One Identity Manager Reviews

I usually provide consultancy for clients and help the team work with the technology.

Business roles in One Identity Manager is something that we normally use and it is very important for the clients. The usability of the platform is good.

The feature that provides the most value to me in One Identity Manager is the customization that can be made within it. It is a very customizable tool. One Identity Manager is very well prepared for any possibility of the clients and it is a comprehensive tool where you can make everything.

There is a specific part in One Identity Manager for clients so they do not see the entire solution. This helps clients who do not have all the knowledge to use the platform. That part is very user friendly.

You can extract the information that you need from One Identity Manager. Usually the clients do not have any issues with this part.

I think that One Identity Manager is a solid eight. AI, intuitiveness, and automations could be improved. Better documentation is needed. One Identity Manager is a complicated solution and needs more documentation, more explanations, and tutorials. This would help partners and clients because documentation should be created for clients as well.

I am using One Identity Manager for one year.

If it is Entra ID from Microsoft, everything is fine. With others, it is more complicated.

It depends on the clients. There are times when clients have a better price and that is acceptable for One Identity Manager. For others, the price is in the normal range for the market.

Saviynt and SailPoint are competitors. I think that they are in the same way as One Identity Manager.

One Identity Manager is very easy to deploy.

The first deployment of One Identity Manager to not be totally functional takes less than one week. If we consider everything that could be involved, such as human resources and Active Directory, it can be more. It can be around six months or something like that.

One Identity Manager does require the normal updates. There are some situations but nothing special.

At first, it is difficult to understand everything in One Identity Manager. Probably no one knows everything, but when you know how it works, most of the platform can be easy.

One Identity Manager is working well in every part. Probably in the Angular part, but they are working on that, so it is fine. They are doing good work.

I recommend One Identity Manager. If a client sees everything about the technology and about the solution, they can make a decision to implement One Identity Manager because it is a very good solution. Sometimes they are a little confused about all of the information that they have.

One Identity Manager is in the top of the solutions, probably with one, two, or three more. The decision is not really about whether the solution is better or not. It depends more on whether the client has any knowledge or experience with that or something like that. It is not actually a matter of whether it is a better solution or not. It is more about a commercial thing or client knowledge.

One Identity Manager has been integrated and in use for two years. The primary focus is on integrating One Identity Manager for other customers, particularly mid-sized financial institutions. The implementation targets unifying user access across internal applications, cloud platforms, and third-party partner systems.

While specific details cannot be shared due to NDA agreements, one organization had multiple identity systems: one for internal employees, one for external employees such as contractors, and another for partners. This fragmentation caused inconsistent access, security vulnerabilities, and slow onboarding and offboarding processes. One Identity Manager was implemented to consolidate these systems, resulting in significantly faster operations.

One Identity Manager's best features include fast setup with the ability to be configured locally for direct database access. The solution provides specific procedures for onboarding and offboarding, and supports the use of custom connectors.

One Identity Manager has positively impacted the organization by reducing account creation and access approval times from days or weeks to minutes or hours through automated workflows. Self-service access requests are routed through a central portal with defined approval paths, which minimized manual work and accelerated onboarding. Governance functions such as attestations and access reviews are now enforced consistently, which was not the case previously.

One Identity Manager can be improved in the areas of documentation and training, both of which are severely lacking.

Three years have been spent working in the current field.

One Identity Manager is genuinely stable, particularly the LTS versions.

One Identity Manager's scalability performs comparably to other One Identity products and scales effectively from very small organizations to large financial companies, including major banks and other large entities.

One Identity Manager's customer support is good. Response times average four to five days, sometimes extending to six days, but the support team has been genuinely helpful in addressing cases in a timely manner.

A different solution was not previously used, as the customer specifically requested One Identity Manager.

Specific details regarding pricing, setup cost, and licensing cannot be shared. However, One Identity is quite affordable, particularly with partner status.

Other options were not evaluated before choosing One Identity Manager.

One Identity Manager is the industry standard for valid reasons, which demonstrates its quality. It is backed by a large and reputable company and is genuinely easy to learn and implement. The documentation is adequate. One Identity Manager's onboarding and offboarding processes are considerably faster than previous methods, resulting in significant time savings that translate to cost savings. The overall impression of One Identity Manager is positive, and a rating of 8 out of 10 reflects the value and effectiveness of this solution.

On-premises

Our primary use case for One Identity Manager is focused on automatization and digitalization, specifically in introducing identities with appropriate permissions across various IT systems.

One of the most valuable features of One Identity Manager is its availability as an on-premises solution and as infrastructure-as-a-service in the cloud. Additionally, the reporting capabilities, powerful synchronization engines, and workflows, including the SAP connector, are highly beneficial. The solution provides an identity-centric approach which supports achieving a Zero Trust model, and it significantly reduces operational costs by allowing the same number of support team members to manage a greater number of systems.

The user experience has been a concern in the past, particularly with the web interface, but improvements are expected with the transition to Angular. The support from One Identity is very poor. The response is often delayed and lacks actionable advice, such as suggesting updates without confidence in their effectiveness. It is crucial for them to expand their support team to match their product's success. More comprehensive testing and detailed best practices in handbooks could enhance problem resolution.

We have been using One Identity Manager for quite some time, starting with their former product, ActiveEntry, since 2007.

Deployment is complex due to numerous prerequisites that must be met. Installation takes longer than expected, but after a solid design and documentation, it works well.

Customer service and support for One Identity Manager are poor. Despite thorough pre-case activities, responses are often delayed, inadequate, and lack confidence in solving issues. The current support team is overwhelmed by the product's success, and more personnel are needed to improve service.

Negative

The initial setup of One Identity Manager requires a solid design and documentation. It is not a tool to be used without thorough planning. The primary installation is complex, with many prerequisites and conditions that must be addressed. Successful deployment requires careful consideration of all design and documentation steps.

It is difficult to quantify the exact return on investment, but we have observed significant benefits in terms of operational efficiency. The same team can now manage many more systems than before, which is a remarkable advantage.

One Identity Manager is positioned as a premium product. It falls between middle and high in terms of cost, approximately a six to seven if ten is expensive.

More tests incorporating different use cases and scenarios would be beneficial. It would be advisable for One Identity's testing processes to include real-world feedback and use cases, allowing for more thorough and robust product improvements. I rate the overall solution at least eight out of ten.

On-premises

I used it in my last organization. We wanted to publish the applications present in the Oracle Database on the IAM portal. We used One Identity Manager to publish the apps on the portal so that end users could access product policies and workflows from this website. This included handling approvals, user workflows, SOD violations, SOX compliance, and other aspects.

We had users from Germany who wanted an SAP system accessible through One Identity. To integrate, we simply followed documentation from the SAP team and One Identity's website. 

One Identity Manager connects SAP accounts to employee identities under governance. For end users, logging into SAP systems is simplified as authentication is needed only once if SAP is linked with Active Directory accounts. 

We used the solution’s business roles to map company structures for dynamic application provisioning. For the Oracle EBS application, we used to have hundreds of business roles. A user used to get assigned roles automatically based on the team joined.

From an end-user perspective, it is very easy to use. There is no need to follow extensive documentation; you just need to go through the process while raising a request. From a developer's point of view, self-practice is essential to grasp the necessary tasks, as initial use might be confusing. The first time, you have to use the documentation. Once you are familiar with concepts, it gets easy.

There are occasional issues with the UI or errors when servers are not up and running, often requiring a restart from cache memory and other related areas. For instance, I experienced delays while working in India. Canadian or US teams would restart systems in their morning, leading to wasted workdays for us, as we had to wait an additional four to six hours. This lack of 24-hour support is problematic from a testing and development standpoint.

I have used One Identity Manager from October 2021 to July 2024, totaling nearly two and a half years.

Servers occasionally malfunctioned at their site, necessitating restarts. This issue occurred approximately once or twice a month, specifically affecting the test and development environments, not the production environment.

The system is quite scalable. In my project, we used to handle 50,000 to 60,000 records of Active Directory. For SAP, we used to have around 40,000 records. We could handle about 1,00,000 records for different users. It also depends on the server being used for One Identity. We had an on-premise server, but we did not manage it. Another team managed it.

We used their regular support. If they were online, their response was prompt. If I raised a request while they were active, I received responses within an hour. If needed, I could connect with them over a meeting link. In such cases, support was swift.

I would rate them a nine out of ten. When they are online, they are good. The speed is quite fast.

Positive

The initial setup depends on the application. For SAP, LDAP, and other basic applications, it is relatively straightforward. However, more complex systems like Oracle Fusion can present challenges.

The maintenance was handled by One Identity.

While one person can handle the deployment, we typically engage two to three people. This allows for comprehensive planning, ensuring all necessary tasks are covered. If a single person is responsible, it is crucial for them to record the meeting to capture errors and share them with the team if needed.

From a developer's point of view, you can get used to it by doing some labs. If you are using it for the first time, you might not understand all the things that need to be done. Self-practice is a must for a developer.

It is important for users to do self-study, particularly in the test environment, before engaging with a project. There is a trial version available and possibly some videos, though not many. Users should focus on exploring features independently, such as how to sync users, use different tools, and manage mail templates, policies, and workflows. Much of this understanding depends on the user's initiative rather than external instruction.

Overall, from an IGA perspective, I would rate One Identity Manager an eight out of ten.

On-premises

I have been in various roles. I have been a developer, an operational manager on this One Identity tool, and also a product analyst. We have used it in various phases.

I'm an official partner. The consultants I work with have provided me with a consultancy license, and the clients have their own licenses, but we work with our own licenses. Whenever there is a vendor bug or something is needed, we use our license to raise a ticket on behalf of our client. 

The consultancy that I work with has been One Identity's Partner of the Year for the last five years. We have offices in Europe, the Middle East, Asia, Africa, and the Americas. In Europe, the Middle East, and Africa, we have been the top partner for the last three years, and in Asia-Pacific, we have been the top partner for the last year.

We have a license program with them. When we sell the product, it's a partnership between One Identity and us. They get a share of the profit, and we get a share. The client pays the full price of the product. 

One Identity is cost-effective compared to the market. It offers functionalities and features at a very low price relative to ForgeRock or SailPoint. The first advantage you see is the heavily reduced cost. 

There are also some other aspects. For example, it provides a lot of functionality out of the box. You don't need to spend money on external developers to customize or do some special configuration that requires a person for additional maintenance. Other than that, there are some additional security features like attestations and approval features that are intuitively made inside. 

These features give you an advantage immediately, and in the long run, they simplify the audits. You don't have to be around the auditors every time to explain things. You give them a specific account to use for the audit and allow them to play around with the tool. 

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. We have four or five environments. Based on that, there are configuration parameters with which you can segregate between every environment. It's quite easy and configurable. 

Depending on which modules you install, it helps to close the security gap between privileged and standard users. In Identity Manager, there is a module called Application Governance. If you install that module, you get that functionality or features, but many clients prefer a custom implementation. IGA is not supposed to provide PAM-related functionalities. That's why they sometimes push clients to take a bundle of IAM and PAG solutions together, which is One Identity Safeguard.

With Safeguard, you can cover your privilege and identity access management. In fact, you can control the access governance of who has what access in your PAM environment through the Identity Manager itself. They are interconnected, but Identity Manager can't independently give you this functionality. 

One Identity Manager helps us consolidate procurement and licensing. Who has what permissions and their validity is well maintained. Most of them get attested every three or four months, depending upon the configuration. You can see which licenses are needed. In fact, in the newer version, since version 9.x, they have a new field showing when the license was last used or how actively it is being used. 

Sometimes, if it senses that it has not been used for one year or one and a half year based on the configuration parameters, it will send an email that we have not used it for this much time, so we will remove it. It will remove it with no questions asked. So it is quite smart enough to handle those licensing decisions.

The solution helps streamline application access decisions. Every application has the necessary groups and entitlements assigned to it, so you can independently streamline their workflows. It's a highly customizable tool that lets you group together workflows for, say, 10 Active Directory applications because they are all in the AD domain. You can assign a single workflow for them. 

However, if you want every application to have a different workflow or access management, you can assign that. From inside the application governance module, you can assign the privilege level and how privileged or sensitive the accesses are. Depending on that, it will provide the threat and fraud level or what approvals might be needed. So all these are quite intuitive and smartly managed.

The application compliance is handled quite well. It isn't great because it tends to create performance issues in the system. Compliance issues are calculated reactively and proactively. There are two types of SODs: prevention and detective. It's smart enough to detect it, but this can lead to performance issues because of the size of the system you are working with. This is something that has to be done by the manager. You can make your system digest the performance degradation to keep the SOD at an expected level.

Application auditing is pretty much what is called attestation, and it's mostly provided out of the box, but a lot of customization is possible here. In most cases, I have seen customization being done also here. Depending upon that, you can configure it in various ways. You can have multiple attestation policies attesting various things, or you can have a single attestation policy handling multiple things. You can configure and schedule it accordingly and define the approval workflows of those attestations. If an attestation is rejected, what should be the action? If it's missed or raised, no one decides how it should be handled. These are well handled.

Many governance decisions can be made without IT intervention. Most things are pretty self-explanatory in the web portal. You get an email or a notification on the web portal. At most, what happens is that people get so many notifications because they are a backup owner for so many things that sometimes too many notifications come down to them. Other than that, I haven't seen anyone complaining that they don't understand what they need to do when it comes to approval.

My favorite feature is the ease of customization. You can change, optimize, and update it at your convenience. I haven't seen that in many other products available.

We use One Identity Manager to connect to SAP IDM. SAPconnect target systems are integrated into One Identity Manager, and we've made several SAP connections we have made with One Identity Manager. The solution connects with Snow, which you can use to manage your disconnected systems. 

Most clients I have worked with prefer a custom approach. So some prefer Snow, some prefer some other IDM tool with which they want to manage their disconnected systems. So, yeah, you can say yes and no, to be honest. Like, yes, there is a functionality that has been provided, but it's not very matured enough. So that's why I believe clients tend to be a little customized on that front.

One Identity Manager connects SAP accounts to employee identities under governance. That's completely autonomous. Once the target system connection is made, the product is available in the IT shop web frontend. You can order it from there. One Identity Manager handles it by itself. You can customize, but usually the vendor has created an out-of-the-box functionality to do all these operations.

The solution provides IGA for the aspects of SAP that are more difficult to manage. With One Identity Manager, the good thing is that you can customize. In most of the clients I have worked with, the T codes or different custom SAP tables were later introduced in a greenfield project, you don't see these custom tables more often. Out of the box, the SAP connector gives you around 32 to 36 tables in the SAP target system that are more generic tables, but there are custom tables about the T roles or the special attributes. You can customize your connector accordingly, so there is an XML parser provided in the sync editor. You can use it to achieve all those operations.

I'm unfamiliar with SAP-related workflows because clients don't have any specific SAP workflow. They have their own workflows, and One Identity Manager is configured for various product approvals. That's how they are managed. If you want to create a customized workflow, whether it's SAP HANA or any other product-specific workload, you can easily create it.

One Identity Manager provides a connection with Snow, where you can manage your disconnected systems. Most of the clients I have worked with prefer a custom approach. Some prefer Snow or another IDM tool to manage their disconnected systems. There is functionality that has been provided, but it's not mature enough. I believe clients tend to be a little customized on that front.

It connects SAP accounts to employee identities under governance. It's completely autonomous. Once the target system connection is made, the product is available in the IT shop web front end. You can order it from there and everything. One Identity Manager handles it by itself, so you don't need to customize it, but the vendor is given an out-of-the-box functionality to do all those operations.

One Identity offers a single platform for enterprise-level administration and governance of users' data on privileged accounts. The good thing is that much of the functionality comes out of the box. You don't need to customize if you don't want. In a greenfield project, this tool is optimal for those purposes. If the user number is around 1 million or under that data scale, it's a good tool to run on from the IGA perspective. With One Identity, they don't want to focus on IGA. They want to expand the horizon of cybersecurity. There are native tools like Safeguard and others. You can even integrate your PAM accordingly with your IGA and IAM.

There are two types of interfaces in One Identity. One is the phased-out interface, which was known as a web designer. This is getting phased out with Angular now. Angular was one of the lagging points where the user interface was not up to the mark with the out-of-the-box functionalities. Many customers had to customize heavily to get a level of intuitiveness. Now, Angular's web portal has been notched up. You get AI suggestions, IntelliSense, and lots of fraud detection out of the box, like threat level. It's been improved in the recent version, and it's been working phenomenally well.

Business roles are used extensively, and custom implementations are done over business roles. The number of cloud apps I would be telling is a little less because their Starlink connector still hasn't matured enough. It's still not a high-performance tool, but it has the capability to do so.

Nowadays, every organization has almost at least a few apps in the cloud. It's important even if the organization is heavily based on on-premises infrastructure. With this tool, you get so many things that work with this cloud infrastructure, it doesn't let you down completely. When you compare the performance of this with a native PowerShell connector or SAP connector, for example, you feel that the performance could be enhanced a little bit. It's something that is becoming mature in the latest versions. I'm confident they will improve it further in the upcoming versions.

One area for improvement is zero trust. Besides that, performance is a big factor. I've heard from multiple clients that One Identity's front end is not so performance-optimistic. It depends on how you have configured and deployed the system. At the end of the day, I would say that's something they need to improve.

Still, whenever a critical bug is released, they address the defect pretty quickly compared to any other competitors in the market. At the same time, there is a problem with support. They have limited knowledge about things that may affect their tool. You are deploying this tool in a client's environment, and multiple things would impact it, like proxy servers, load balances, other infra technologies. 

Because their company is so focused on just their tool and related technology,  they can't support you much. At times, it becomes frustrating. While you are paying a little less than your competitors, you expect some support, compliance, or expertise from the company. If a certain load balancer is unable to handle your tool, you should know what load balancer would be perfect or what configuration you should use.

We have used One Identity Manager for five and a half years. 

I rate One Identity Manager eight out of 10 for stability. 

I rate One Identity Manager nine out of 10 for scalability. 

I rate One Identity support seven out of 10. I have done multiple tickets. I am in touch right now because I'm in the middle of an upgrade for a major client for One Identity. I have been closely in touch with them. At times, there are things that can impact their product, like load balances that are part of the product when you deploy it in a matured environment. 

In those cases, they can't support you much because they just say that load balances or these things are not something we support. You have to get the support from the necessary vendors they have, and those vendors say, "We are the load balancer. We don't support your tool. You need to go back to your vendor." 

You're between two things. At times, it seems like a big company that is not very new to the market should have the basic knowledge or idea of how to get these things up. There are performance issues for so many clients of One Identity, but they can't give you a concrete answer. They can tell you that there is an infrastructure issue, but they lack the knowledge of the infrastructure issue, that knowledge is quite lacking in them. I would say that is something they need to improve.

We don't use the premier support. There are two types of support: one support is between the partner and the firm, and another is between the client and the product company. For the premium support, One Identity provides certain employees, developers, or consultants from their own company. It's the most exclusive contract you can have with them. 

The second type of support involves giving you the product, the support portal, and some sort of knowledge. Then, maybe you can hire someone from them for a limited period of time. The predominant work that you need to do with the product, like deployment, maintenance, development, or bug fixes, you do via some partner companies like us. 

Neutral

I have used SailPoint Identity. One Identity Manager is much better. One Identity Manager is better on a smaller scale of employees. It can handle a scale of half a million or one million, but beyond that, SailPoint is a better tool.

Deploying One Identity Manager is easy and standardized. If it's a greenfield project, the initial deployment should not be difficult if you know your stuff. A proper runbook would be helpful. In our consultant's company, we usually share these runbooks with new consultants who join and who will deploy it into a new client's location. 

These come in handy. Otherwise, it can be a little tricky, especially if you are upgrading an existing environment. At that time, it depends upon what sort of data situation is present in the database that you are upgrading. It can become tricky if the consistency checks are not matched or there are some weird data scenarios. Otherwise, it's quite a smooth process.

If it's a standardized deployment, one person is more than enough to handle it. The deployment has two parts. One is the database upgrade, which takes between 30 minutes to two hours. Then, there's the app and web server installation. If it's an upgrade, you can upgrade it in 10 to 15 minutes, but a new installation takes 30 minutes. 

The pricing of One Identity Manager is competitive. Compared to its competitors, One Identity is priced quite brilliantly. ForgeRock and Sailpoint cost about 1.5 times, making One Identity quite economical. 

I rate One Identity Manager nine out of 10. 

On-premises

We utilize One Identity Manager for several key processes. Primarily, it manages the entire employee lifecycle, including joiners, movers, and leavers, for identity management. Additionally, we use its attestation module to conduct bi-annual recertification campaigns, validating existing access rights. Recently, we expanded its use to manage cloud entitlements, including EntraID.

We manage user and access management  for over 20 SAP systems using One Identity Manager and do not handle any disconnected SAP accounts.

One Identity Manager governs SAP accounts by linking them to employee identities, ensuring access is managed throughout the identity life cycle. This direct link enables automated processes, such as terminating SAP accounts and associated assignments when an employee is terminated.

One Identity Manager, certified by SAP, delivers specialized workflows and business logic through a dedicated connector for SAP R3 and native support for HANA systems, enabling direct connection to HANA databases. It offers numerous out-of-the-box templates for SAP, automatically loading schemas for users, roles, and assignments upon SAP module activation. While most use cases are covered by these templates, customization is possible for specific needs.

With a tool like One Identity, our organization can manage accounts across multiple target systems from a central identity management solution. This centralized data allows for flexible governance reporting, including custom SQL queries and pre-built reports, to validate information. Governance practices vary between companies but often involve specific access controls, timely re-certifications, and validations by data owners. For example, some companies implement frameworks with defined views, access levels, and re-certification processes to ensure data integrity and security.

The ease of customizing One Identity Manager depends on the user's skill set. Compared to three similar products, One Identity Manager is more straightforward to customize, particularly when modifying VB.NET code or writing SQL statements for reports. While some coding knowledge is necessary, the tool's predefined templates and SDK samples offer helpful references and starting points.

The user experience of the legacy web portal is unsatisfactory due to limited customization options and occasional slowness, especially during backend processes like attestation. However, One Identity is moving towards an Angular-based portal in version eight dot two and newer, which offers greater flexibility, customizability, and improved performance. This new portal may provide a more satisfactory user experience overall.

One Identity Manager helps manage the company structure for dynamic application provisioning. Our IAM system reads the company and department structures to automatically assign entitlements. Based on this structure, users are created, and permissions are assigned.

The business role functionality of One Identity Manager is crucial for businesses, especially from an audit and SOC perspective. Whether utilizing One Identity, SailPoint, or another tool, a solid IAM solution should include comprehensive audit trails, streamlined request processes, detailed approval workflow history, and other essential functionalities to ensure compliance and security.

We have begun extending governance with EntraID and are evaluating the Starling connector which provides access to many other SaaS-based applications.

Over the time we've used One Identity Manager since 2017, it has significantly improved our organization by automating the joiner, mover, and leaver process across all target systems. No more manual account management tasks are needed, which include account creation, updates, or termination when a user leaves the company. It has substantially reduced manual role assignments and made processes fully automated. The major benefit is the attestation process, conducted once or twice a year based on requirements, which ensures no unauthorized or unwanted accesses are left unchecked. It also provides clear reports on user statistics, such as active users, new joiners, and leavers.

We initially started with a small scope but have since expanded to connect numerous systems, automating the mobile egress process. Tasks like account creation, updates, and termination are now fully automated through IAM solutions, eliminating manual intervention. This automation also removes the need for teams to assign roles manually. A significant benefit is the ability to conduct periodic access attestation campaigns, ensuring only authorized users have access. One Identity Manager facilitates this process and provides comprehensive reporting, giving management clear visibility into user activity, including the number of active and inactive users, new hires, and departures.

One Identity Manager helps minimize governance gaps across our testing, development, and production environments. We utilize a three-tiered setup with a transport mechanism to move changes from the development environment to the quality assurance environment and finally to the production environment.

One Identity Manager enhances privileged governance to mitigate security risks associated with privileged users. A custom solution within the One Identity framework allows users to link multiple secondary identities to their primary identity for tasks requiring elevated privileges. This framework provides a robust privilege access management system within the One Identity environment.

One Identity Manager streamlines application access, compliance and auditing. It supports the SOX audit process conducted twice or thrice yearly. For applications connected to the One Identity Manager, governance is managed through the IAM solution itself. Instead of checking the target system, administrators use the One Identity Manager to validate requests, approvals, denials and assignment periods for connected applications.

One Identity Manager empowers application owners and business managers to make independent application governance decisions, eliminating the need for IT involvement and siloed teams. Once applications are onboarded to One Identity self-service model allows users to request roles and the defined approvers to approve them, streamlining the process and removing complexity for application owners. They no longer need dedicated teams for identity and access management or manual user access reviews for compliance requirements as One Identity Manager automates these functions. This simplifies operations and centralizes control, improving efficiency and reducing administrative burden.

Zero Trust is a broad security framework with varied implementations. Currently, our Zero Trust implementation focuses on identity and access management, specifically for privileged roles. To prevent unauthorized or accidental access, a three-stage approval process is required for privileged role requests. This ensures that multiple stakeholders validate the access, embodying the Zero Trust principle of never trust, always verify. While this is just one aspect of Zero Trust, it significantly enhances our security posture by preventing unauthorized access to sensitive systems and data.

Having worked with SailPoint and other identity management tools, I've found One Identity Manager to be quite handy, especially after seven years of experience with it. The framework is robust and flexible, allowing companies to easily adopt and extend the schema as needed. Unlike other tools I've used, One Identity Manager offers a high degree of customization. Even if the out-of-the-box templates or processes don't meet our company's specific requirements, we can readily adapt them, modify them, and build our own processes and templates.

The One Identity Manager web portal needs simplification. While a new Angular portal was introduced with version 8.2, the knowledge base lacks sufficient information and resources. Even with an Angular developer or a One Identity specialist, a knowledge gap exists due to the combination of AngularJS and One Identity schema expertise required. This makes it difficult to find resources that can effectively utilize the portal, highlighting the need for a more user-friendly interface.

One Identity Manager currently offers Long Term Support only for version 9.0. All other versions have a two-year lifecycle with extended support. For organizations managing a complex environment with numerous connected systems, users, and assignments, upgrading every two years is impractical. Extending support for regular versions by one or two years would benefit clients in this situation.

I have been using One Identity Manager for almost seven years.

One Identity Manager is stable, although there have been bugs. Sometimes product versions are released with many bugs, which affects stability. There is a need for extended support for regular versions, especially in large-scale environments where upgrades every two years are not feasible.

I would rate the stability of One Identity Manager eight out of ten.

I would rate the scalability of One Identity Manager nine out of ten.

We sometimes face delays in response from the technical support of One Identity. While we use premier support, the experience can be inconsistent, prompting us to sometimes engage technical and success managers for faster resolutions.

Neutral

We used SAP IDM before switching to One Identity Manager. The scope with SAP IDM was limited due to its inability to connect multiple systems except Active Directory and SAP system. We looked for a solution that provided greater flexibility in terms of cloud adoption and custom connectors, which SAP IDM did not offer at that time.

While the technical deployment of One Identity Manager can be completed in approximately one month, the true challenge lies in its organizational integration. Developing and connecting the system to existing infrastructure is a complex process that can take several months. Furthermore, ongoing maintenance and onboarding of new applications require continuous effort, making it an ongoing project rather than a one-time deployment.

We worked with a partner for customization but not for training. The partnership was effective, and we continue to engage with them for custom developments that are not handled in-house.

The return on investment was evident in the company's decision to automate processes using the One Identity Manager solution. Previously, separate application teams with dedicated personnel performed specific tasks, leading to higher costs and inefficiencies. With the implementation of the One Identity Manager tasks became automated, resulting in significant cost savings and streamlined processes.

One Identity Manager is fairly priced.

While we evaluated several solutions, we ultimately decided on One Identity Manager for its long-term benefits and flexibility compared to other tools.

I would rate One Identity Manager eight out of ten.

I would recommend One Identity Manager to companies, especially those that might lack prior expertise in identity management. Its predefined framework and comprehensive set of templates make it adaptable and easy to implement.

Our system is distributed across multiple locations globally, with various components and load balancers deployed in each location, including our disaster recovery sites. We have over 50,000 users.

One Identity Manager requires maintenance across its various components, including the tool itself, the database, the job server, and the web component. This maintenance ensures the environment remains operational and efficient. Maintenance requirements vary by component. For instance, web nodes undergo weekly restarts and cache clearing, job servers require service restarts, and other servers need periodic cache cleaning. Different elements have different maintenance schedules: weekly for some monthly for others, and weekly for the database. Overall, maintenance plans are tailored to the specific needs of each component.

On-premises

My main use case for One Identity Manager is to develop projects from the start that begin from the base installation, including employee lifecycle management such as Joiner Mover Leaver, attestation, access request, and integration with target applications such as databases and Safeguard. I also completed integration with Safeguard, HR systems such as SuccessFactors for cloud applications, and worked with Starling as well.

The integration with target applications is mainly for API applications that we configure with custom scripts to read from the APIs, then save the data either directly to the database or to CSV files. We then have a sync project to read from the CSV file so we can leverage more features from the sync project, including logs, simulation, mapping everything, and previewing the data that will be stored.

I believe the sync project is a great feature that allows us to preview everything before it gets stored in our database. There is also a feature that helped one of my teammates significantly, which was the limited process that could be triggered for job queue.

We use the sync project every day. The job queue is valuable when anything needs to run a process that would execute without a workflow closure or would run against a huge number of rows, which was very useful in some cases. For customers in the Middle East, they are requesting to have the portal in Arabic. One Identity Manager does not support Arabic yet in the web portal. In some cases, we have had to add the localization files ourselves and edit the entire Angular web views, which is a real challenge. The last version 10 does not support Arabic language for the web portal, and I think that would be very useful for the tool if it could be supported.

One Identity Manager impacts my organization positively. We use it for most of our customers that we configure the tool and install it for.

One of the improvements concerning One Identity Manager that I mentioned before is that we need to add the Arabic language for the web portal and APIs.

The Arabic language is the main thing that affects me directly with my customers right now.

I have been using One Identity Manager since day one.

I chose a rating of seven for One Identity Manager because I think it is related to performance. When we try to read a huge number of records, such as from SuccessFactors HR with the Starling connector, the sync project sometimes lags. This occurs even though it is not a huge number of employees—only 800 users. The sync project could take several seconds to open a single record, and the process itself takes a considerable amount of time to finish.

Regarding One Identity Manager support, I think they need to be more accountable. When I describe a technical issue and raise a case with it, they take several days to clarify things that are already clarified in the description I added to the case. When it comes to scheduling a session with support, it takes a long time. However, I think that should be the second solution because it really helps to have direct contact with support to share the screen and show everything from the inside of the environment, rather than just describing things in words.

Neutral

I think that implementers should take deep training from One Identity before they dive into it because there are a lot of features in One Identity Manager, but not all users or implementers know all the features that One Identity Manager is capable of. My overall rating for One Identity Manager is seven out of ten.

We use One Identity Manager for classic identity management tasks like provisioning and de-provisioning. It is employed for user requests and identity governance. It supports a comprehensive setup that includes user access, requesting functionalities, and identity governance measures.

One Identity Manager has improved our organization by providing a centralized identity management solution. It allows us to connect various systems like Active Directory, SAP, and cloud applications, offering a more comprehensive and streamlined view of user identities and access. 

As an administrator, I can see the benefits immediately on deployment because now I have a visualization. Compliance officers also see the benefits quickly. However, for the people I supervise, it's hard to adjust to the idea that everything you do is exposed. Application administrators aren't happy because I can see what they're doing. 

The stakeholders and senior leadership will see the impact only if the people below them can produce good reports. Many reports are out of the box, but you have to deploy them, and people must subscribe. The benefits are immediate for people who deal with the product daily. 

One Identity Manager helps minimize coverage gaps among test, dev, and production servers. The transport feature lets you move whatever you did in development into the test and production. Let's say you need to develop a new workflow in a developer environment. You can move every object related to that workflow to the test and, ultimately, to production. All of that is smooth and clean. 

One Identity helps you streamline application access if there is a policy. A policy can be implemented through the policy engine if a company has a policy. How can they do this without a policy? I won't decide who's supposed to access what for the company. Anything related to access controls starts with the policy and ends with the implementation. It's easy if the company has a policy. 

Application compliance is the same story. Someone has to define what it is. One Identity does not provide tons of compliance already implemented in the workflow. There's no preset for SaaS or HIPAA compliance. 

It can tell you who is a member of an AD group, but it doesn't tell you what application this AD group controls. This information is supposed to come from an application owner, who can say you need to be a member of a specific group to access this application. We can see what happens inside the application if it allows us to do that, but we cannot audit if that person has any business in the application.

One Identity Manager helps us achieve an identity-centric zero-trust model in conjunction with a combination of something like OneLogin or any other access management product. We can control what's happening, but we cannot apply it to the application layer until we have an access control product. 

One of the most valuable features is the ability for business people to input their knowledge about business processes directly into the product. It's a good tool for anyone familiar with business or technical administration. The shopping cart capability for requests and the catalog features were also initially valuable.

It's the best product for providing an enterprise view of logically disconnected SAP accounts. Sometimes, it's doing better than the SAP IG, which probably got discontinued or will be. One Identity Manager helps us connect SAP accounts to employee identities under governance. It is critical because there's no such thing as just SAP, and you want to centralize. You have Active Directory, SAP, and all the cloud applications. Every product has its user accounts, and One Identity allows you to connect them all in one place.

One Identity Manager provides IGA for the more difficult-to-manage aspects of SAP. It lets you do many different things and go as deep as you want. The solution has a whole library of specialized SAP workflows for provisioning. 

You can build a customized web interface that you can do whatever you want with. The out-of-the-box interface for administrators or anybody else can take a little time to understand. It depends on the user's maturity. You must understand what's happening before touching the product. If you have experience using Identity Manager or similar tools, it's highly intuitive. It has so many features that it takes time to adopt, but that's not because it's difficult. 

The business roles are fundamental to role-based access controls. If you don't know how to build roles, it's very hard to do. One of the advantages of this particular product is that you don't have to be a technical person to build the role. You can log in as a business owner with a newly created project and add entitlements, users, or criteria. You can do it manually or using a formula. It's easy to do without any code. 

The client application should transition to a web-based interface to improve administration flexibility. Improvements are also needed in the analytics, peer comparison, and recommendation features, as these areas were added later and require more development. More flexibility in the portal is needed for multi-tenant environments.

I have been using One Identity Manager since 2009, back when it had a different name, Active Entry. I've seen the product evolve over time.

One Identity Manager is a very stable product. The only potential issue could arise from database management, particularly with MS SQL clustering, but with competent support and management, this is not a problem.

One Identity Manager is highly scalable. Its ability to deploy agents across various locations and integrate seamlessly into multi-country operations ensures it can grow alongside business needs without issues.

I rate One Identity support nine out of 10. Premier support offers fast responses, which is critical for banking operations to minimize downtime. The professional and quick handling of issues adds significant value to the investment.

Positive

I have used Oracle, Fischer, SailPoint, Saviynt, and Omada. Omada is particularly notable for its governance capabilities, while Saviynt offers speed in implementation and support. SailPoint is dominant in the market, particularly for compliance capabilities.

If there is no existing database, you must install and configure SQL, which can be time-consuming. However, with a database, the installation is fast, taking about half an hour.

One Identity Manager is priced in the middle range but offers good value due to lower implementation time compared to competitors. Total cost of ownership is crucial where the main expense is in implementation, not licensing.

Other solutions considered were Oracle, Fischer, SailPoint, Saviynt, and Omada. IBM was not used.

One Identity Manager is not for beginners due to its extensive functionality, so it requires prior experience or maturity in identity management to fully utilize its capabilities.

On-premises