One Identity Manager Reviews

We mostly use One Identity Manager for the tasks of onboarding and offboarding business roles, assigning permissions, and ensuring that we have a record in auditing to fill out compliance needs.

It allows us to do a lot more tasks in an automated way. Previously, we had to do a lot of things manually. Because of the automation, it allows us to assign a resource. We just have to name a resource. This allows us to transfer some tasks to the first line of the service desk, allowing our IT to concentrate more on other tasks and the needs of the business.

The most valuable feature is the configuration of users, especially onboarding and offboarding SAP roles. It is very important this is done in a fast way, especially in connection to the SAP HR system, where we can get a user onboarded as soon as they have the information recorded in HR.

Connections with more clouds systems is already planned. The more that we can use One Identity to connect with other systems to manage all the applications accessed throughout One Identity, the better. I would expect to have more connections and setups to other systems.

Visually, I would like it to be more user-friendly. Version 8 looks visually like version 6, so this still needs improvement in later versions.

The performance is quite bad, but this is because we have a very old version.

We only use the privileged account governance to identify the type of the account where there are no functions designed behind it. This will probably be something that we will develop more in version 8. Because in our current version, we don't want to add more functions with the performance already being poor.

It is not an all or nothing scenario. It's very good that you can choose exactly what fits your business.

We used a partner. So, we don't use the support service directly from One Identity. All the support that we need is done through our partner.

We didn't have a solution to manage identities previously. The need to have an identity management system came from auditing, our SAP needs to have monitoring, and the need to control SAP accounts and roles.

One of the main reasons, in the beginning, to go with One Identity Manager is to have integration with SAP. It's very important to have our business roles and privileged access monitor always up-to-date, especially if you have privileged users and firefighters. You need to monitor their access very carefully.

For version 6, the SAP integration out-of-the-box can be quite exceptional. The configuration might be a bit harder to do in the beginning, but then the functionality and the way it works is very easy and straightforward to use. 

We have reduced about 60 percent of our help desk calls, especially for onboarding and simple tasks that do One Identity automation.

The solution has helped us increase employee productivity when it comes to provisioning users and systems. Now, we have standardization for all countries, where we are in 36 countries, presently. It is very important to be standard in the way you work with the solution. 

Because we have implemented automation to our tasks, we have probably reduced time from a few days to a few hours.

The product is quite flexible. In my previous company, I worked with Microsoft products. Now, I am using One Identity. Its functions are easier to use and more intuitive. You also have more functions available to businesses.

Check the big picture and what exactly the company needs. 

Choose the partner wisely. It's always important to make a successful implementation. 

One Identity Manager is good because it allows you to choose at a granular level exactly what you need for the business.

This is not how it's implemented currently with us, but especially in compliance GDPR and privacy settings, you can have more granular permissions on privileged accounts and be able to monitor who makes changes on the accounts in IDN.

We only have very basic functions now. However, the solution will have an impact on the roadmap of the company and on our company's roadmap of IT solutions to come.

As consultants, we use it for provisioning, for access management in SAP, for AD access management. In the future, we may use it for many other applications like SafePoint and Office 365.

It improves organizations because role requests are automated, as are provisioning and deprovisioning; all of that is automated. 

It saves time and improves productivity because otherwise, people would be calling the helpdesk. Productivity is improved because everything is automated. A user makes a request and a workflow is triggered. It sends mails to your manager or to the product owners for approval. If everything is working properly, productivity increases.

Even without any customization, if you install it, configure it, it's ready. We may do some small customizations afterward, but the product is really good as is. It's very powerful. Without any customization, it starts working.

There is also a new feature, the Sync Engine, which is very good. Before, without it, the initial onboarding of HR systems was very difficult.

The policy and role management features are good, but not well-implemented in many companies because it's not that easy. It takes time. We are starting to use attestation in our current project and to follow the company policies. It takes time, but the feature is good. The company policies feature is really good because in workflows you can check whether the policies are all working. It's a good feature, but I don't think it is very common in many companies.

In terms of privileged account governance, in all of our previous projects we created privileged accounts and, again, with the new projects, we are going to start managing privileged accounts through One Identity. This feature is good. The new features are really good.

Finally, the product is flexible. We can easily customize almost any part of the system, such as having logic code inside the templates, inside the tables. And we can create processes as well. The customization makes it really flexible.

One Identity has a self-service portal but many customers need a helpdesk where they can go in and request. To make that happen we need to do a lot of customization. Maybe that could be improved, but it can be implemented.

The current version we have is stable but there are bugs, of course. There are many bugs. Many customers may wait for somebody else to move their systems and after they get the feedback, only then will they move. Each time there is a new release, it takes time to become stable.

It's scalable.

Technical support depends on the level. Level-one is not as knowledgeable as level-two. But, overall, their level of knowledge is good.

For me, the setup is easy, because I have a background in Microsoft technologies. That makes it really easy.

We are currently working on integrating it with SAP, but we are customizing a lot of things to fit with the current company's requirements. Their requirements are quite different from the out-of-the-box settings. Next month is the first SAP system go-live.

After the SAP onboarding, we will look at the cloud. I have fixed some bugs in the code for the Office 365 onboarding earlier. That was a very early version with custom connectors to Office 365, version 6. But in terms of a cloud connector, we have not started to work on it yet, in the latest versions.

• The GUI is very impressive and clean (even cleaner and minimalistic in v7).
• JobQueueInfo does an amazing job tracking all processes.
• Synchronizations are easy to set up.
• Reporting capabilities are fantastic once you get the hang of using Report Editor.
• WebDesigner allows a lot of customizations to be added to the web project.
• Schema and table names are very logical. It is very easy to find something in the database just because of the fact that the naming convention in the schema is very logical and consistent.
• It's a feature-rich product: a suite of very powerful tools with a lot of functionalities once you get the knack of them.

• Auditing becomes easier from an admin perspective.
• There is more control over everything.
• Processes are much better defined.
• People tend to take some functional roles much more seriously. There were some roles that were very old in the organization but the legacy implementations did not grant much value to them. Q1IM's implementation of those roles really enhanced the value and the role members had clear responsibilities/tasks defined that they had to abide by.

• DBQueue processes can bottleneck the system at times. In v7, its apparently re-architectured, and is better. There can be too many of them and they process very slowly, causing actual processes to take a lot more time to complete.
• There should be a way to define fail-over job servers in process steps. Job servers can become a single point of failure.
• Better support for Oracle back end databases. SQL support is good and KBs are easy to find. The same level of support should be available for Oracle if the product claims to support it.
• A better migration tool for v6 to v7 upgrade, especially for the Oracle back end.
• There should be a way to separate out the front end (IT Shop) from the back-end processes. If the submission of a request through the web portal is done and it gets stuck computing something in the back end, the front end control should still be granted back so that the user can continue navigating freely across the site. Currently, if a request is submitted and it is taking time to process, the front end just gets stuck on a spinning wheel (loading wheel).

I have used it for ~2 years.

If the requirements can be met through product configuration, then issues don't arise as often. Customizations (depending on complexity) can be problematic at times.

Transporting change labels across environments can be confusing. It should be noted that the content contained in change labels should be documented right from the beginning of the project and all team members should be on the same page.

It's more about getting used to the correct way of working with the product rather than issues with deployment.

I have not encountered any stability issues.

We implemented the tool in an environment with roughly 35,000 active employees and over 2,000 service accounts. A few things I noted were:

• The web portal (IT Shop) tends to get a bit slow loading information for certain roles that have access to lookup all employees.
• The admin tools can also get a bit slow while loading too much information at once. For example: Loading user account information under the Active Directory tab in Manager can take a long time.
• We had various rules defined in our scripts for central account generation. One of those included a check in a history table to avoid granting a user name which has already been used in the past thus avoiding collisions. This caused our contractor account requests through the web portal to become extremely slow. Submitting a user account request from the IT Shop could take up to four minutes at times. We had all necessary columns indexed and the code to generate CentralAccount was written by the vendor team itself but the slowness could not be tackled.
• There was always a direct relation between the slowness we faced and the number of employees the environment managed. For example: Account requests used to take roughly 20 seconds in our development environment which had roughly 15k users and almost 25k entries in the history table we maintained to avoid username collision. In our production environment, it took way longer since the number of employees increased to ~35k and entries in our history table exceeded 150k records.

Customer service was just average during implementation phase.

Technical support is decent overall. However, some SRs took way too much time to resolve for the value they provided.

Some escalation engineers are very knowledgeable and troubleshooting sessions with them can be really worthwhile and informative.

We previously used legacy scripts with Microsoft FIM as the backend. FIM was too old and not user friendly at all. It was ancient in terms of IDAM and there were far better products with a lot more capabilities.

Setup was straightforward. Initial JobService configurations ends up being a bit confusing.

It was a hybrid implementation: We had an in-house team and a vendor team during the time of development for the first phase of the project. The second phase was done purely in-house.

The vendor team was not good. It was just average. There were a lot of times when we felt communication was lacking from the vendor side and at times, there were mistakes in the implementation, also. We recognized some errors long after the product had gone live. Overall quality delivered during development was not up to the mark. Average experience during the first phase with the vendor caused us to stick to a complete in-house implementation for the second phase.

Vendor teams (at least in the US) should be trained more about the tool's capabilities. I have heard that European vendor teams are much better with a lot more knowledge about the product.

Before choosing this solution we also evaluated TIM, OpenIAM, OIM, and SailPoint. All had week-long PoCs with us. We chose Q1IM (at the time, D1IM). SailPoint was a close second.

It is certainly a leading product in the IAM sphere.

Our primary use case was to onboard certain applications for a customer.

One Identity Manager helps minimize gaps in governance coverage among various servers. If you are trying to do an access review, or want to grant access to someone, these generally require a review process. Those kinds of reviews are done manually if there are no governance tools. This tool makes that process smoother. It sends automatic reminders and will automatically discard a request if someone does not approve it. We can even configure it so that if someone has not approved it five times, it can be auto-approved. It streamlines the whole governance process and reduces a lot of manual activity with automation.

It also helps streamline application governance when it comes to application access decisions, application compliance, and application auditing. Previously, these processes required a lot of manual work, but that work has now been discarded.

Another benefit is that One Identity Manager definitely helps application owners make application governance decisions without IT. It sends regular notifications and anyone can see what is pending on their plate. They can take action on what should be a part of their application and what should not be a part of their application, and make informed decisions.

An outstanding feature of One Identity Manager, compared to SailPoint, is the dashboard where they present everything. With the dashboard, the customer can see how the integrations have happened. It is more presentable than what we have with SailPoint. The user experience is good because everything is exposed on the dashboard. They can tweak it a little bit if they want.

Also, using its business roles to map company structures is fairly easy and good, similar to SailPoint. It is handy. This function is very important because today, most organizations rely on RBAC, role-based access control. If a tool offers identity management capabilities, it must also offer role-based access control. Both One Identity Manager and SailPoint offer good role-based access controls. It's easy to configure and use.

I have used One Identity Manager for S/4HANA from SAP, and that was a very complex integration. S/4HANA has a very complex permission structure, and you cannot find the segregation of duty. That means you cannot do policy violations and policy checks. One Identity Manager does not provide a very flexible way to do segregation of duty based on the permission structure of S/4HANA. Doing so is beautiful in SailPoint, which has a more robust way of doing it.

Also, integration with various applications should be made smoother. It is very difficult right now for regular implementers.

Access reviews are another thing that is not that good in the solution. It needs improvement.

Entitlement management is another area where I have struggled a lot, wherein you try to manage the access of users to various applications. It is not that smooth in the solution.

These last three items need to be improved on a very urgent basis.

I used One Identity Manager for about six months.

On a scale of one to 10, where 10 is the best, if I look at the stability equally across all features, One Identity Manager is an eight and SailPoint is a nine.

The solution is very scalable.

I have not interacted with their support.

Onboarding certain applications for a customer was something that gave us difficulty with SailPoint. And the primary driver for switching was cost. SailPoint was very costly and One Identity Manager was a little bit cheaper.

The user experience is good, but the implementer's experience is not that great. As an administrator, when I'm trying to implement a solution, it is a hectic job.

The time it takes to implement depends on the requirements. If you want, for example, to integrate Active Directory, it will take two to four hours because it is an out-of-the-box application and very common. When it comes to complex applications like SAP, HRM, or ERP solutions, they have complex infrastructures. Integrating such applications takes no less than five to six working days.

The number of people involved is based on how big the project is. If it involves implementing 100 applications, you definitely need a team of 15 to 20 people to complete it within one year. But if you only have to onboard five applications with One Identity Manager from scratch, where you have to install the product, it will take six to seven months. With SailPoint, it takes a little bit less time.

We used the help of One Identity partners because we don't have expertise in One Identity Manager. We are SailPoint experts. They were involved in architecting the whole solution from the beginning as well as in customizing it.

The partners struggled a bit because some of the features are not that flexible in One Identity Manager. The product has all the capabilities required, but it is not that implementer-friendly.

In terms of the training that the partners provided to our customers, I was not present, but the feedback from the customers was that it was okay. They understood things.

Overall, the value provided by One Identity Partners was a seven out of 10.

The price of One Identity Manager is cheaper than SailPoint. When we initially suggested SailPoint to some customers they were surprised at the price, so we then suggested One Identity Manager and they went with that.

In addition to the licensing fees, there are costs for customization if you want to build custom modules.

In addition to SailPoint, I have worked with ForgeRock, Microsoft FIM a long way back, and others.

SailPoint has a lot of advantages as compared to One Identity Manager. First, the installation time is very short, and the process is very smooth. Second, it is an implementer's tool, meaning an implementer enjoys developing applications with SailPoint. SailPoint may not be that user-friendly, but it is very implementer-friendly. Implementation is easier with it. And because it is implementer-friendly, implementers can add value to the product, meaning its capabilities can be enhanced based on customer requirements, which is something that is lacking with One Identity Manager. And compared to SailPoint, One Identity Manager has fewer features.

Most of my customers in the region where I work, The Middle East, prefer on-prem solutions. They don't like the cloud. SailPoint and One Identity Manager both have on-prem solutions, so I am focusing my comparison on them.

I have also worked on cloud-based solutions but they have their challenges.

For enterprise-level administration and governance of users, data, and privileged accounts, One Identity Manager is average. Its privileged account management is lacking in capabilities. You have to integrate it with various other PAM tools and only then can it be used for that.

One problem with almost all identity managers today is that the implementation is based on certain information. After that, if certain big changes happen in the organization, you have to reflect all of those changes in the identity management solutions by doing certain customizations or implementation activities. That takes a good amount of time. That complexity is present in almost all identity managers today. It is not very quick when it comes to making changes.

Regarding Zero Trust, that is a buzzword as well as a big word. One Identity Manager alone cannot achieve an identity-centric Zero Trust model. It has to start at the network level through the identity management level, and we have to integrate it with multiple different solutions. We have not achieved Zero Trust for any organization yet.

One Identity Manager is mostly suitable for identity governance capabilities but is not that suitable for access management or privileged account management. If you are evaluating this product for access management or privileged access management, you should not go with it. If you want a governance product, go ahead and use this one.

The primary use case for this solution is implementing them at the customer site, according to the customer's business needs. E.g., certain customers needs an attestation case. 

The reason for implementing this solution is the need to become somewhat more in control. There is also the ease of use for connecting products to target systems, like an Active Directory or Exchange.

I had an organization which had no idea of their user accounts and who owned them. It took me two weeks, and out of those two weeks, most of the time was spent waiting for the user accounts to connect to the Active Directory. Within two weeks, we knew exactly how many orphaned accounts that they had. This was a huge deal for the customer. They never realized that within such a short time frame that they could be able to better view their Active Directory, who owned which account, and how they could start cleaning it up. This is a very basic feature within the product, but to the customer, it is a huge leap.

The policy and role management features are superb. If you have a customer who is willing to go somewhere with role management, then the possibilities are endless with the product. It is well-structured, and the architecture is well-defined. I am quite content with it.

The solution is flexible. It is based on modules. Depending on the customer's needs, you can implement the different modules, which are accompanied with it. 

I would like better integration with cloud apps, but I just learned this week that there is already a pretty advanced cloud integration. So, what I would like to see is already implemented, but I just need to start using it.

When I first started using it, way before version 7, the manual wasn't comprehensive.

The UX design needs improvement, but I have noticed that people are working very hard behind the curtains to make sure that UX is designed in such a way that the end user is going to have a much easier time using the product in future releases. My ideal was a product designed by IT guys with an IT guy mindset, not without realizing thousands of people in an IT portal would be using the product. Therefore, it took my customers many hours to find the correct links to order something from the IT shop, but I know One Identity is working very hard to improve this as well. If they could improve the UX within the Manager tool, this would be another huge upgrade in just lowering the learning curve of how to use the product.

If well-implemented, the solution is extremely stable. What I have been confronted with is I am usually joining an ongoing project, which has been implemented quite messily: 

• The basic features of the product usually aren't used. 
• Customization is too spread out, and in a very inefficient way, making the product very unstable. 

It should be implement with the out-of-the-box features. When used with its features, it is extremely stable.

With the technical support, I create a case, then within a few hours I receive a reply. So, I'm very pleased with the technical support. However, some features aren't supported. It is based on your own risk, which I can accept, but I would be happier if they would provide me some additional information about them anyway, e.g., deleting tables or columns. 

You need a bit more knowledge than with the One Identity Manager product. You also need to be knowledgeable about servers and IIS servers for the web server. However, if you just follow the manual, you will get very far. Sometimes, you just need to Google somethings.

The SAP integration is extremely easy. The first time that I used it, I picked up the user manual, and typed in some user account system clients and passwords, then I was connected. It doesn't get any easier than that.

Once you are past the learning curve of the product, the most valuable feature is the ease in which you can implement the product.

It has helped to reduce customer costs.

For the customers that I have worked with, this solution has helped increase employee productivity when it comes to provisioning users. For example, if someone joins the company, then someone else will need to realize a member has joined the company. They need to create a ticket or call someone they know within the Active Directory team. This usually takes at least three to four weeks before they are able to make someone work efficiently. With One Identity Manager, within a few months, you can reduce four weeks time to a few days or even hours.

It needs flexibility in the licensing or packaging, because you buy the entire package at once, and sometimes the customers are a bit overwhelmed with whatever they get. I would like if they could cut the licensing or packaging into somewhat smaller things.

It isn't that hard of a product to use. It's actually very easy to set up. Your business case is much easier than you think, forget the word complex. Just use the product as it is meant to be used, and it will make your life easier. It will also make your customers much happier,  reducing the time to implement something or making the company grow. 

I have done some basic SAP integrations just using the out-of-the-box connectors. After connecting it, the customers with their own technical teams go in and clean up SAP.

The customers that I am working with haven't moved to the cloud yet or are just starting move to the cloud. I am pleased to see many steps are being taken to make cloud integration much easier from version 8 and up.

I am interested in finding more out about the privileged account governance features.

We obtained tickets for user access roles to grant appropriate access to specific target systems. To process these tickets, we need to determine the user queue number, search for the corresponding user in One Identity Manager, and verify their target roles. The process includes understanding how to resolve each ticket.

One Identity Manager provides a single platform for enterprise level administration and the governance of users.

Immediately after deployment, we can reap the benefits of One Identity Manager. Based on my previous experience resolving similar tickets, I am confident that users will receive the desired access to roles upon completing the necessary configurations within the manager and observing the job queue.

One Identity Manager's user interface can be confusing due to its multiple UIs. Having worked with ForgeRock Identity Access Management, which has only two UIs for access and identity management, I believe One Identity's interface is significantly more complex and challenging to navigate compared to ForgeRock or other similar tools.

I have been using One Identity Manager for almost eight months.

It lags. Due to configuration issues, the system requires eight to ten GB of RAM, ideally 16 GB, to function properly with One Identity. If the system has eight GB of RAM or less, the tool will experience lag during use, regardless of the task being performed.

I previously used ForgeRock Identity Access Management but have been asked to switch to One Identity Manager for a new project.

Deploying One Identity Manager proved challenging due to the extended time required to install all necessary tools and subsequently gain access. While deployment would be significantly easier with the documentation, the process is lengthy regardless of the system. Additionally, any system hosting the tool must have a minimum configuration of 16 gigabytes of RAM. It takes one day to fully deploy One Identity Manager.

I would rate One Identity Manager six out of ten because of the complicated UI and system configuration lagging issues.

One Identity Manager requires no maintenance; once deployed, it can be used for any required purpose and then closed. However, if deployed on a virtual machine or VMware environment, it must be accessed every one or two years to prevent deletion due to machine expiration.

In terms of the use case, the traditional use case related to IAM is to synchronize the accounts to the user ID.

Most of the time, we connect it to Active Directory, Azure AD, SAP One, and one or two other systems at the first stage of the project. At the next stage, we start to integrate it with other systems.

My company is an integrator and a partner. I am not the final customer. I deliver solutions to our customers. I also have other solutions in my portfolio, but my strength is Identity Management.

One Identity Manager delivers SAP-specialized workflows and business logic.

It provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts.

The user interface is not a big problem nowadays. About 10 years ago, it could have been a problem, but now, it is easy to do proper localization in Portuguese, Brazilian Portuguese, and Spanish. We have multiple language support. Of course, it is not yet 100%.

When it comes to customization, we need to model the business rules for customers. Every customer has different business rules. For a similar use case, you can have different business rules. I split the ability to model that into two categories. There is the ability to do the parameterization, and there is the ability to do customization with coding, which can have some risks.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers.

It also helps to create a privileged governance stance to close the security gap between privileged users and standard users.

One Identity Manager helps consolidate procurement and licensing. One of the valuable use cases that this solution provides is to take care of the licensing for some of the applications.

One Identity Manager helps streamline the following aspects of application governance: a) application access decisions; b) application compliance; and c) application auditing. We can deliver a use case where when a user requests access, the user may receive a warning that the access being requested conflicts with some other access that the user may already have. We can now model the SOD rules to validate a request when it is made. It is very important to be able to use One Identity Manager to do this kind of validation at the time of the request.

One Identity Manager enables application owners or line-of-business managers to make application governance decisions without IT. We can model that kind of personas, participate in the process, and make some decisions in the workflow process.

One Identity Manager helps to achieve an identity-centric Zero Trust model. That is a very strong use case of One Identity Manager. They claim that they are the only vendor that can deliver the Zero Trust model or Zero Trust architecture for identity, but I do not know if they are the only vendor.

One Identity Manager connects SAP accounts to employee identities under governance. The connector from One Identity for SAP is the most powerful one in the market. This connector can touch all the levels of the objects in SAP. It can not only be connected to SAP ERP but also to SAP HANA, GRC, etc. One of the strengths of One Identity Manager is the SAP connector. You can touch a lot of the SAP environment and also have deep granularity.

It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side. There can be more documented templates where you can take a piece of code and deliver a specific use case. I cannot find that in the documentation. Sometimes, you can go to the community, and sometimes, you have to use their support.

If you implement it properly and finetune it, it is very stable.

I have used their Premier Support. It is called PSO. It is very easy to book an appointment. You can use the calendar to find a slot. You can take half an hour or one hour. Once you are connected, the guy knows it is very important. Based on my experience, they were able to provide the resolution and tell me about the button that I needed to hit and what I needed to do. At that time, I asked them why it was not documented, and the answer from the PSO was that for specific matters, they wanted us to contact PSO. 

I prefer not to involve PSO because the prices are huge. We try to avoid it. When I need to involve PSO, it adds value, but it is very expensive. Whenever I involved PSO, I got the answers I needed within the time in which I needed the answers. I would rate them a ten out of ten.

Premier Support has not been an influence in purchasing additional licenses or products from the vendor.

Positive

I never implemented the SaaS model because of the pricing. My experience is for on-prem.

Its implementation is easy for me, but it is very complex for those who are doing it the first time. It is not straightforward. They do provide documentation, but it is not easy. I usually build my documentation and enable my team. After that, it is easy.

For its implementation, one project manager and two more people are required. One is senior, and the other one is of intermediate experience. Sometimes, developers are also required for customization.

We licensed it from a distributor. In Brazil, it is not possible to directly license One Identity. The distributor's name is ADISTEC. We did not take their help with implementation. We implemented it ourselves. They help me with other solutions but not with One Identity because it is very specific. In Brazil specifically, I do not have resources to help me with implementation. Quest in Brazil has a structure only for commercials. They do help with presale but for implementation, I do not have any kind of help. I usually take the help of the YouTube channel, the official documentation, and the community. We are pretty much doing everything ourselves.

The maintenance usually involves changing the logic, roles, or workflows. After the sign-off for the implementation, I also provide sustainability services where I take care of any problems and also contact the vendor. I also help with the environment and sometimes help implement a new connector if it is easy to implement or is a native connector from an API, for instance. I take care of the sustaining phase issues where we are not installing everything again. We are doing a little bit of parameterization. These services are helpful for revenue and important for our business.

Its price is okay. 

Overall, I would rate One Identity Manager an eight out of ten.

I implement One Identity for multiple use cases, including identity management, access assignment, and workflow automation. I also use it to migrate workloads from the admins to the business owners of the resources that are available in the IT shop.

One Identity increases security and decreases the provisioning time. Provisioning can be completed in a few minutes instead of days. That's a huge difference. It improves governance because you can deal with a problem account much quicker. You can fine-tune the roles to an employee's position in the company. You can give them the exact permissions they need and nothing more.  

It delivers a simple solution for assigning the correct permissions to the right person. One Identity helps us develop an identity-centric zero-trust model. The solution gives us one centralized entity for all the accounts in the connected systems, such as Active Directory accounts, email accounts, application accounts, SAP application accounts, etc. 

One Identity is simple to implement. About 90 percent of the implementation is configuration rather than scripting and creating the connectors. It's quite easy to customize the solution. 

There are too many different user interfaces. For example, one is the designer and another is the manager. There's also a web interface and an object browser. It would be helpful to consolidate all of those into a single administrator portal. 

I have used One Identity Manager for 10.

One Identity is a stable product.

One Identity is scalable. We deploy the solution for businesses of all sizes.

I rate One Identity support nine out of 10. Most of our customers use One Identity's premier support. The main advantage is that they offer 24/7 service, so you can call them on Sunday evening if you need help. 

I previously used SailPoint and OpenText.

Deploying One Identity is straightforward and only takes a couple of days. After installation, you have to onboard the servers, databases, Windows operating systems, etc. The number of people needed during the deployment varies, depending on the size of the project. It is typically deployed at two or three locations. 

One Identity requires some daily maintenance to ensure that everything is working fine. We need to review the logs and extend the functionality for the customer. Sometimes, the client needs to make changes like connecting a new hub system connected, adding applications, changing the workflow, etc. 

One Identity's pricing is similar to that of other products. It might be a little more expensive, but you save time and implementation costs. It's cheaper to implement One Identity compared to Sailpoint and other solutions.

I rate One Identity Manager 10 out of 10. I recommend doing a proof of concept before implementing the solution.