One Identity Manager Reviews

I use One Identity Manager to implement an identity governance and administration solution for end users.

One Identity Manager is a highly adaptable platform capable of integrating both connected and disconnected target systems through connectors and APIs. Its extensive customization options allow it to accommodate a wide range of customer use cases. Additionally, the tool can be scaled to support a large user base and effectively handles role provisioning, joiners, movers, and leavers automation. With its rich feature set and out-of-the-box functionality, One Identity Manager is a powerful solution.

Previously, our user interface relied on a legacy web portal built with VB.NET technology, which suffered from slow loading times. However, One Identity has significantly enhanced the user experience by upgrading to Angular technology for the web portal. This transition has resulted in a much more interactive interface and greatly improved response times. The codebase is entirely based on Angular, which we can leverage to create custom components and enhance the web portal with a more interactive user experience.

We leverage business roles to assign default access permissions. New employees automatically receive specific role-based access upon joining the company. This process is facilitated through the implementation of business roles. We can easily accommodate diverse user types using these roles. For example, a new sales employee can be assigned a corresponding business role. We can create hundreds of business roles to match different departments. Additionally, we can schedule when these business roles are executed, allowing for system operation flexibility. However, it's important to note that frequent scheduling can significantly impact overall system performance and efficiency.

We have integrated EntraID with One Identity Manager for application onboarding. Since authentication can be provided through EntraID, extending governance to cloud applications is necessary. Therefore, all cloud-based applications that are not connected to on-premises systems require integration with EntraID. Failure to integrate will result in authentication errors and prevent user logins. Consequently, EntraID is mandatory for all cloud-deployed applications.

When we deploy the portal, most projects involve migrating from other IGA solutions to our new platform. Initially, users may take time to familiarize themselves with the portal's web interface, but its navigation is intuitive. We provide extensive documentation on accessing the portal, its features, and how to submit requests, along with customer support. While there may be a brief learning curve, the user-friendly design should minimize difficulties.

One Identity Manager helps bridge governance gaps between test, development, and production servers. Development is migrated to a test environment for testing before approval and subsequent migration to production. One Identity Manager is installed on all three environments, each with its own database to facilitate this. Changes are developed in the development environment, packaged, and moved to the test environment for testing. Approved changes are then migrated to production. Maintaining identical One Identity Manager versions across all three environments is crucial to ensure successful package migration, as packages from one version are incompatible with others.

One Identity Manager allows us to establish a privileged governance framework to bridge the security gap between privileged and standard users. Our system defines roles with specific permissions, enabling us to display additional information to users with privileged roles while restricting access to this information for standard users. Our defined roles and permissions make this granular control possible.

We have an approval workflow and policy to streamline application access decisions. Obtaining a specific role must undergo an approval process, and only designated individuals can grant permission. This workflow ensures that role assignments are controlled and efficient, preventing unauthorized access.

One Identity Manager offers a wide range of connectors, allowing it to interface with multiple target systems and perform provisioning and de-provisioning tasks within them. This extensive connector library, available out-of-the-box, is one of its most valuable features.

One Identity Manager is a comprehensive but complex solution. Even for developers, gaining a deep understanding and implementing customizations would require significant effort. It is a challenging product to both implement and comprehend.

The reporting and auditing functionalities within One Identity Manager could be enhanced, particularly in the reporting area, which would benefit from a wider range of pre-built reports.

I have been using One Identity Manager for three years.

Technical support is helpful whenever we need troubleshooting services. 

Positive

The complex deployment took approximately seven months and involved a team of business analysts, a technical architect, and developers. 

We implement One Identity Manager for our customers.

I would rate One Identity Manager eight out of ten.

We are a service provider, and we provide the license to our customers.

I designed and implemented One Identity Manager for clients across various companies. This involved a wide range of use cases, including standard employee lifecycle processes like onboarding, transfers, offboarding, and location changes. I also implemented more sophisticated use cases, such as automatically creating Active Directory groups and service accounts based on user requests and approval workflows.

One Identity Manager's enterprise view for managing logically disconnected SAP accounts is good.

One Identity Manager acts as an Identity Governance and Administration solution specifically designed to address the complexities of SAP systems. This deep integration allows for advanced features like implementing Separation of Duties rules, ensuring a more secure and controlled SAP environment.

One Identity Manager delivers important SAP-specialized workflows and business logic.

One Identity Manager provides one platform for enterprise-level administration and governance of users, data, and privileged accounts.

One Identity Manager, while not boasting the absolute best user interface, offers an intuitive experience. Through its integration with SAP, it provides a comprehensive solution for managing the entire user permission lifecycle, including SAP roles and transactions. I was particularly impressed by its ability to seamlessly read details from the SAP system using a standard connector.

One Identity Manager simplifies backend customization by allowing us to implement custom processes, functions, scripts, and more. However, customizing the web portal, especially the new Angular web portal, is a more challenging task.

One Identity Manager offers a sophisticated model for the business roles to map company structures for dynamic application provisioning.

The functionality of the business role is important because if we build the right business structure, we can simplify the permission manager.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and prod servers.

One Identity Manager helps create a privileged governance stance to close the security gap between privileged and standard users. This has improved our security posture.

One Identity Manager helps streamline aspects of application governance which simplifies the reporting.

One Identity Manager enables application owners and line of business managers to make application governance decisions without IT. Being able to see what users have access to and make the decision regarding the request from one platform, saves us time.

One Identity Manager helps us achieve a zero-centric trust model. 

One Identity Manager stands out for its modular design, allowing us to easily customize it with specific components, and its flexibility to handle any identity and access management scenario we encounter.

One Identity Manager doesn't provide all the user interfaces we need for business users out-of-the-box. This means we need to customize the web portal to display all the information we want to make available to them.

The ROM control modeling has room for improvement.

The user experience can be more user-friendly.

How One Identity Manager deals with disconnected systems needs improvement.

I have been using One Identity Manager for over ten years.

I would rate the stability of One Identity Manager ten out of ten.

One Identity Manager's scalability is the best in the market. From a technical perspective, the number of identities and entitlements we can manage with the overall architecture is good.

The One Identity Manager support is good.

Positive

I previously used Oracle Identity Management and SailPoint IdentityIQ. I switched because I was interested in One Identity Manager which is more popular and trusted in our country.

The initial deployment is straightforward. While the initial software deployment itself can be completed in a day, a full rollout typically requires additional time for configuration, customization, and other necessary steps to tailor the software to our client's specific environment.

One Identity Manager is expensive.

I would rate One Identity Manager eight out of ten.

One Identity Manager requires one to two people for maintenance per project.

I recommend using a partner to evaluate and implement One Identity Manager.

I am a consultant who works on the backend of One Identity. When a client has a requirement, I add it to the back end. 

One Identity Manager simplifies procurement and licensing. Using business roles helps a lot. Provisioning enables users to make application governance decisions without involving IT personnel. It makes it easier by using account definitions and business roles. 

You can assign different AD groups and applications and enable them for specific users depending on their roles. This minimizes gaps in governance coverage among test, dev, and production servers and makes things easier. 

One Identity is a complete solution that has everything we need. We can use it to manage SAP. It connects SAP to employee identities under governance. This functionality is critical. One Identity Manager provides IGA for the more difficult-to-manage aspects of SAP, which is also crucial. The SAP-specialized workflows are easy to implement. 

One Identity provides a single platform for the administration and governance of users, data, and privileged accounts. It provides a complete overview of all these things. The user interface is intuitive and nice. It shows everything. Customizing the interface isn't hard. You can create custom fields. This is one of the most important things.

The documentation is poor. For example, the synchronization editor has a lot of things happening, but there's just a description. If you want to do something specific with that like create custom views, they just say go to the extension and select the UUID. However, if we don't have a UUID for this view, it will not work. That isn't in the documentation.

It extends governance to cloud applications and it's complete, but there needs to be more connectors for it. That's the only thing I don't like.

I have used One Identity Manager for a year and five months.

I rate One Identity's support eight out of 10. We use the standard support. They send you a link to the documentation or a forum where someone else had the same problem. However, sometimes the documentation isn't useful, so they need to escalate the user to the product leads. In those cases, it takes weeks to resolve. 

Positive

The initial deployment was easy and could be completed in one or two days if we only consider the installation and synchronization of target systems. However, it takes longer to set up the business roles and all that. 

I rate One Identity Manager nine out of 10. The only issue I have is the documentation. 

One Identity Manager can handle all identity use cases.

It's easy to integrate SAP with One Identity. SAP has different modules, and you can manage users through the One Identity interface. Integrating through a stream connector is simple. 

It's role-based access control, and you can manage it. It's perfect for our customer's governance control. One of my customers is using One Identity's PAM solution. It is a separate component and licensing model.

One Identity should open the market with accessible training material and content so that more developers can be available. They have to improve their marketing strategy, partners, and vendors. One Identity should be attracting engineers to learn their product and get certified. They should have strong forums. They could have a certification program where any engineer can get certified. However, their overall approach is complex, which I do not prefer.

The platform isn't very intuitive like the others, but One Identity Manager has migrated their review scripting to the Angular framework, so now it's good, and they're competing with others from the UI perspective.

One Identity Manager is a little complex from a development perspective. If you compare it to SailPoint, it is easy, but One Identity Manager has so many separate components that it is quite complex for development. And sometimes, we have seen some performance issues.

I have used One Identity Manager for more than 10 years. 

I rate One Identity Manager eight out of 10 for stability. 

One Identity is scalable.

One Identity must improve its support because they have a very limited pool of engineers, and they're often occupied. 

I have used SailPoint.

I rate One Identity seven out of 10 for affordability. It's reasonably priced. 

I rate One Identity Manager eight out of 10. It's more suitable for the enterprise level. I wouldn't recommend it for small or medium-sized enterprises. 

In terms of the use case, the traditional use case related to IAM is to synchronize the accounts to the user ID.

Most of the time, we connect it to Active Directory, Azure AD, SAP One, and one or two other systems at the first stage of the project. At the next stage, we start to integrate it with other systems.

My company is an integrator and a partner. I am not the final customer. I deliver solutions to our customers. I also have other solutions in my portfolio, but my strength is Identity Management.

One Identity Manager delivers SAP-specialized workflows and business logic.

It provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts.

The user interface is not a big problem nowadays. About 10 years ago, it could have been a problem, but now, it is easy to do proper localization in Portuguese, Brazilian Portuguese, and Spanish. We have multiple language support. Of course, it is not yet 100%.

When it comes to customization, we need to model the business rules for customers. Every customer has different business rules. For a similar use case, you can have different business rules. I split the ability to model that into two categories. There is the ability to do the parameterization, and there is the ability to do customization with coding, which can have some risks.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers.

It also helps to create a privileged governance stance to close the security gap between privileged users and standard users.

One Identity Manager helps consolidate procurement and licensing. One of the valuable use cases that this solution provides is to take care of the licensing for some of the applications.

One Identity Manager helps streamline the following aspects of application governance: a) application access decisions; b) application compliance; and c) application auditing. We can deliver a use case where when a user requests access, the user may receive a warning that the access being requested conflicts with some other access that the user may already have. We can now model the SOD rules to validate a request when it is made. It is very important to be able to use One Identity Manager to do this kind of validation at the time of the request.

One Identity Manager enables application owners or line-of-business managers to make application governance decisions without IT. We can model that kind of personas, participate in the process, and make some decisions in the workflow process.

One Identity Manager helps to achieve an identity-centric Zero Trust model. That is a very strong use case of One Identity Manager. They claim that they are the only vendor that can deliver the Zero Trust model or Zero Trust architecture for identity, but I do not know if they are the only vendor.

One Identity Manager connects SAP accounts to employee identities under governance. The connector from One Identity for SAP is the most powerful one in the market. This connector can touch all the levels of the objects in SAP. It can not only be connected to SAP ERP but also to SAP HANA, GRC, etc. One of the strengths of One Identity Manager is the SAP connector. You can touch a lot of the SAP environment and also have deep granularity.

It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side. There can be more documented templates where you can take a piece of code and deliver a specific use case. I cannot find that in the documentation. Sometimes, you can go to the community, and sometimes, you have to use their support.

If you implement it properly and finetune it, it is very stable.

I have used their Premier Support. It is called PSO. It is very easy to book an appointment. You can use the calendar to find a slot. You can take half an hour or one hour. Once you are connected, the guy knows it is very important. Based on my experience, they were able to provide the resolution and tell me about the button that I needed to hit and what I needed to do. At that time, I asked them why it was not documented, and the answer from the PSO was that for specific matters, they wanted us to contact PSO. 

I prefer not to involve PSO because the prices are huge. We try to avoid it. When I need to involve PSO, it adds value, but it is very expensive. Whenever I involved PSO, I got the answers I needed within the time in which I needed the answers. I would rate them a ten out of ten.

Premier Support has not been an influence in purchasing additional licenses or products from the vendor.

Positive

I never implemented the SaaS model because of the pricing. My experience is for on-prem.

Its implementation is easy for me, but it is very complex for those who are doing it the first time. It is not straightforward. They do provide documentation, but it is not easy. I usually build my documentation and enable my team. After that, it is easy.

For its implementation, one project manager and two more people are required. One is senior, and the other one is of intermediate experience. Sometimes, developers are also required for customization.

We licensed it from a distributor. In Brazil, it is not possible to directly license One Identity. The distributor's name is ADISTEC. We did not take their help with implementation. We implemented it ourselves. They help me with other solutions but not with One Identity because it is very specific. In Brazil specifically, I do not have resources to help me with implementation. Quest in Brazil has a structure only for commercials. They do help with presale but for implementation, I do not have any kind of help. I usually take the help of the YouTube channel, the official documentation, and the community. We are pretty much doing everything ourselves.

The maintenance usually involves changing the logic, roles, or workflows. After the sign-off for the implementation, I also provide sustainability services where I take care of any problems and also contact the vendor. I also help with the environment and sometimes help implement a new connector if it is easy to implement or is a native connector from an API, for instance. I take care of the sustaining phase issues where we are not installing everything again. We are doing a little bit of parameterization. These services are helpful for revenue and important for our business.

Its price is okay. 

Overall, I would rate One Identity Manager an eight out of ten.

We are managing the entire trend for our identity management, from HR hire until offboarding. We use it for managing all the IT accounts in the company, which has hundreds of thousands of identities.

At the time of the onboarding, this is solution that we have interfacing with HR. On the same day an employee is hired, an account is created and available for the manager when the end user arrives. The opposite is true. The moment employment is terminated, the same day everything is disabled, then later deleted.

We have integrated it directly with SAP, since our HR source of information is SAP and more than 80 percent of our business is run on SAP. Therefore, we have the largest SAP installation in the world. It's fully integrated, so we are creating, managing, and provisioning in SAP, as it is the core of our business. We are synchronizing for SoD, so it's working well. We are using different aspects of the integration.

The overall capabilities of the identity governance and administration (IGA) solution for identity management.

The flexibility of the solution: We are able to use what is out-of-the-box, customize and prioritize it, then further develop it to meet our needs. Our use for it is very complex, but we are able to achieve success with One Identity.

The back-end, its capabilities, and workflows are very good.

I would like a more friendly web UI. This is something that they are already starting to work on. 

Because of our volume, the monitoring of the solution, several job servers, and DBQs has been very time consuming for us.

I would also like it to have an easier integration with phones.

With the current version, the stability is very good. With the previous version, it was not good. We are now in version 8, and it's really stable and performing.

Without this solution, because of our sheer size, we cannot manage our own house.

We are paying for premium support, which is expensive. However, we do receive very good, fast support.

What we implemented is very broad. We implemented basic identity management: workflow, self-service, and shopping for roles. We also implemented SoD. To implement all of this and because of our size, we had to work with partners and One Identity, which was a complex process.

We have seen a little ROI when there was a restructuring reduction in the market for user management teams, but not enough to cover the cost of the project. The focus was on security compliance, not on return on investment.

This solution has helped to reduce help desk calls. We are a very big company, so we have implemented thousands of role-based access controls which give rights to the users. Based on their movements, we are removing or assigning access. We also have the entire onboarding process fully automated. We have removed more than 90 percent of all manual requests for accounts.

This solution has helped to increase employee productivity when it comes to provisioning users. E.g., We can give users access in under a day. It is now based on how long it takes for HR to perform the action to onboard the employee.

We started an RFP in 2013 or 2014. Then, the end of the process was in 2015, we selected One Identity Manager by comparing it against many other vendors.

Define what you are researching. Write down use cases you need. Then, ask for a demo with you data, so you can see actual results.

We are working on our IT cloud strategy. We are starting to do cloud provisioning integrated with our identity management.

We use it for compliance, but not directly for GDPR.

We are using the policy and role management features.

The primary use case is managing business applications.

We have centralized a large number of access management functions. Therefore, you have one place where you can have control and have automated on/off boarding processes for people joining and leaving. We have done a lot of things, covering a lot of applications.

This solution helps with compliance by having a way of controlling an audit trail, knowing how things are done, and knowing how to control who has access to what.

• Publishing capabilities
• Connectors
• This solution is quite flexible. We have a lot of customization since we have our own business processes. 
• We use it to manage our users in SAP.

Maybe it is going this way with the angled frame work, but we really want to be able to watch and control things, so we can change things and know what the impact will be. 

Most importantly for automatic testing and rollouts, we need an easier way of connecting applications and an easier way of onboarding applications. At the moment, the process is very technical. People associate this as a technical and development thing. In the end, onboarding applications should be a business problem, not a development problem. They have take the technical work out of it. That is why we have to completely custom build a framework. Our work is not about connecting 20 or 50 target systems, as we have to connect thousands, which is difficult to do one-by-one. 

The end user experience needs improvement. One of the things the end users complain most about is the shopping cart, because they are not really on eBay or Amazon buying things. They just need access to business applications. Why do they have to click so many times? We probably have around 20 calls a day because a user hasn't got access, not realizing they haven't completed the shopping cart. So, I would recommend removing the shopping cart.

Stability has been a challenge. With version 8, especially post go-live, we had a lot of problems. We were doing care everyday on One Identity Manager for a good month and a half, just fixing things. Therefore, stability was not great at that time.

It is not really scalable. We had to put in a lot of customization to make it scalable. We ended up putting in a lot of instances to build it up to our scale, not only for performance capability, but for change capability. Therefore, if you have to scale for a large amount of people with several different themes, changing the configuration in One Identity can be hard to coordinate. Everyone has to have their own environments to work in; you cannot work in a joint environment easily.

The policy and role management features are a bit hard to scale. The whole model for who can do what and how to set it up is not so well-governed for a larger organization. The demos are always shown for a 100 or 1000 people, but when it is a large number, it is quite difficult to maintain.

The technical support lacks the knowledge on custom deployments. They have good knowledge on the base product, but they lack the knowledge on the custom deployments. 

Their attitude is a bit strange. Quite often, we have to prove that there is a problem with the product rather than having them prove that there is not a problem with the product.

We had some audit issues. We had a distributive access management landscape (fragmented landscape) that we wanted to centralize, because we had a lot of in-house built tools (very narrow scope of tools) that only did one thing. It was expensive to run a lot of different tools, and we wanted to replace it with one tool.

The initial setup was complex. There are a lot of processes, which have to be covered, with a lot of users. Everyone is affected in the organization. It is not an easy thing to standardize, so it is quite complex. Then, we have five different port identity systems working together. This also makes it quite complex with the data replication between them. Therefore, it was not a straightforward thing to do. However, access management isn't a straightforward thing to do.

The SAP integration is quite cumbersome and long. It took many years. With the new addition of the SAP client to the new system, it is not so difficult anymore. However, there are some challenges with the new SAP technologies where they are not really supported by the One Identity tools.

We have used several consultants for the deployment. We used One Identity Professional Services, Data Consulting, Mphasis, Microsoft, and other smaller ones, which usually come through an umbrella company.

We have improved our security.

It has increase employee productivity when it comes to provisioning and controlling access in the system. It previously used to be distributed between a lot of things. Now, we can do them all in a central way. We are now more automated. End users know where to go to access critical business applications. In the past, it was email-based, textile-based, phone calls, and service tickets, so it was hard to know how to get access.

We have a different product for privileged account governance.

Evaluate how you can do the rollout, how will you approach the rollout, and if you have other application. Check how you are going to do the rollout and plan for it, then evaluate the products against it.

It has increased our help desk calls a lot. We probably have between 60 and 100 access calls related to access management processes in One Identity Manager a day.

One Identity Manager has not impacted our cloud strategy and its management.

We use One Identity Manager to synchronize SAP inbound and outbound Exchange data. More generally, we aim to synchronize data between target systems, such as those used in banking or other companies, and One Identity Manager.

One Identity Manager includes a default SAP connector that we utilize. Its simplicity is evident in connecting to SAP sites through a straightforward click or by completing a connection filtering form. We can easily establish mapping and workflow for SAP sites, making it a streamlined process. While exceptions may exist for specific customers, we can accommodate their needs by customizing workflow mappings based on their requests. Overall, the SAP connector provided by One Identity Manager is remarkably user-friendly and accessible to all, in my opinion.

We've used the web designer module, but it won't be available next year. One Identity has transitioned from web designer to Angular web development, offering complete freedom to create custom web pages and websites. While Angular requires JavaScript knowledge, it provides unrestricted development capabilities, unlike the complex web designer module. New employees struggled with learning web design, but Angular's accessibility empowers developers to modify everything within the One Identity website and backend, including database interactions and custom code development. This flexibility makes One Identity Manager a powerful tool for connecting various systems and databases.

Business roles are crucial for our customers because they are an essential identity management tool. Without them, we'd need to manually authorize every employee and group. However, Business roles allow us to create and assign business roles automatically. This is vital for our customers as we develop best practices for business workflows. A key component is creating business websites, for which we establish job descriptions and roles. Subsequently, we automate role assignments based on organization or title, which significantly streamlines our processes.

One Identity Manager is user-friendly for the end user.

One Identity Manager significantly simplifies application auditing. The auditing site we use extensively is one of its most valuable features. One Identity Manager is remarkably effective for auditing because it empowers us to create and deliver new attestation or compliance tools. We can generate all these audits through both the website and Manager modules. The audit screen on the website is exceptionally user-friendly. Customers consistently praise the audit feature, and we have received no complaints about the auditing site. We are highly satisfied with using the audit site for One Identity Manager.

One Identity Manager's most valuable asset is the ability to customize its front-end website.

The One Identity Manager documentation could be improved. Despite using the solution for six years, I encounter difficulties understanding certain features due to unclear explanations in the documentation. Additionally, while the One Identity Manager community has the potential to be a valuable resource, the community site does not effectively assist all users.

The report site could be improved because while One Identity Manager offers around forty default reports, our customers find them insufficient for their needs. Consequently, we must create custom reports to meet their specific requirements. Although building custom reports within One Identity Manager is straightforward, enhancing the existing default reports would greatly benefit our users.

I have been using One Identity Manager for six years.

I would rate the stability of One Identity Manager nine out of ten. While all software products are prone to errors or bugs, I have encountered none, specifically in version nine. Compared to previous versions like eight and seven, which did experience issues that required resolution, version nine represents a significant improvement in stability and reliability, making it the best version of One Identity Manager thus far.

One Identity Manager is well-suited for large-scale environments, making it an ideal solution for enterprise clients.

We use Premier Support from One Identity Manager. They respond quickly to our tickets, and our customers are extremely happy with the support.

Positive

The deployment is straightforward and takes a week to complete.

Prices in Turkey are high due to inflation, a challenge we've heard about from our customers. We understand that European consumers may have different expectations, but we must reduce the pricing to attract customers.

I would rate One Identity Manager nine out of ten.

Generally, we don't utilize a governance site but instead rely on an identity management site. Initially, our customers define the SAP architecture or structure, outlining user roles that must be created and associated with specific rules. We then establish the SAP site's structure and architecture, focusing on user management before addressing roles. Subsequently, we incorporate the business side to enable dynamic role calculation for users by creating business rules for role management and assigning roles to users.

I highly recommend One Identity Manager to others. Its ability to develop everything within a single platform is incredibly valuable for customers. Many other products or software often encounter challenges or require custom development, but One Identity Manager offers a comprehensive solution. Its simplicity and customization options make it a standout choice. While I haven't used other identity management products extensively, I am familiar with some features of competitors like SailPoint. However, One Identity Manager's flexibility allows for modifications to accommodate specific needs, unlike some out-of-the-box alternatives.