. It works at a very high level, but it can also be tailored as per needs. They have something called Sync Editor. I personally like that one because I have a developer background. Currently, I have more responsibility within the company for this feature. I am one of the six subject matter experts (SMEs). My area is the reconciliation part. 

Compliance with BaFin requirements is very important for us. If we do not fulfill them, our license can be retracted. If we do not fulfill these requirements, it is not good for the company. We use the identity life cycle. We use provisioning extensively. We use attestations, recertifications, and SODs. We need all these equally to fulfill the BaFin requirements.

In terms of user experience or intuitiveness, it is in the middle. I personally find it good. Based on the complexity, the vendor seems to have done a good job of providing a web shop kind of experience, similar to eBay or Amazon. You order something in the shopping cart and submit it. Another one approves it and it gets provisioned. It is in the middle because I have seen better and more lightweight interfaces. They are now introducing the Angular portal. There is a new design. It is better, but certain things are still a little bit hidden. It is not yet ideal. Things like attestations or segregation of duties are not that intuitive. People take time to learn. We need to train them on what they need to do. When we generate attestations, the guy who needs to attest does not intuitively know what to do. When it comes to SODs, it is even harder. People are unsure what exactly things mean there. We need to train these people. For core processes like ordering entitlements, they know what to do without any training or reading materials from us. For example, you order a group, somebody approves it, and then you get it provisioned. For such simple scenarios, we do not need to support them, but for the other cases, such as attestations and SODs, we need to write articles on the Internet. We need to do training. We need to actively support them and hold their hands.

The biggest complaint we get from the end users is the performance. When they click or submit something in the shopping cart, all the compliance checks for SOD rules are run. Sometimes, it takes two to three minutes for something to be submitted. It is slow. It has a bit of a bad reputation within the company because it is a slow product. That is the biggest drawback in terms of user experience. Performance has been a problem in the last 10 to 15 years. It is sometimes good and sometimes bad. Every now and there, you hear that performance is an issue.

The user interface could be more streamlined. The overlapping functionality among tools like the Sync Editor, Designer, Object Browser, and Manager needs better delineation. Currently, you have Sync Editor for synchronization. You have the Designer for scripts, procedures, and SQL development, and then you have the Object Browser for raw or low-level data adjustment there. You also have the Manager which is a user or operations management tool. These four tools overlap in their functionality. For example, you can administer schedules in Manager, Object Browser, and Designer. I see a little bit of overlapping there. You also have the Transporter that transports the code. If you open the binaries folder for tool installation, you will see 20,30, or even 40 files there. There are so many small tools for different things. They might have grown over time. They should differentiate a little bit between operations, development teams, and test teams. For operations, they have done a good job of centralizing things in the Manager tool, but for developers and testers, there is a little bit of overlap between Designer and Object Browser. There is one other tool called Web Designer. That one will become obsolete soon with Angular. Currently, some things can be customized by the operations teams in prod and some of the things need to come from the developers. The borderline is not very clear. There are gray areas. They might have fixed these things in the Angular portal.

Another thing that I do not like is that they are mixing useful data and code data in the same data model. Other tools such as SailPoint or Verix Identity are stronger in terms of the separation of useful data and code data, although they have worse data models than One Identity. There should be a cleaner separation between the actual usage data and code data.

I have been using One Identity Manager since 2009, although back then it was known as Active Entry. I have been using it actively since 2011.

I would rate it a five out of ten for stability. As with all other products, it has bugs. It is buggy. When a new version comes out, there are issues with it. It then takes them some months or patches to make the version stable. If you take 8.0 or 9.0, those versions are usually buggy. I have spent 15 years with this product. There were always issues after they made some major release. It then gets stabilized. The product is buggy, but they work on it. After six to twelve months, they sort out everything, and then you get a more robust version.

It has its advantages and disadvantages, but it is definitely scalable.

It is a good tool for enterprise-level management. It fulfills its role. In the Gartner Magic Quadrant, this tool has gone from the lower left corner to the upper right corner in the last ten or so years. It is definitely an enterprise-level tool. It is powerful, but it is slow. As soon as the company becomes very big and different scenarios need to be managed, it tends to be slow. Two years ago, there was a conference in Hagen, Germany. The vendor asked everyone about their thoughts about the product. They asked us the good or bad things about the product, and every second customer said that they had performance issues with the product. The product is very powerful. It is an enterprise-level software, but it is slow. As soon as you have a larger number of users or a larger number of systems connected to it or you have heavyweight scenarios, it becomes slow. Of course, it depends on how each customer customizes it and implements the features in it, but every second customer complained about the performance.

We have about 30,000 users. We have only one centralized instance for the whole company. We have four environments, and there are several different teams here. We have testing, development, and operations teams. We also have the requirements scoping team where the SMEs are. It has grown pretty big. In the beginning, there were just two to four of us doing everything, but now there are quite a lot of people. Different departments are doing different aspects of it.

Their technical support is pretty good. We use standard customer support, which allows us to open tickets and receive fixes for bugs. While it is not state-of-the-art, I would rate their service as being in the better half, providing positive support experiences.

Neutral

I have worked with two other competing products. One is SailPoint, and another one is DirX Identity. All of these products have their advantages and disadvantages. There is no perfect product, but I find One Identity Manager to be the most powerful and flexible of the three.

I have a developer and IM architect background. When it comes to customization, One Identity Manager is very powerful and very flexible. It is not very easy, but it is definitely better than DirX Identity or SailPoint. The amount of energy that you need to invest is less compared to the other two products.

We have a separate solution for PAM or privileged account management, and that is CyberArk. I know that One Identity has its own safeguard solution, but I am not sure if that one is used in our company. Another team might be using it but not us. We are a big company. I know that this was one of the solutions that they were evaluating, but in the end, they decided to use CyberArk. 

Back in 2010, we had six months of evaluation. We did evaluate Tivoli and other products. We had a prototype. It took about six months before we went to production. We first started only with Active Directory and SAP, and then we kept growing it with additional target systems and additional features. It is comparable to other products in terms of ease of deployment. It is not simple. All these products are complex. It takes time to understand what they do. As compared to others, there is a middle complexity level to bring it live. Overall, it took about six to nine months.

We have the operations team to maintain it. There are several people in that team.

During the evaluation phase, we considered other solutions like Tivoli.

I would definitely recommend this solution. I have influenced two companies in the direction of adopting it in Germany. They were evaluating this, which takes lots of money and time. One company even booked me and a colleague of mine and asked which one to go for between this solution and SailPoint. I definitely recommend this one.

I would rate One Identity Manager an eight out of ten.