Try our new research platform with insights from 80,000+ expert users
reviewer2395977 - PeerSpot reviewer
IT Systems Manager at a insurance company with 1,001-5,000 employees
User
Top 20
Easy access and updates plus offers helpful automation capabilities
Pros and Cons
  • "The One Identity birthright process has helped generate user accounts more accurately and quickly."
  • "A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly."

What is our primary use case?

One Identity is used to create, sync, and delete accounts automatically across multiple systems. The product allows employees to be managed from our Human Resources system, while consultants and temporary personnel can be managed manually. The system provides automated workflows and birthright assignments for easier management of similar accounts or those in the same department or role. 

With the system synchronized with our HR database, new account creations are automated and include an email to managers providing users with their credentials for initial login. Only the hiring manager will receive a copy of the initial username and password, helping further secure this information and have it readily available before the employee begins. 

How has it helped my organization?

The automation of employee creation and de-provision has streamlined the process in many areas. For employees, all actions begin in the HR department and flow downstream, keeping all systems synchronized with the same data.

Since the system is tied to our HR database, automation has allowed us to immediately terminate accounts based on employee status instead of waiting for notification from a manager.

Consultant accounts are also set on an automated schedule to send an email if an account isn't used within eight days. The account is also automatically disabled if not used in ten days. This provides additional security by not having accounts enabled but not in use.

What is most valuable?

Several employee data fields are synchronized to Active Directory, providing easy access to other applications (office, address, description, telephone, employee status, etc.). The update process is scheduled and automated to run multiple times a day, so Active Directory is always up to date with different employee data.

The One Identity birthright process has helped generate user accounts more accurately and quickly. Our Service Desk ticketing system is now used to complete user accounts and provide only what isn't common across their department or team. 

What needs improvement?

The One Identity system is very modular. The product is similar to an erector set, where you can do the same thing in many ways. While this is great, it also can allow you to set yourself up for failure later. The product does require some level of developer skills, so having the ability to make system changes without being a developer would be a plus. 

A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly. It would be helpful to have a tool to more easily find common groups across departments or teams so more groups could be managed in an automated fashion.

Buyer's Guide
One Identity Manager
April 2025
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.

For how long have I used the solution?

I've been using the solution for seven years.

What do I think about the stability of the solution?

The One Identity platform has been a stable system that provides consistent results. 

What do I think about the scalability of the solution?

This product is extremely scalable. The more development knowledge you have, the more you can do with this tool.

How are customer service and support?

Support has always been responsive and helpful.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did use Hitachi IDM. The tool was a first-generation IDM tool and was very difficult to manage.

How was the initial setup?

The initial installation was fairly complex as it is capable of integrating with so many different systems. There isn't an easy wizard to walk through and get you going.

What about the implementation team?

Professional services were used for the initial implementation of the product. We found a different partner for ongoing work and support. Their knowledge of the product is excellent. 

What was our ROI?

One Identity, in partnership with our consultant partner, has allowed our company to streamline many processes and save employee time for other important tasks. 

What's my experience with pricing, setup cost, and licensing?

I would advise finding and using a development partner for implementation unless you have a dedicated identity management team. Ensure your environment is licensed properly, as One Identity has an active Compliance department. 

Which other solutions did I evaluate?

No other products were found worthy of trial when surveying the market at the time.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Works at a consultancy with 10,001+ employees
Reseller
Top 20
It is a highly adaptable platform that bridges governance gaps and streamlines application access decisions
Pros and Cons
  • "One Identity Manager offers a wide range of connectors, allowing it to interface with multiple target systems and perform provisioning and de-provisioning tasks within them."
  • "The reporting and auditing functionalities within One Identity Manager could be enhanced, particularly in the reporting area, which would benefit from a wider range of pre-built reports."

What is our primary use case?

I use One Identity Manager to implement an identity governance and administration solution for end users.

How has it helped my organization?

One Identity Manager is a highly adaptable platform capable of integrating both connected and disconnected target systems through connectors and APIs. Its extensive customization options allow it to accommodate a wide range of customer use cases. Additionally, the tool can be scaled to support a large user base and effectively handles role provisioning, joiners, movers, and leavers automation. With its rich feature set and out-of-the-box functionality, One Identity Manager is a powerful solution.

Previously, our user interface relied on a legacy web portal built with VB.NET technology, which suffered from slow loading times. However, One Identity has significantly enhanced the user experience by upgrading to Angular technology for the web portal. This transition has resulted in a much more interactive interface and greatly improved response times. The codebase is entirely based on Angular, which we can leverage to create custom components and enhance the web portal with a more interactive user experience.

We leverage business roles to assign default access permissions. New employees automatically receive specific role-based access upon joining the company. This process is facilitated through the implementation of business roles. We can easily accommodate diverse user types using these roles. For example, a new sales employee can be assigned a corresponding business role. We can create hundreds of business roles to match different departments. Additionally, we can schedule when these business roles are executed, allowing for system operation flexibility. However, it's important to note that frequent scheduling can significantly impact overall system performance and efficiency.

We have integrated EntraID with One Identity Manager for application onboarding. Since authentication can be provided through EntraID, extending governance to cloud applications is necessary. Therefore, all cloud-based applications that are not connected to on-premises systems require integration with EntraID. Failure to integrate will result in authentication errors and prevent user logins. Consequently, EntraID is mandatory for all cloud-deployed applications.

When we deploy the portal, most projects involve migrating from other IGA solutions to our new platform. Initially, users may take time to familiarize themselves with the portal's web interface, but its navigation is intuitive. We provide extensive documentation on accessing the portal, its features, and how to submit requests, along with customer support. While there may be a brief learning curve, the user-friendly design should minimize difficulties.

One Identity Manager helps bridge governance gaps between test, development, and production servers. Development is migrated to a test environment for testing before approval and subsequent migration to production. One Identity Manager is installed on all three environments, each with its own database to facilitate this. Changes are developed in the development environment, packaged, and moved to the test environment for testing. Approved changes are then migrated to production. Maintaining identical One Identity Manager versions across all three environments is crucial to ensure successful package migration, as packages from one version are incompatible with others.

One Identity Manager allows us to establish a privileged governance framework to bridge the security gap between privileged and standard users. Our system defines roles with specific permissions, enabling us to display additional information to users with privileged roles while restricting access to this information for standard users. Our defined roles and permissions make this granular control possible.

We have an approval workflow and policy to streamline application access decisions. Obtaining a specific role must undergo an approval process, and only designated individuals can grant permission. This workflow ensures that role assignments are controlled and efficient, preventing unauthorized access.

What is most valuable?

One Identity Manager offers a wide range of connectors, allowing it to interface with multiple target systems and perform provisioning and de-provisioning tasks within them. This extensive connector library, available out-of-the-box, is one of its most valuable features.

What needs improvement?

One Identity Manager is a comprehensive but complex solution. Even for developers, gaining a deep understanding and implementing customizations would require significant effort. It is a challenging product to both implement and comprehend.

The reporting and auditing functionalities within One Identity Manager could be enhanced, particularly in the reporting area, which would benefit from a wider range of pre-built reports.

For how long have I used the solution?

I have been using One Identity Manager for three years.

How are customer service and support?

Technical support is helpful whenever we need troubleshooting services. 

How would you rate customer service and support?

Positive

How was the initial setup?

The complex deployment took approximately seven months and involved a team of business analysts, a technical architect, and developers. 

What about the implementation team?

We implement One Identity Manager for our customers.

What other advice do I have?

I would rate One Identity Manager eight out of ten.

We are a service provider, and we provide the license to our customers.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Buyer's Guide
One Identity Manager
April 2025
Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
reviewer2323041 - PeerSpot reviewer
Co-Owner at a tech services company with 1-10 employees
Real User
Top 20
Delivers important SAP-specialized workflows, provides one platform for enterprise-level administration, and minimizes gaps in governance coverage
Pros and Cons
  • "One Identity Manager stands out for its modular design, allowing us to easily customize it with specific components, and its flexibility to handle any identity and access management scenario we encounter."
  • "How One Identity Manager deals with disconnected systems needs improvement."

What is our primary use case?

I designed and implemented One Identity Manager for clients across various companies. This involved a wide range of use cases, including standard employee lifecycle processes like onboarding, transfers, offboarding, and location changes. I also implemented more sophisticated use cases, such as automatically creating Active Directory groups and service accounts based on user requests and approval workflows.

How has it helped my organization?

One Identity Manager's enterprise view for managing logically disconnected SAP accounts is good.

One Identity Manager acts as an Identity Governance and Administration solution specifically designed to address the complexities of SAP systems. This deep integration allows for advanced features like implementing Separation of Duties rules, ensuring a more secure and controlled SAP environment.

One Identity Manager delivers important SAP-specialized workflows and business logic.

One Identity Manager provides one platform for enterprise-level administration and governance of users, data, and privileged accounts.

One Identity Manager, while not boasting the absolute best user interface, offers an intuitive experience. Through its integration with SAP, it provides a comprehensive solution for managing the entire user permission lifecycle, including SAP roles and transactions. I was particularly impressed by its ability to seamlessly read details from the SAP system using a standard connector.

One Identity Manager simplifies backend customization by allowing us to implement custom processes, functions, scripts, and more. However, customizing the web portal, especially the new Angular web portal, is a more challenging task.

One Identity Manager offers a sophisticated model for the business roles to map company structures for dynamic application provisioning.

The functionality of the business role is important because if we build the right business structure, we can simplify the permission manager.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and prod servers.

One Identity Manager helps create a privileged governance stance to close the security gap between privileged and standard users. This has improved our security posture.

One Identity Manager helps streamline aspects of application governance which simplifies the reporting.

One Identity Manager enables application owners and line of business managers to make application governance decisions without IT. Being able to see what users have access to and make the decision regarding the request from one platform, saves us time.

One Identity Manager helps us achieve a zero-centric trust model. 

What is most valuable?

One Identity Manager stands out for its modular design, allowing us to easily customize it with specific components, and its flexibility to handle any identity and access management scenario we encounter.

What needs improvement?

One Identity Manager doesn't provide all the user interfaces we need for business users out-of-the-box. This means we need to customize the web portal to display all the information we want to make available to them.

The ROM control modeling has room for improvement.

The user experience can be more user-friendly.

How One Identity Manager deals with disconnected systems needs improvement.

For how long have I used the solution?

I have been using One Identity Manager for over ten years.

What do I think about the stability of the solution?

I would rate the stability of One Identity Manager ten out of ten.

What do I think about the scalability of the solution?

One Identity Manager's scalability is the best in the market. From a technical perspective, the number of identities and entitlements we can manage with the overall architecture is good.

How are customer service and support?

The One Identity Manager support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I previously used Oracle Identity Management and SailPoint IdentityIQ. I switched because I was interested in One Identity Manager which is more popular and trusted in our country.

How was the initial setup?

The initial deployment is straightforward. While the initial software deployment itself can be completed in a day, a full rollout typically requires additional time for configuration, customization, and other necessary steps to tailor the software to our client's specific environment.

What's my experience with pricing, setup cost, and licensing?

One Identity Manager is expensive.

What other advice do I have?

I would rate One Identity Manager eight out of ten.

One Identity Manager requires one to two people for maintenance per project.

I recommend using a partner to evaluate and implement One Identity Manager.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
IT Architect at a tech services company with 501-1,000 employees
Real User
Significantly reduces time needed to create an account, mailbox, and default permissions for a new employee
Pros and Cons
  • "Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions."
  • "The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified."

What is our primary use case?

We are a company in the health sector, with about 50,000 employees from six different health organizations. We use the solution to help automate all the processes around hiring and firing. We have automated as many processes as possible around user accounts and mailboxes, and file and folder administration. And with the IT Shop, customers can request permissions themselves.

How has it helped my organization?

Back in 2014, it took us six workdays to get an employee what they needed to do their work. The creation of the user accounts required two days, and the creation of the user mailbox and the assignment of permissions took another four days. Now, we get data from HR when a new hire begins and we have the user account, mailbox, and default permissions for the organization available approximately two hours later.

The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.

It has helped to simplify compliance. We are subject to compliance rules. Using the solution, a manager has the ability to check out which permissions an employee has and to make changes to the permissions.

We have also integrated One Identity with SAP. Every one of our customers uses SAP and we have the synchronization agent for SAP in different landscapes. The integration process between One Identity and SAP is simple. We don't have to do many steps to integrate SAP landscapes. We just have to start a new synchronization process and that's fine. The SAP integration gives us the ability to make rules for SAP accounts and SAP role assignments. And what is very impressive is the way it handles role assignments. We have more than 2 million role assignments for just one of our customer's employees.

What is most valuable?

Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions.

The solution is also very flexible. We can adjust all the standard processes that One Identity comes with and we can create new processes. We can always change whatever we need to change.

What needs improvement?

The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.

For how long have I used the solution?

I have been using One Identity Manager since 2013. I was formerly a consultant for Quest, beginning in 1998.

What do I think about the stability of the solution?

We don't have any problem with the stability of the solution. We have problems with the stability of our own processes and the systems that are behind One Identity.

What do I think about the scalability of the solution?

We have 50,000 employees. That speaks for itself regarding the scalability.

How are customer service and support?

One Identity support has been fine. We always have good, professional feedback and solutions, and the communication has always been okay.

How would you rate customer service and support?

Positive

How was the initial setup?

As an organization, we started the deployment with one of our customers in 2010 and completed deployment for all of our customers in 2016. Every system requires different processes and knowledge. We were able to set up some things in a really short time. Others took more time because we needed to learn the system and how it works.

We are a team of four employees who design and customize the whole system. Our company has 80 support engineers on the help desk, and on our customers' sites there are between four and 10 employees who have read-only access for the One Identity system.

What about the implementation team?

We have worked with One Identity and with their partners, including IPG and Devoteam. In 2014, we worked with One Identity in our environment to deploy the IT Shop.

APG provided training for me and my colleagues. It went very well. We were stronger in our skills after the training and it was done very professionally. They also helped us customize the solution for our particular needs, the first time. Now, we understand things and we can customize the system on our own. Their assistance, along with Devoteam, in customizing things was very helpful. They customized the whole system and we learned from them.

What was our ROI?

We have seen ROI due to the better performance we now have in getting employees working. That is very valuable. In addition, we have the self-service via the web interface. That helps with return on investment because every call to our help desk has to be paid for by our customers, but with the web interface they can do things on their own.

What's my experience with pricing, setup cost, and licensing?

It's not cheap, but the pricing is okay. Other applications cost about the same.

What other advice do I have?

Take your time in deploying the system and know the processes you want to support with it. Knowledge of the processes you want to support is the main thing.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
CarlosTum - PeerSpot reviewer
I AM consultant at a tech services company with 201-500 employees
MSP
Top 20
It's a complete solution that has everything we need
Pros and Cons
  • "One Identity is a complete solution that has everything we need."
  • "The documentation is poor. For example, the synchronization editor has a lot of things happening, but there's just a description. If you want to do something specific with that like create custom views, they just say go to the extension and select the UUID. However, if we don't have a UUID for this view, it will not work. That isn't in the documentation."

What is our primary use case?

I am a consultant who works on the backend of One Identity. When a client has a requirement, I add it to the back end. 

How has it helped my organization?

One Identity Manager simplifies procurement and licensing. Using business roles helps a lot. Provisioning enables users to make application governance decisions without involving IT personnel. It makes it easier by using account definitions and business roles. 

You can assign different AD groups and applications and enable them for specific users depending on their roles. This minimizes gaps in governance coverage among test, dev, and production servers and makes things easier. 

What is most valuable?

One Identity is a complete solution that has everything we need. We can use it to manage SAP. It connects SAP to employee identities under governance. This functionality is critical. One Identity Manager provides IGA for the more difficult-to-manage aspects of SAP, which is also crucial. The SAP-specialized workflows are easy to implement. 

One Identity provides a single platform for the administration and governance of users, data, and privileged accounts. It provides a complete overview of all these things. The user interface is intuitive and nice. It shows everything. Customizing the interface isn't hard. You can create custom fields. This is one of the most important things.

What needs improvement?

The documentation is poor. For example, the synchronization editor has a lot of things happening, but there's just a description. If you want to do something specific with that like create custom views, they just say go to the extension and select the UUID. However, if we don't have a UUID for this view, it will not work. That isn't in the documentation.

It extends governance to cloud applications and it's complete, but there needs to be more connectors for it. That's the only thing I don't like.

For how long have I used the solution?

I have used One Identity Manager for a year and five months.

How are customer service and support?

I rate One Identity's support eight out of 10. We use the standard support. They send you a link to the documentation or a forum where someone else had the same problem. However, sometimes the documentation isn't useful, so they need to escalate the user to the product leads. In those cases, it takes weeks to resolve. 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment was easy and could be completed in one or two days if we only consider the installation and synchronization of target systems. However, it takes longer to set up the business roles and all that. 

What other advice do I have?

I rate One Identity Manager nine out of 10. The only issue I have is the documentation. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
SanjayKumar13 - PeerSpot reviewer
Cyber security lead at a tech vendor with 10,001+ employees
Real User
Top 20
It's easy to integrate SAP
Pros and Cons
  • "It's role-based access control, and you can manage it. It's perfect for our customer's governance control."
  • "One Identity should open the market with accessible training material and content so that more developers can be available. They have to improve their marketing strategy, partners, and vendors. One Identity should be attracting engineers to learn their product and get certified. They should have strong forums. They could have a certification program where any engineer can get certified. However, their overall approach is complex, which I do not prefer."

What is our primary use case?

One Identity Manager can handle all identity use cases.

What is most valuable?

It's easy to integrate SAP with One Identity. SAP has different modules, and you can manage users through the One Identity interface. Integrating through a stream connector is simple. 

It's role-based access control, and you can manage it. It's perfect for our customer's governance control. One of my customers is using One Identity's PAM solution. It is a separate component and licensing model.

What needs improvement?

One Identity should open the market with accessible training material and content so that more developers can be available. They have to improve their marketing strategy, partners, and vendors. One Identity should be attracting engineers to learn their product and get certified. They should have strong forums. They could have a certification program where any engineer can get certified. However, their overall approach is complex, which I do not prefer.

The platform isn't very intuitive like the others, but One Identity Manager has migrated their review scripting to the Angular framework, so now it's good, and they're competing with others from the UI perspective.

One Identity Manager is a little complex from a development perspective. If you compare it to SailPoint, it is easy, but One Identity Manager has so many separate components that it is quite complex for development. And sometimes, we have seen some performance issues.

For how long have I used the solution?

I have used One Identity Manager for more than 10 years. 

What do I think about the stability of the solution?

I rate One Identity Manager eight out of 10 for stability. 

What do I think about the scalability of the solution?

One Identity is scalable.

How are customer service and support?

One Identity must improve its support because they have a very limited pool of engineers, and they're often occupied. 

Which solution did I use previously and why did I switch?

I have used SailPoint.

What's my experience with pricing, setup cost, and licensing?

I rate One Identity seven out of 10 for affordability. It's reasonably priced. 

What other advice do I have?

I rate One Identity Manager eight out of 10. It's more suitable for the enterprise level. I wouldn't recommend it for small or medium-sized enterprises. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
ProductMe39b - PeerSpot reviewer
Senior Product Manager for Identity & Access Management at a non-tech company with 10,001+ employees
Real User
We are creating, managing, and provisioning in SAP, as it is a fully integrated solution
Pros and Cons
  • "At the time of the onboarding, this is solution that we have interfacing with HR. On the same day an employee is hired, an account is created and available for the manager when the end user arrives. The opposite is true. The moment employment is terminated, the same day everything is disabled, then later deleted."
  • "The back-end, its capabilities, and workflows are very good."
  • "I would like it to have an easier integration with phones."

What is our primary use case?

We are managing the entire trend for our identity management, from HR hire until offboarding. We use it for managing all the IT accounts in the company, which has hundreds of thousands of identities.

How has it helped my organization?

At the time of the onboarding, this is solution that we have interfacing with HR. On the same day an employee is hired, an account is created and available for the manager when the end user arrives. The opposite is true. The moment employment is terminated, the same day everything is disabled, then later deleted.

We have integrated it directly with SAP, since our HR source of information is SAP and more than 80 percent of our business is run on SAP. Therefore, we have the largest SAP installation in the world. It's fully integrated, so we are creating, managing, and provisioning in SAP, as it is the core of our business. We are synchronizing for SoD, so it's working well. We are using different aspects of the integration.

What is most valuable?

The overall capabilities of the identity governance and administration (IGA) solution for identity management.

The flexibility of the solution: We are able to use what is out-of-the-box, customize and prioritize it, then further develop it to meet our needs. Our use for it is very complex, but we are able to achieve success with One Identity.

The back-end, its capabilities, and workflows are very good.

What needs improvement?

I would like a more friendly web UI. This is something that they are already starting to work on. 

Because of our volume, the monitoring of the solution, several job servers, and DBQs has been very time consuming for us.

I would also like it to have an easier integration with phones.

What do I think about the stability of the solution?

With the current version, the stability is very good. With the previous version, it was not good. We are now in version 8, and it's really stable and performing.

What do I think about the scalability of the solution?

Without this solution, because of our sheer size, we cannot manage our own house.

How are customer service and technical support?

We are paying for premium support, which is expensive. However, we do receive very good, fast support.

How was the initial setup?

What we implemented is very broad. We implemented basic identity management: workflow, self-service, and shopping for roles. We also implemented SoD. To implement all of this and because of our size, we had to work with partners and One Identity, which was a complex process.

What was our ROI?

We have seen a little ROI when there was a restructuring reduction in the market for user management teams, but not enough to cover the cost of the project. The focus was on security compliance, not on return on investment.

This solution has helped to reduce help desk calls. We are a very big company, so we have implemented thousands of role-based access controls which give rights to the users. Based on their movements, we are removing or assigning access. We also have the entire onboarding process fully automated. We have removed more than 90 percent of all manual requests for accounts.

This solution has helped to increase employee productivity when it comes to provisioning users. E.g., We can give users access in under a day. It is now based on how long it takes for HR to perform the action to onboard the employee.

Which other solutions did I evaluate?

We started an RFP in 2013 or 2014. Then, the end of the process was in 2015, we selected One Identity Manager by comparing it against many other vendors.

What other advice do I have?

Define what you are researching. Write down use cases you need. Then, ask for a demo with you data, so you can see actual results.

We are working on our IT cloud strategy. We are starting to do cloud provisioning integrated with our identity management.

We use it for compliance, but not directly for GDPR.

We are using the policy and role management features.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
VP at a healthcare company with 10,001+ employees
Real User
This solution helps with compliance by having a way of controlling an audit trail, but it is not really scalable
Pros and Cons
  • "This solution is quite flexible. We have a lot of customization since we have our own business processes."
  • "This solution helps with compliance by having a way of controlling an audit trail, knowing how things are done, and knowing how to control who has access to what."
  • "The policy and role management features are a bit hard to scale. The whole model for who can do what and how to set it up is not so well-governed for a larger organization. The demos are always shown for a 100 or a 1000 people, but when it is a large number, it is quite difficult to maintain."
  • "Their technical support's attitude is a bit strange. Quite often, we have to prove that there is a problem with the product rather than having them prove that there is not a problem with the product."

What is our primary use case?

The primary use case is managing business applications.

How has it helped my organization?

We have centralized a large number of access management functions. Therefore, you have one place where you can have control and have automated on/off boarding processes for people joining and leaving. We have done a lot of things, covering a lot of applications.

This solution helps with compliance by having a way of controlling an audit trail, knowing how things are done, and knowing how to control who has access to what.

What is most valuable?

  • Publishing capabilities
  • Connectors
  • This solution is quite flexible. We have a lot of customization since we have our own business processes. 
  • We use it to manage our users in SAP.

What needs improvement?

Maybe it is going this way with the angled frame work, but we really want to be able to watch and control things, so we can change things and know what the impact will be. 

Most importantly for automatic testing and rollouts, we need an easier way of connecting applications and an easier way of onboarding applications. At the moment, the process is very technical. People associate this as a technical and development thing. In the end, onboarding applications should be a business problem, not a development problem. They have take the technical work out of it. That is why we have to completely custom build a framework. Our work is not about connecting 20 or 50 target systems, as we have to connect thousands, which is difficult to do one-by-one. 

The end user experience needs improvement. One of the things the end users complain most about is the shopping cart, because they are not really on eBay or Amazon buying things. They just need access to business applications. Why do they have to click so many times? We probably have around 20 calls a day because a user hasn't got access, not realizing they haven't completed the shopping cart. So, I would recommend removing the shopping cart.

What do I think about the stability of the solution?

Stability has been a challenge. With version 8, especially post go-live, we had a lot of problems. We were doing care everyday on One Identity Manager for a good month and a half, just fixing things. Therefore, stability was not great at that time.

What do I think about the scalability of the solution?

It is not really scalable. We had to put in a lot of customization to make it scalable. We ended up putting in a lot of instances to build it up to our scale, not only for performance capability, but for change capability. Therefore, if you have to scale for a large amount of people with several different themes, changing the configuration in One Identity can be hard to coordinate. Everyone has to have their own environments to work in; you cannot work in a joint environment easily.

The policy and role management features are a bit hard to scale. The whole model for who can do what and how to set it up is not so well-governed for a larger organization. The demos are always shown for a 100 or 1000 people, but when it is a large number, it is quite difficult to maintain.

How are customer service and technical support?

The technical support lacks the knowledge on custom deployments. They have good knowledge on the base product, but they lack the knowledge on the custom deployments. 

Their attitude is a bit strange. Quite often, we have to prove that there is a problem with the product rather than having them prove that there is not a problem with the product.

Which solution did I use previously and why did I switch?

We had some audit issues. We had a distributive access management landscape (fragmented landscape) that we wanted to centralize, because we had a lot of in-house built tools (very narrow scope of tools) that only did one thing. It was expensive to run a lot of different tools, and we wanted to replace it with one tool.

How was the initial setup?

The initial setup was complex. There are a lot of processes, which have to be covered, with a lot of users. Everyone is affected in the organization. It is not an easy thing to standardize, so it is quite complex. Then, we have five different port identity systems working together. This also makes it quite complex with the data replication between them. Therefore, it was not a straightforward thing to do. However, access management isn't a straightforward thing to do.

The SAP integration is quite cumbersome and long. It took many years. With the new addition of the SAP client to the new system, it is not so difficult anymore. However, there are some challenges with the new SAP technologies where they are not really supported by the One Identity tools.

What about the implementation team?

We have used several consultants for the deployment. We used One Identity Professional Services, Data Consulting, Mphasis, Microsoft, and other smaller ones, which usually come through an umbrella company.

What was our ROI?

We have improved our security.

It has increase employee productivity when it comes to provisioning and controlling access in the system. It previously used to be distributed between a lot of things. Now, we can do them all in a central way. We are now more automated. End users know where to go to access critical business applications. In the past, it was email-based, textile-based, phone calls, and service tickets, so it was hard to know how to get access.

Which other solutions did I evaluate?

We have a different product for privileged account governance.

What other advice do I have?

Evaluate how you can do the rollout, how will you approach the rollout, and if you have other application. Check how you are going to do the rollout and plan for it, then evaluate the products against it.

It has increased our help desk calls a lot. We probably have between 60 and 100 access calls related to access management processes in One Identity Manager a day.

One Identity Manager has not impacted our cloud strategy and its management.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros sharing their opinions.