One Identity Manager Reviews

One Identity Manager serves my primary use case based on business team requirements, focusing on identity creation, business roles, end-to-end identity creation, JMLs (Joiner, Mover, Leavers), product entitlements uploading, provisioning, reconciliation, synchronization, attestations, and end-to-end product management. The solution handles identity lifecycle management and product lifecycle management through end-to-end testing of a product's provisioning, de-provisioning, and auditing purposes.

The implementation depends on business requirements. For example, with RSA as an application integration, One Identity Manager Web Shop is used for requesting user accounts and entitlements. The request goes through an approval workflow that selects appropriate approvers. Once I log into One Identity Manager Web Shop as an approver, I approve the request, and it proceeds to workflow completion. Upon completion, provisioning is triggered to the target systems. Since the system uses cloud infrastructure and CSM target systems, it goes through One Identity Manager Cloud and Starling Connect, ultimately reaching the RSA target system to validate that the user account is provisioned. Once the user has an account, entitlements can be ordered for that user as well.

One Identity Manager offers customization with separate tools that have positively impacted my organization.

One Identity Manager has been particularly helpful during audits when auditors request logs showing how a user gained access or their current access status, whether through a business role from the front end or through a dynamic role running hourly or per configurations. Provisioning to different target systems is streamlined, making it easy to store the logs, which is the most important aspect for us.

The Job Queue manages jobs triggered from One Identity Manager, and the Sync Editor manages different target system synchronizations. These are the two major tools I use regularly.

One Identity Manager could be enhanced by developing an Android or iOS application alongside the Web Shop to enable mobile access to the application.

I have been using One Identity Manager for seven years.

One Identity Manager is stable.

Before choosing One Identity Manager, I considered SailPoint, but it cannot be heavily customized. One Identity Manager was selected because it provides greater customization capabilities.

One Identity Manager has made the audit process smoother for my team and organization, which is the most important outcome.

I would advise others considering One Identity Manager to recognize that it is both user-friendly and auditor-friendly.

One Identity Manager is a really good product. I have worked with the same product for almost seven years across two different clients, and both clients are satisfied with the product. I provide this review with a rating of nine out of ten.

The overall purpose for using this product is for identity management, which is our core requirement.

We adjusted the number of authorizations given to a person. Before, it used to just collect and collect under people. Now, we can adjust and remove authorizations so they don't just stack up. It's reduced the number of authorizations assigned. 

The workflow has improved from request to assignment. We've been able to accelerate the speed significantly. 

I like the workflow engine and the deep integration with SAP products, including SAP authorizations. In the market, there aren't many products that can deliver this feature. The possibility of customizations is a significant aspect that makes this product stand out from others. 

Additionally, the number of connectors they support is commendable. Reducing the number of authorizations given to people on average is beneficial. Previously, individuals had accumulated authorizations as they moved between departments over their careers. 

Now, there's an attestation process when a person moves to a new department, allowing managers to decide on reassigning authorizations. This has led to fewer authorizations being assigned, which is one of its most important benefits. Moreover, the time taken from an authorization request to an assignment has also been accelerated.

One Identity Manager connects SAP accounts to employee identities under governance. We have an HCM connector, and we have built up the complete life cycle of an identity. TThis means when a person leaves the company or has a transition to another department, we also have processes implemented that we take care that they lose the authorization.

The solution provides IGA for difficult-to-manage aspects of SAP, like profiles, rules, etc. We use transaction codes and activities, and so on, on the lowest sub-authorization level for segregation and security checks. We assign roles, composite roles and single roles.

In terms of user experience and intuitiveness, there is always an issue from one product to another. In the beginning, the users may find it a bit complicated. However, they get new functions and a fancier UI. Overal, it provides a good impression.

It's easy to customize. The product has a huge number of possibilities or ways you could go. That said, you need good knowledge of the product. It's complex. This product needs a deep understanding of how the product works and how the implementation needs to be done. You need an external partner with good experience.

We make use of the product's business roles. We try to catch 80% of the authorizations so only 20% of authorization would need to be requested. 

We have connected cloud applications, including SAP cloud systems. These extensions to governance are very important. They need to be integrated. Our aim is to integrate every system where management takes place under one solution. 

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. Now, we can identify when users have no need anymore to have certain authorizations on a special system or special groups. Our user life cycle takes care of this. When they are not in the department anymore, they won't have access. It makes access to special systems more secure. 

It does help with licensing. If two licenses are similar, we can look at the settings and make sure that users are getting more licenses than we need, and when they leave, the license can be removed. It helps save license costs. 

The solution helps with application auditing and compliance as well as access decisions. 

We've been able to achieve an identity-centric zero-trust model. We have other applications around this, however, we are able to give authorizations only to one person and so that no one has more than they need to avoid security risks. People only get authorizations to that which is a user's core functions. 

We have more complex approval processes for normal authorizations. 

The user interface is good, however, there is space for improvement. Specifically, the way information is presented in the system could be refined so that users are not overwhelmed with technical details. They require more business information. We believe there is substantial room for enhancement in this area. 

There is also room for improvement in how we integrate systems. In some instances, we could achieve deeper integration. However, it requires effort, and we must decide if it makes financial sense.

The downside of the product is it is complex and you need an implementation partner to help you develop it. You can't do it on your own. 

I have used the solution for over four years.

We missed functions in SAP, and there was no further development to meet our needs. There was also no future strategy, and they have discontinued the development of this product. This made us decide that this was not the product for the future.

The deployment was easy in some aspects and complex in others.

There is maintenance needed in the form of upgrades and daily maintenance of one to two hours a day. 

Our partner helped with the implementation. It was, at points, a complex migration and implementation, and we are satisfied with the collaboration.

We are in the upper quarter regarding cost, so it's expensive. However, it is definitely a product with the best future perspective. In terms of function and support, it offers a fair price yet remains an expensive product.

We're a medium-sized company with locations across several countries. We have around 50,000 external and internal users.

One Identity Manager was the right decision in comparison to other market products. With other products, we would not have made such a good decision. 

We had a partner that provided training, coaching and implementation assistance. They were more focused on integration and helped with complex customizations and post-implementation support. We don't need as much support anymore. 

Overall, I rate the product an eight out of ten. I'd recommend it to other users. It was the right decision for us to go with this product in the end. 

One Identity Manager streamlines our entire identity lifecycle management. It handles onboarding new joiners, assigning and controlling roles with role-based access control, and automates user access reviews twice a year. Additionally, the system facilitates reporting for audits, providing auditors with necessary information on demand. This centralized system acts as a one-stop shop, managing everything from onboarding and role assignment to offboarding and emergency access control.

With centralized user management, data is effortlessly pulled from various systems like SOAR and HR, simplifying user creation and data maintenance. This allows for easy user editing, role assignment based on HR attributes or department affiliation, and streamlined account allocation based on review levels, departments, or the entire organizational structure.

Our Access Control in One Identity Manager is 99 percent automated saving us nearly 100 percent of our time.

One Identity Manager simplifies SAP administration by providing a centralized view of even logically disconnected SAP accounts. It offers a flexible helpdesk approach. We can either leverage its built-in model or create our own UI accessible to specific teams based on their applications. This ensures each team sees only relevant tickets for their area, streamlining access management for disconnected applications.

One Identity Manager can connect SAP accounts to employee identities under governance.

One Identity Manager simplifies Identity Governance and Administration for SAP, a complex system to manage in this regard. It empowers us to effectively manage SAP profiles, roles, and groups, ensuring their proper assignment to corresponding SAP accounts.

The solution delivers SAP-specialized workflows and business logic.

One Identity Manager integrates with its Privilege Access Management solution to provide more granular control. This means we can define different account types within One Identity Manager, such as normal, admin, and privileged accounts. By assigning privileged access only to designated accounts, we can restrict access and permissions and enhance overall security control.

One Identity Manager offers a user-friendly experience with an intuitive interface. It even provides a webshop for end users, allowing them to easily request new roles or accounts in various systems with a simple two-click process.

Having the right resources makes customization a breeze. While understanding customer needs and translating them into technical specifications requires some processing upfront, One Identity's suite of tools simplifies the actual back-end work. From drag-and-drop interfaces for workflows and reports to scripting and C# coding supported by existing SDKs, customization options cater to all users.

This dynamic application provisioning solution uses business roles to map our company's organizational structure. In other words, access to applications is determined solely by our assigned role within the company hierarchy. This role-based approach ensures users only receive the permissions they need based on their specific function, preventing unnecessary access.

One Identity Manager streamlines our cloud governance by providing a centralized platform to manage user access permissions across all connected cloud applications. This eliminates the need for individual provisioning for each app, ensuring efficient authorization control.

We have significantly improved our compliance posture with One Identity Manager. Previously, auditors identified numerous findings during manual audits, requiring extensive time and resources to address. With One Identity Manager, we've automated the onboarding, offboarding, and joiner processes, achieving a 95 percent closure rate on audit points. This centralized solution streamlines the auditor experience, allowing them to efficiently obtain information from the IAM team, saving both the organization and auditors valuable time.

We have minimized inconsistencies in how our governance policies are applied across test, development, and production environments.

One Identity Manager helps us create a privileged governance stance to close the security gap between privileged users and standard users by managing those accounts separately. This segregation prevents unauthorized access, as standard accounts cannot hold privileged rights and vice versa. This clear separation helps to close the security gap between these user types.

One Identity Manager streamlines our procurement and licensing processes, allowing our initially large operations team to focus on more strategic tasks. By automating license management for connected applications like SAP and Azure Active Directory, the solution eliminates the risk of human error – forgotten access removals for unused licenses are a thing of the past. Now, licenses are automatically assigned and reclaimed based on user activity, ensuring efficient resource allocation. This means new hires receive immediate access, and vacated licenses become readily available, freeing the operations team from manual license management headaches.

One Identity Manager streamlines application access decisions by automating the provisioning and de-provisioning of user access based on HR data. This eliminates manual intervention and delays for both HR and department personnel. When an employee changes departments, their access permissions are automatically updated in the identity management system, granting them the necessary tools to perform their new duties immediately.

It also streamlines the automation of identity and access controls, making it easier to implement a zero-trust security model where every user and device is verified before granting access.

While our audit processes were once cumbersome, requiring auditors to chase down reports from individual SAP administrators, everything is now centralized. One Identity Manager stores all application and database information in a single location, streamlining reconciliation efforts.

One Identity Manager stands out for its extensive functionality. It allows us to perform nearly any customization a customer might require, unlike other products with limited customization options. One Identity Manager's wide scope for tailoring configurations makes it a versatile tool. It can connect to various target systems, including Active Directory and schema-based systems like REST APIs. This makes One Identity Manager a great fit for our organization's end-to-end needs, from user provisioning and auditing to onboarding new joiners. It seamlessly fits all our requirements.

Transitioning from legacy technologies, like for a seasoned web designer moving to Angular, can be challenging and requires dedicated learning. To ease this shift, One Identity Manager could provide reusable components, similar to other systems, which would streamline the learning process and allow for greater customization.

I have been using One Identity Manager for almost ten years.

Offers a user-friendly experience with an intuitive interface and makes customization a breeze

I would rate the stability of One Identity Manager ten out of ten.

One Identity Manager is highly stable when used with its built-in features, but customized scripting introduces an element of user responsibility - any instability caused by custom code would be due to how it's written, not the software itself.

I would rate the scalability of One Identity Manager ten out of ten.

You only need premium support if your One Identity software is outdated. Standard technical support, which comes with your license, covers the current version and usually the one before it.

The technical support offers a good experience. They provide a portal to submit issues, collect all necessary information, and have an L1 team address them. If the L1 team can't resolve the problem, they typically escalate it to the L2 or L3 teams for further assistance, demonstrating a commitment to finding a solution.

Positive

We migrated from Oracle Identity Governance to One Identity Manager due to licensing costs, limited functionality, and Oracle's decision to retire the product.

The deployment took one week and required five people.

VMDH assisted us with the initial setup, and for any future support, we can contact One Identity directly or reach out through their authorized partner.

One Identity Manager has positively influenced our ROI in terms of security and compliance. 

One Identity Manager is cost-efficient. The license is based on the number of identities we have.

We use a One Identity partner, VMDH for our licensing.

I would rate One Identity Manager nine out of ten.

We have 3,000 front-end users in our organization. While we only have a single instance of One Identity Manager, for redundancy purposes our servers are spread across different data centers. This means if one data center experiences an outage, the application can fail over to the remaining servers in another location, ensuring continued functionality.

One Identity's partner, VMDH did a good job training our staff on the solution.

Six years ago, VMDH provided us with initial assistance customizing One Identity Manager. We have since developed our expert team and now primarily rely on them for our One Identity needs. We only contact VMDH in critical situations when we require immediate help from One Identity experts. In such cases, we typically reach out to One Identity directly, but if there are delays, we will then connect with them through VMDH.

One Identity's partner was on standby in case we required any post-implementation support.

The customer service we received from the One Identity partner was good.

I found the One Identity partner to be valuable, rating them a nine out of ten.

One Identity Manager is designed for low maintenance, requiring infrequent patches and updates to keep it running smoothly.

One Identity Manager offers a unified approach to identity and access management. It eliminates the need to cobble together multiple products from different vendors for functionalities like Identity Access Management or Privileged Access Management. This saves your organization's time and resources.

One Identity Manager is used to manage identity and user account changes. We use this solution for user role changes, onboarding, and access-based requests, access certification, and compliance audits. We handle all of these functions while integrating multiple systems such as Active Directory, Azure, and SAP into one identity platform.

One Identity Manager's strong automation is the best feature, as it has reduced manual effort during user onboarding and access management. The unified centralized governance is very useful, allowing us to manage all user access and systems from one platform. One Identity Manager has reduced human error during onboarding and has saved significant time.

Currently, this solution appears to perform well for our automation use case. I chose a rating of nine out of ten because I consider this solution to be a good service, but I have reserved one point for potential enhancements to the features.

I have been using One Identity Manager for more than two years.

One Identity Manager is stable in my experience.

The support team for One Identity Manager is excellent. I have received multiple instances of technical support during both implementation and post-implementation phases.

The integration process for One Identity Manager was easy. We referred to the knowledge base provided by the solution, which helped us integrate successfully through a step-by-step approach.

One Identity Manager has saved both time and money because the organization does not have to expend additional resources.

I recommend considering One Identity Manager by starting with a clear understanding of your identity and access management requirements. The organization should define workflows and policies prior to implementing this solution to get the most value from the platform. I highly recommend using this solution to leverage these features.

I usually provide consultancy for clients and help the team work with the technology.

Business roles in One Identity Manager is something that we normally use and it is very important for the clients. The usability of the platform is good.

The feature that provides the most value to me in One Identity Manager is the customization that can be made within it. It is a very customizable tool. One Identity Manager is very well prepared for any possibility of the clients and it is a comprehensive tool where you can make everything.

There is a specific part in One Identity Manager for clients so they do not see the entire solution. This helps clients who do not have all the knowledge to use the platform. That part is very user friendly.

You can extract the information that you need from One Identity Manager. Usually the clients do not have any issues with this part.

I think that One Identity Manager is a solid eight. AI, intuitiveness, and automations could be improved. Better documentation is needed. One Identity Manager is a complicated solution and needs more documentation, more explanations, and tutorials. This would help partners and clients because documentation should be created for clients as well.

I am using One Identity Manager for one year.

If it is Entra ID from Microsoft, everything is fine. With others, it is more complicated.

It depends on the clients. There are times when clients have a better price and that is acceptable for One Identity Manager. For others, the price is in the normal range for the market.

Saviynt and SailPoint are competitors. I think that they are in the same way as One Identity Manager.

One Identity Manager is very easy to deploy.

The first deployment of One Identity Manager to not be totally functional takes less than one week. If we consider everything that could be involved, such as human resources and Active Directory, it can be more. It can be around six months or something like that.

One Identity Manager does require the normal updates. There are some situations but nothing special.

At first, it is difficult to understand everything in One Identity Manager. Probably no one knows everything, but when you know how it works, most of the platform can be easy.

One Identity Manager is working well in every part. Probably in the Angular part, but they are working on that, so it is fine. They are doing good work.

I recommend One Identity Manager. If a client sees everything about the technology and about the solution, they can make a decision to implement One Identity Manager because it is a very good solution. Sometimes they are a little confused about all of the information that they have.

One Identity Manager is in the top of the solutions, probably with one, two, or three more. The decision is not really about whether the solution is better or not. It depends more on whether the client has any knowledge or experience with that or something like that. It is not actually a matter of whether it is a better solution or not. It is more about a commercial thing or client knowledge.

One Identity Manager has been integrated and in use for two years. The primary focus is on integrating One Identity Manager for other customers, particularly mid-sized financial institutions. The implementation targets unifying user access across internal applications, cloud platforms, and third-party partner systems.

While specific details cannot be shared due to NDA agreements, one organization had multiple identity systems: one for internal employees, one for external employees such as contractors, and another for partners. This fragmentation caused inconsistent access, security vulnerabilities, and slow onboarding and offboarding processes. One Identity Manager was implemented to consolidate these systems, resulting in significantly faster operations.

One Identity Manager's best features include fast setup with the ability to be configured locally for direct database access. The solution provides specific procedures for onboarding and offboarding, and supports the use of custom connectors.

One Identity Manager has positively impacted the organization by reducing account creation and access approval times from days or weeks to minutes or hours through automated workflows. Self-service access requests are routed through a central portal with defined approval paths, which minimized manual work and accelerated onboarding. Governance functions such as attestations and access reviews are now enforced consistently, which was not the case previously.

One Identity Manager can be improved in the areas of documentation and training, both of which are severely lacking.

Three years have been spent working in the current field.

One Identity Manager is genuinely stable, particularly the LTS versions.

One Identity Manager's scalability performs comparably to other One Identity products and scales effectively from very small organizations to large financial companies, including major banks and other large entities.

One Identity Manager's customer support is good. Response times average four to five days, sometimes extending to six days, but the support team has been genuinely helpful in addressing cases in a timely manner.

A different solution was not previously used, as the customer specifically requested One Identity Manager.

Specific details regarding pricing, setup cost, and licensing cannot be shared. However, One Identity is quite affordable, particularly with partner status.

Other options were not evaluated before choosing One Identity Manager.

One Identity Manager is the industry standard for valid reasons, which demonstrates its quality. It is backed by a large and reputable company and is genuinely easy to learn and implement. The documentation is adequate. One Identity Manager's onboarding and offboarding processes are considerably faster than previous methods, resulting in significant time savings that translate to cost savings. The overall impression of One Identity Manager is positive, and a rating of 8 out of 10 reflects the value and effectiveness of this solution.

I am a consultant for One Identity Manager and implement it for clients. They use it for ordering permissions, attestation of permissions, and reporting on permissions.

Customers use One Identity Manager to manage SAP. SAP integration is very important because clients have critical business processes in SAP systems. Governance of SAP users and permissions is important.

One Identity Manager is a good solution for providing a single platform for enterprise-level administration and governance of users, data, and privileged accounts. You have a view of all the users, permissions, and connected systems, and you can have a whole range of connected systems such as Active Directory, SAP, Entra ID, Exchange Online and others. You can import identities from HR systems or create them manually and join them with their accounts and permission. It gives you a view of the permissions and roles people have in different target systems. You can combine that with roles that are automatically populated through inheritance. You can also combine it with attestation so that you have an approval process for those rights. You can basically check that they are not assigned forever or when not needed.

Customers use One Identity Manager's business roles to assign permissions based on membership in organizational structures, such as departments, locations, job functions. This functionality is very important because you can model your business as a hierarchy and inherit permissions and accounts along with this hierarchy. It is a good solution to assign permissions automatically. For example, if you have different locations for your business, you can model those locations in the business roles and assign people to those roles automatically through HR import. That makes life easy and gives you a graphical view of that structure in One Identity Manager. For people who are not too technical, it makes it easy to understand how permissions are inherited.

It gives an overview of licenses. For example, in One Identity Manager, you can have an overview of Office 365 licenses being used. Apart from that, you can see how many and which accounts are being used, but it is not a license management tool.

Attestations help you determine if someone should have a certain permission or not. You can also have recurring attestation where, for example, a manager can decide if certain permissions are needed for certain people. For compliance, you can implement segregation of duties where you can specify that if you have permission A, the users cannot have permission B.

For auditing, you can see the permissions and the accounts people have, but it is a view from a certain point in time. There might be some gaps or synchronization delays between One Identity Manager and the target system, such as SAP. For auditing or a tracing without any gaps, you need tools that monitor permissions in those systems in real-time, similar to Change Auditor from Quest.

It helps to create a privileged governance stance to close the security gap between privileged users and standard users. You can have different types of identities. You can have a person with a non-privileged identity and also a privileged identity. It helps to separate those, but at the same time, you can see what kind of permissions a person has in total. You have a view of both the non-privileged and privileged identities.

It is very comprehensive. There are a lot of features in the product. The strong points are that you can model your organization in One Identity Manager and create roles. There is a Webshop where end users can order permissions and accounts. These are its strong points.

What is missing is a mobile user interface for the end-users so that they can do simple things on their mobile phones on the go. 

The time it takes to synchronize a large target system is often significant, often taking multiple hours. That is something that could be improved. I am aware that it is often due to the performance of the target systems, but it is a problem in day-to-day operations to have slow synchronization.

I have been using it for 12 years now.

It is stable. I would rate it a nine out of ten for stability.

One Identity Manager has improved in terms of performance and added functionality. There is better stability. They have invested in more modern web interfaces and are moving to the cloud as well. You can run it on prem, in your own private cloud, or you can have a SaaS solution nowadays.

It is scalable. I would rate it an eight out of ten for scalability. I have seen it work well in large environments.

There are different support tiers, some with 24/7 support and a dedicated technical account manager.  

If you have outages or critical production problems, you can count on the manufacturer to help resolve the situation. Minor questions are not always treated as fast as one would wish, but for the critical stuff, you can rely on them.

Positive

Its implementation effort depends on what you want to achieve, but it is not straightforward. You need solid knowledge of One Identity Manager. You also need a good strategy and information about what you want to achieve with One Identity Manager, how you want to connect to your target system, and what kind of processes you want to have in One Identity Manager.

But you can rely on the manufacturer and partners to help you with that.

In terms of maintenance, you have to update it regularly to be in support. Otherwise, after some time, there would not be any support from the manufacturer. Also, the manufacturer is fixing bugs and extending the product, so it makes sense to be current with the software.

As a consultant, I help the in-house team deploy the solution.

It saves an enormous amount of time. If you do not see it as purely an Identity Management tool but as a possibility to automate processes in the company, it provides a huge amount of value. If you use it the right way and think of which processes in terms of Identity Management you can automate, it will save a whole lot of time. 

The time savings depend a bit on what you are automating. For example, if you can automate assigning accounts and permissions by making use of the organizational structure and let managers order permissions through the web shop, you accelerate your business processes and reduce the amount of manual labour involved. 

My clients have been using it for a long time now. They have looked at other products as well, so it seems worth the price.

One Identity Manager is the most complete offering because you have the connection to the target systems and you have inheritance, which is powerful and not something every other vendor has. They have a Webshop with approval processes for ordering accounts and permissions. It is a complete package, and you get all this in one product. In terms of functionality, it is very good compared to other products on the market.

If you are a user, it is not too difficult to get into it. You have to be familiar with the concepts of Identity Management, as well as inheritance of roles and permissions and how to use the tools. It is manageable. If you want to be a developer in Identity Manager, that is a different thing because it takes way longer to get into. For example, the new web portal has an Angular web front. If you have Angular web development skills, you can more or less get straight into it.

One Identity Manager has a certain complexity, and it is not always easy. From an end-user perspective, there is a web interface to request permissions, reset your password, or manage your account in some aspects. However, when you get into the management of One Identity Manager itself, you need some knowledge, and it is not always straightforward. It is complex.

When it comes to customization, the ease depends on what you want to customize. Certain aspects of the product are easy to customize. You do not need programming knowledge, or you can do it with minimal programming knowledge. For some aspects, you need programming expertise in Angular or other programming languages, such as .net. You need to have a good grasp of how the Identity Manager works.

My recommendation is to first determine your needs and then look for a product that addresses them. One Identity Manager is a big product that provides lots of functionality. If you do not need lots of features, you could go for a SaaS solution, maybe also from One Identity.

Set up a strategy and do a proof of concept. Validate some of the requirements to see if it is a good fit and implement One Identity Manager if you are satisfied with the PoC.

Overall, I would rate One Identity Manager a nine out of ten.

I used it in my last organization. We wanted to publish the applications present in the Oracle Database on the IAM portal. We used One Identity Manager to publish the apps on the portal so that end users could access product policies and workflows from this website. This included handling approvals, user workflows, SOD violations, SOX compliance, and other aspects.

We had users from Germany who wanted an SAP system accessible through One Identity. To integrate, we simply followed documentation from the SAP team and One Identity's website. 

One Identity Manager connects SAP accounts to employee identities under governance. For end users, logging into SAP systems is simplified as authentication is needed only once if SAP is linked with Active Directory accounts. 

We used the solution’s business roles to map company structures for dynamic application provisioning. For the Oracle EBS application, we used to have hundreds of business roles. A user used to get assigned roles automatically based on the team joined.

From an end-user perspective, it is very easy to use. There is no need to follow extensive documentation; you just need to go through the process while raising a request. From a developer's point of view, self-practice is essential to grasp the necessary tasks, as initial use might be confusing. The first time, you have to use the documentation. Once you are familiar with concepts, it gets easy.

There are occasional issues with the UI or errors when servers are not up and running, often requiring a restart from cache memory and other related areas. For instance, I experienced delays while working in India. Canadian or US teams would restart systems in their morning, leading to wasted workdays for us, as we had to wait an additional four to six hours. This lack of 24-hour support is problematic from a testing and development standpoint.

I have used One Identity Manager from October 2021 to July 2024, totaling nearly two and a half years.

Servers occasionally malfunctioned at their site, necessitating restarts. This issue occurred approximately once or twice a month, specifically affecting the test and development environments, not the production environment.

The system is quite scalable. In my project, we used to handle 50,000 to 60,000 records of Active Directory. For SAP, we used to have around 40,000 records. We could handle about 1,00,000 records for different users. It also depends on the server being used for One Identity. We had an on-premise server, but we did not manage it. Another team managed it.

We used their regular support. If they were online, their response was prompt. If I raised a request while they were active, I received responses within an hour. If needed, I could connect with them over a meeting link. In such cases, support was swift.

I would rate them a nine out of ten. When they are online, they are good. The speed is quite fast.

Positive

The initial setup depends on the application. For SAP, LDAP, and other basic applications, it is relatively straightforward. However, more complex systems like Oracle Fusion can present challenges.

The maintenance was handled by One Identity.

While one person can handle the deployment, we typically engage two to three people. This allows for comprehensive planning, ensuring all necessary tasks are covered. If a single person is responsible, it is crucial for them to record the meeting to capture errors and share them with the team if needed.

From a developer's point of view, you can get used to it by doing some labs. If you are using it for the first time, you might not understand all the things that need to be done. Self-practice is a must for a developer.

It is important for users to do self-study, particularly in the test environment, before engaging with a project. There is a trial version available and possibly some videos, though not many. Users should focus on exploring features independently, such as how to sync users, use different tools, and manage mail templates, policies, and workflows. Much of this understanding depends on the user's initiative rather than external instruction.

Overall, from an IGA perspective, I would rate One Identity Manager an eight out of ten.