One Identity Manager Reviews

Our company hosts our on-premises application with this solution. It is not a complete SaaS product but rather a hosted environment in their tenancy. 

We have an internal team of four administrators and site developers who manage the solution and provide support to 2,000 employees. Our operational model includes contracting with professional services for new development, managing releases, and deployment. 

The solution is a typical, conventional IGA but the tool itself offers many options for customization. Some other products are easier to implement but don't have the same customization capabilities. 

The product must include SaaS in the future. 

The use of the administrative tools is cumbersome because too many are required for configurations. For example, the solution requires master usage of eight different client tools so it is excessive to manage the product. A small fix or deployment requires opening three or four different client tools that are not intuitive or easy to use.

The user experience and interface need additional improvements. Version 8.2 included improvements to the GUI and the inclusion of Angular JS which is better. However, the interface for 8.5 is a bit basic. 

Mastery of VB.NET is required to develop using the solution. Most developers use Java or .Net and VB.NET kills the vibe. We have to use VB.NET internally when working within the solution and that really needs to be modernized. To be honest, no developer is interested in learning VB.NET because it is a substandard language compared to newer options. 

I have been using the solution for six years. 

The solution is very stable and we rate it a twelve out of ten. However, reaching that stability is torture. 

We had issues and bugs because of customization requirements and it took us a year to go live. Too many custom processes cause issues even though the end result is stable. Gathering things to implement and install takes time. In our case, the implementation document for us to go live was 500 pages and that was a bit terrifying. 

The solution is scalable and the database is the key element in integrations. Everything connects to the central database which is a benefit because then the database becomes the central configuration management tool. If you upload DLL code to the database, it pushes it to other components. It is a well-designed central configuration approach. 

This approach can be a bit of a drain on performance because everything is connected to the central database. It is important to keep on top of database health with the solution.

Support needs to be better because this is a framework-style product and your own developer needs to be able to work efficiently with theirs. Sometimes a problem is in the development code, not the core product functionality. It takes too much time, as operational support to investigate and find the root cause. The solution offers amazing functionality for the framework, but if you didn't write the code yourself you are in trouble. 

For example, if a third party writes code and then their involvement ends, an issue in production that needs support won't get it because the third party's code error is an unsupported area. 

If your company's active management processes are not aligned with ISO or NIST standards, a lot of customization is required and this is the best solution. For ITSM, this is also the solution to use. 

If your processes are aligned then other solutions are appropriate. For a product like SalesPoint, the solution might be ServiceNow. 

The initial setup is very complex and I rate it a four out of ten. 

Deployment depends on the project scope. If the project is smaller, you can connect with Active Directory and auto RMS on the same day. However, if you want joiners, movers, or leaders to go live, it becomes more complex. 

The pricing is good and I think more money is made out of selling professional services than the product itself. 

Developers who have worked with the product won't need the assistance of professional services. It is easy to implement once you are accustomed to the product. 

Someone new to the product would need 20-30 days of services a year and in that scenario, it is expensive to develop and maintain. 

I rate this solution a six out of ten. 

We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.

In terms of what I found most valuable in  One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.

A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.

I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.

Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.

I've been using One Identity Manager since 2008.

One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.

Scaling up One Identity Manager is extremely easy.

I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.

We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.

In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.

How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.

I've seen ROI from One Identity Manager.

The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.

We evaluated SailPoint and Saviynt apart from One Identity Manager.

I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.

Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.

My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.

I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool,  the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.

My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.

We used One Identity Management for 15,000 employees of a financial services firm. In addition to the IM functionality, we leveraged One ID for Identity Governance - including access certifications.

We had automated provisioning of users based on HR data. This automatically created 4-5 base accounts and birthright access for users. In addition to that, we leveraged the IT shop to request roles for users which, for the most part, automatically provisioned access to users.

In addition to this, we used the Attestation features of the product to aid in our User Access Reviews.

There were significant productivity benefits over our previous platform with the increased automation which took the process of onboarding staff down from days to minutes. It allowed user self-service for additional access. The approval process was tracked and auditable.

It also improved our security controls with tighter de-provisioning, where we would automatically terminate a user's access when they left the company. In addition, regular user access certification campaigns were undertaken to review staff access and to ensure staff only had the access required to perform their role.

As the team supporting the platform, one of the key features One Identity Manager has that was very valuable was the administration interface which allowed a quick easy overview of staff, their entitlements, and how they had were entitled to access.

Centralizing identity management allowed for a centralized governance model. 

The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be. 

The blessing and curse with One Identity Manager was its flexibility and the ability to solve business problems in a number of ways. We fell into that trap of over-customization which made upgrading the product difficult. An improvement would be to offer guides on how you should set up a base configuration. There should also be integration guides to key systems like Active Directory.

In addition to that, we had some slowness with the IT shop when we had significant amounts of data, users, etc., in the system and there were some slow database queries that needed to be optimized and patched. This caused some slowness when running Attestation campaigns. 

I used the solution for over 6 years.

Overall, the tool was stable. Our issues were mostly around customizations and bad data.

The tool is scalable and can include a number of the usual infrastructure scalability options.

Technical support was good, for the most part, especially when the local support team understood our level of expertise. If we were raising a problem it was a real problem and we were put through to the level 3 support quickly.

We had a previous Identity Management Solution and we swapped it out as the old solution had little investment in its user interface and we needed a better interface for our users to be able to self-service effectively.

It was a complex setup process, however, it was the first time it was done in the country 7 years ago. Getting the product installed was straightforward. It would be important to follow a proper SDLC with requirements being a key initial piece of the puzzle to help you maintain costs.

We used a mix of vendor and in-house resources on the project. Like the in-house resources, the vendor at the time had no prior knowledge of the tool so it was a learning journey for both sets of resources.

When we started the journey 7+ years ago, there was a limited skill set in the market, and that is still the case today. 

Like all Identity Management projects, setting firm requirements upfront is important to maintain costs.

We did evaluate other options, however, I wasn't involved in that process.

Look to limit customizations where you can; it can be easier to customize the tool in the short term, however, it can result in significant technical debt and effort in the future.

We use it to manage identities, We have around 12,000 employees who need to be managed, which is a lot of people worldwide. It is sort of stressful to manage proactively unless you have automated systems.

We have an SAP connector since we have integrated the solution with our HR database.

Simulation mode of One Identity Manager for company policies, station policies, business roles, etc.

The solution is flexible. You can customize it a lot. You can also customize parts of it. You can can build connectors, connecting them to a new application, and so on.

There are some good things about the policy and role management features, but you can't really use them to their full potential. A lot of customizing that we have to go through to implement new processes and new customized policies could be better. Though, overall, it is great.

They need to implement a lot of best practices for this solution.

The stability is okay. It really depends on if there have been changes made on the database where you are trying to obtain your data.

I haven't had much contact with the solution's tech support. My partner contacts them.

Our company didn't have any of this type of solution before, so it's a totally new process that we're going through at this very moment.

The initial setup was quite complex because you run into some existing policies that the company already had. There was some trouble with some inconsequential policies.

We used our partners, who are an integrator. Everything is in one box.

The solution has helped us increase employee productivity when it comes to provisioning user interface systems. Our employees get everything that they need the day that they start.

Build a strong team for this solution because there will be a lot of issues that you will have to go through, especially on your HR database. Build a team that knows how to listen and how to act.

The SAP integration process was quite interesting. You have to search for the answers in the right department with the right people. After that, it becomes easy.

We are currently not on the cloud.

We primarily use the solution for background management. It's used for provisioning and license management. 

The solution has helped a lot with compliance. We can review access and have recertification alerts that make governing very easy. 

It's very easy to roll out. They do have various defaults available, so you have a variety of rollout options.

It is very easy to handle complex requirements. It provides a very good user experience.

I like the user interface. I'd rate it three out of five.

The solution provides an attributes-based setup, a dynamic role setup, and many other features for enterprises. It provides a single platform for enterprise-level administration. 

It has an easy user experience. It's great. From an intuitiveness standpoint, I'd rate it three or four out of five. It tries to make it easy for administrators to fulfill requirements, even if it needs to be customized. 

The customization is top-notch. It's the best compared to any other tool we've used. It fulfills a lot of needs. I'd rate the level of customization three out of five. 

While I haven't really used the solution's business roles to map company structure for dynamic application provisioning, leadership has used it for this purpose. My understanding is that it is quite good.

The product does help minimize gaps in governance coverage for test development and production servers.

It's helped us to achieve an identity-centric zero-trust model.  We are able to set up dynamic rules centrally. 

The interface can be a bit complex for an administrator to manage. I've used it for a long time; however, for a bit, I was confused. They need to work to make it easier to understand more quickly.

I've been using the solution for a year and a half. 

The solution has great stability. I'd rate it eight out of ten. 

We had 20 to 30 resources involved in the solution. The scalability is very good. I'd rate the scalability seven out of ten. There are some slight challenges, moreso related to human error; however, beyond that, scalability is great.

Technical support has been responsive enough. We do use premium support. You get a great response time and it helps us manage things very smoothly. It also offers support for many different regions. They've helped a lot with integrations. 

Positive

I have used different solutions in the past, including CyberArk. This solution, however, is great for identity governance. 

There was no problem with the deployment process. It took around a week to implement - maybe less than that with planning in place. It usually takes about two weeks to deploy.

The product is fairly priced. 

I'd rate the solution eight out of ten. 

I'm a customer of the vendor. 

My primary use case for the solution for the last several years was migrating from version 6 or older to version 7 or 8. Most of the time, we implement new features, optimize existing features, or do project management for the customer.

Our customers have a higher degree of automation and compliance. The product has a good self-service portal, which makes the IT processes a lot better and easier for the end customer.

We have integrated the solution with SAP. Our customer wanted us to do the implementation for web-based administration. They wanted to have easier access to provision their accounts into their system. Because until then, most of the customers were inputted manually. Now, they can automate it, which makes it a lot easier. They can monitor the segregation of duties, such as the financial aspects of it, in SAP.

There are so many different connectors out-of-the-box, and the solution works fine. Overall, the product works well and is very good tool, which functions well.

It's pretty flexible because you can use it in almost every way you want. It is very open. It provides good insight on all the basic job chains, and you are free to use, extend, or change it.

I am waiting to see the new API for the web.

There are several smaller parts of the tool that have room for improvement. One Identity currently is in the development process of fixing these issues.

It is quite stable if you know how to use it right. If you have a good implementation, it is really robust. 

The technical support is pretty good because we can reach the right person directly. We also get escalated quickly, if necessary, to the development team. So far, it has been a good experience.

There is a good support team if you have issues. There is a really nice path to get in touch with them.

The initial setup was pretty straightforward because the documentation is really good. It was even easy to train junior employees in our company since the documentation is easy to read and straightforward.

This solution has helped to reduce help desk calls for a lot of customers because of the password reset. People can now reset their own passwords. That is a great benefit for customers.

This solution has helped to increase employee productivity when it comes to provisioning users.

Look at one or two videos online on the One Identity YouTube channel. Get in touch with some of their people and possible get a short preview of their products. That is the easiest way, so you can set up a test environment pretty fast be shown how simple the processes work. 

One Identity has a very strong community combined with the tool. They also have a very good relationship between partners, customers, and themselves.

It is easy to extend the product for custom purposes. 

The primary use case for this solution is implementing them at the customer site, according to the customer's business needs. E.g., certain customers needs an attestation case. 

The reason for implementing this solution is the need to become somewhat more in control. There is also the ease of use for connecting products to target systems, like an Active Directory or Exchange.

I had an organization which had no idea of their user accounts and who owned them. It took me two weeks, and out of those two weeks, most of the time was spent waiting for the user accounts to connect to the Active Directory. Within two weeks, we knew exactly how many orphaned accounts that they had. This was a huge deal for the customer. They never realized that within such a short time frame that they could be able to better view their Active Directory, who owned which account, and how they could start cleaning it up. This is a very basic feature within the product, but to the customer, it is a huge leap.

The policy and role management features are superb. If you have a customer who is willing to go somewhere with role management, then the possibilities are endless with the product. It is well-structured, and the architecture is well-defined. I am quite content with it.

The solution is flexible. It is based on modules. Depending on the customer's needs, you can implement the different modules, which are accompanied with it. 

I would like better integration with cloud apps, but I just learned this week that there is already a pretty advanced cloud integration. So, what I would like to see is already implemented, but I just need to start using it.

When I first started using it, way before version 7, the manual wasn't comprehensive.

The UX design needs improvement, but I have noticed that people are working very hard behind the curtains to make sure that UX is designed in such a way that the end user is going to have a much easier time using the product in future releases. My ideal was a product designed by IT guys with an IT guy mindset, not without realizing thousands of people in an IT portal would be using the product. Therefore, it took my customers many hours to find the correct links to order something from the IT shop, but I know One Identity is working very hard to improve this as well. If they could improve the UX within the Manager tool, this would be another huge upgrade in just lowering the learning curve of how to use the product.

If well-implemented, the solution is extremely stable. What I have been confronted with is I am usually joining an ongoing project, which has been implemented quite messily: 

• The basic features of the product usually aren't used. 
• Customization is too spread out, and in a very inefficient way, making the product very unstable. 

It should be implement with the out-of-the-box features. When used with its features, it is extremely stable.

With the technical support, I create a case, then within a few hours I receive a reply. So, I'm very pleased with the technical support. However, some features aren't supported. It is based on your own risk, which I can accept, but I would be happier if they would provide me some additional information about them anyway, e.g., deleting tables or columns. 

You need a bit more knowledge than with the One Identity Manager product. You also need to be knowledgeable about servers and IIS servers for the web server. However, if you just follow the manual, you will get very far. Sometimes, you just need to Google somethings.

The SAP integration is extremely easy. The first time that I used it, I picked up the user manual, and typed in some user account system clients and passwords, then I was connected. It doesn't get any easier than that.

Once you are past the learning curve of the product, the most valuable feature is the ease in which you can implement the product.

It has helped to reduce customer costs.

For the customers that I have worked with, this solution has helped increase employee productivity when it comes to provisioning users. For example, if someone joins the company, then someone else will need to realize a member has joined the company. They need to create a ticket or call someone they know within the Active Directory team. This usually takes at least three to four weeks before they are able to make someone work efficiently. With One Identity Manager, within a few months, you can reduce four weeks time to a few days or even hours.

It needs flexibility in the licensing or packaging, because you buy the entire package at once, and sometimes the customers are a bit overwhelmed with whatever they get. I would like if they could cut the licensing or packaging into somewhat smaller things.

It isn't that hard of a product to use. It's actually very easy to set up. Your business case is much easier than you think, forget the word complex. Just use the product as it is meant to be used, and it will make your life easier. It will also make your customers much happier,  reducing the time to implement something or making the company grow. 

I have done some basic SAP integrations just using the out-of-the-box connectors. After connecting it, the customers with their own technical teams go in and clean up SAP.

The customers that I am working with haven't moved to the cloud yet or are just starting move to the cloud. I am pleased to see many steps are being taken to make cloud integration much easier from version 8 and up.

I am interested in finding more out about the privileged account governance features.

We are managing the entire trend for our identity management, from HR hire until offboarding. We use it for managing all the IT accounts in the company, which has hundreds of thousands of identities.

At the time of the onboarding, this is solution that we have interfacing with HR. On the same day an employee is hired, an account is created and available for the manager when the end user arrives. The opposite is true. The moment employment is terminated, the same day everything is disabled, then later deleted.

We have integrated it directly with SAP, since our HR source of information is SAP and more than 80 percent of our business is run on SAP. Therefore, we have the largest SAP installation in the world. It's fully integrated, so we are creating, managing, and provisioning in SAP, as it is the core of our business. We are synchronizing for SoD, so it's working well. We are using different aspects of the integration.

The overall capabilities of the identity governance and administration (IGA) solution for identity management.

The flexibility of the solution: We are able to use what is out-of-the-box, customize and prioritize it, then further develop it to meet our needs. Our use for it is very complex, but we are able to achieve success with One Identity.

The back-end, its capabilities, and workflows are very good.

I would like a more friendly web UI. This is something that they are already starting to work on. 

Because of our volume, the monitoring of the solution, several job servers, and DBQs has been very time consuming for us.

I would also like it to have an easier integration with phones.

With the current version, the stability is very good. With the previous version, it was not good. We are now in version 8, and it's really stable and performing.

Without this solution, because of our sheer size, we cannot manage our own house.

We are paying for premium support, which is expensive. However, we do receive very good, fast support.

What we implemented is very broad. We implemented basic identity management: workflow, self-service, and shopping for roles. We also implemented SoD. To implement all of this and because of our size, we had to work with partners and One Identity, which was a complex process.

We have seen a little ROI when there was a restructuring reduction in the market for user management teams, but not enough to cover the cost of the project. The focus was on security compliance, not on return on investment.

This solution has helped to reduce help desk calls. We are a very big company, so we have implemented thousands of role-based access controls which give rights to the users. Based on their movements, we are removing or assigning access. We also have the entire onboarding process fully automated. We have removed more than 90 percent of all manual requests for accounts.

This solution has helped to increase employee productivity when it comes to provisioning users. E.g., We can give users access in under a day. It is now based on how long it takes for HR to perform the action to onboard the employee.

We started an RFP in 2013 or 2014. Then, the end of the process was in 2015, we selected One Identity Manager by comparing it against many other vendors.

Define what you are researching. Write down use cases you need. Then, ask for a demo with you data, so you can see actual results.

We are working on our IT cloud strategy. We are starting to do cloud provisioning integrated with our identity management.

We use it for compliance, but not directly for GDPR.

We are using the policy and role management features.