One Identity Manager Reviews

My main use case for One Identity Manager is role management, automated onboarding, and off-boarding processes, which helps centralize user identity management.

When a user employee joins the organization, One Identity Manager helps automate the onboarding process by creating user accounts with automated user provisioning, managing role-based access, and reviewing permissions for managing user identities.

One additional aspect I appreciate about One Identity Manager is how it centralizes identity access management across different systems and simplifies compliance and audit activities by maintaining proper visibility.

One Identity Manager has positively impacted our organization by improving identity governance and automating user lifecycle management, along with enhancing security and compliance by providing better visibility into user access and role-based permissions.

The platform has improved visibility into user permissions and helped mitigate user access-related security risks by enforcing role-based access control and automated governance processes.

The best features One Identity Manager offers include role-based access control and access governance, strong integration with Active Directory, cloud, and enterprise applications, self-service access requests and approval workflows, risk analysis, and policy-based access control.

The self-service access request and approval workflows help my team day-to-day by identifying unusual user behavior through the identity threat detection feature, which reduces manual effort, improves monitoring, and helps maintain better security and compliance across the environment.

The AI-assisted reporting and identity threat detection feature in One Identity Manager helps simplify daily security and compliance tasks, and I wish there were more advanced features available.

I believe report customization and dashboard usability could be improved in One Identity Manager.

It would be helpful to have more simplified automation templates and faster synchronization for very large environments in future versions of One Identity Manager.

I have been using One Identity Manager since last year.

One Identity Manager is stable.

One Identity Manager is highly scalable and works well for medium and large enterprises; it supports hybrid environments and cloud integration, with a standout ability to manage complex onboarding.

The customer support for One Identity Manager is good.

I did not previously use a different solution before One Identity Manager.

My experience with pricing, setup costs, and licensing for One Identity Manager has been generally positive; the initial licensing is flexible and usually depends on the number of user-managed identities and the modules or features being used.

From a security perspective, automated governance and role-based access control in One Identity Manager help reduce the risks of unauthorized access and orphan accounts, indicating a positive return on investment.

Before choosing One Identity Manager, I did not evaluate other options.

I would advise organizations considering One Identity Manager to first clearly understand their identity governance requirements, as well as their onboarding and off-boarding processes. I rate this product a 9.

My main use case for One Identity Manager is company-wide identity and access management and administration. I use One Identity Manager for company-wide identity and access management by implementing data-based automated creation of user accounts and access management.

From my point of view, the best features that One Identity Manager offers are its synchronization in the web portal. I find the standard connectors particularly helpful in the synchronization in the web portal.

One Identity Manager has positively impacted my company by minimizing manual effort. The minimization of manual effort has specifically affected my team by providing time savings, efficiency, and data integrity.

Since it is company-wide, an estimate of how much time my team saves with One Identity Manager is rather difficult, but it definitely has a very large impact.

From my point of view, One Identity Manager could still be improved with a cleanup of legacy. In terms of cleanup of legacy, I would like to see improvements to the form framework, among other things.

I have been using One Identity Manager for four years in the company.

In my experience, One Identity Manager is stable in day-to-day operation, and I would rate it eight out of ten.

I would rate the scalability of One Identity Manager as very high.

The customer service of One Identity Manager is something I would rate six out of ten.

Positive

I have not previously compared or used One Identity Manager with another solution.

Before deciding on One Identity Manager, I evaluated One Identity Active Roles, which was functionally limited to AD administration.

I would not like to add anything else about the features of One Identity Manager. My advice for others who are considering One Identity Manager is to definitely invest in training courses and watch One Identity Manager's YouTube channel online, as the product and this solution are very powerful.

I found this interview to be generally good, but there were some questions where the AI engine got stuck, and I think that could be improved for future conversations. I have rated this review with an overall rating of eight out of ten.

One Identity Manager is a software tool specifically designed to manage and govern employee identities throughout their entire lifecycle within a company. Similar to other governance tools, it ensures employees have the right access to data and applications based on their role, from the moment they are hired until they leave the organization.

One Identity Manager is a centralized platform for managing user access to all enterprise applications. It focuses on governing regular user identities and access permissions, but it does not handle privileged accounts. If we need to manage privileged accounts, we'll need a separate Privileged Access Management solution in addition to One Identity Manager. One Identity Manager can handle all our other identity governance needs, but privileged accounts require a different approach.

Our customization of One Identity Manager has been relatively straightforward so far. This is likely because we took the time to establish a solid architecture upfront. By defining a clear vision and utilizing standard use cases, I believe I played a key role in minimizing the need for extensive product customization. One Identity Manager also appears to scale well to our needs, further reinforcing my satisfaction with our choice.

One Identity Manager's business role feature simplifies access management by reflecting your company's structure. When you move between departments, like from marketing to finance, your access permissions automatically adjust based on your new role. This eliminates the need for manual updates, ensures you have the right access for your job, and streamlines access governance for your organization. Overall, it's a valuable tool for scaling access management across different departments and scenarios.

Many companies use pre-built solutions like SAP for specific needs. One Identity Manager acts as a central hub for managing identities and access across various cloud applications, similar to how companies connect to ServiceNow for service management or Workday for HR. This centralized approach simplifies identity governance for cloud-based applications, making One Identity Manager a valuable tool, though other competing products offer similar functionalities.

Choosing the right tool is crucial, just like picking the appropriate car. A regular car will perform well on city roads, but attempting off-roading with it will lead to breakdowns. Similarly, our company prioritizes on-premise hosting, so One Identity Manager was ideal. As One Identity itself offers on-premise updates alongside cloud features, we won't be reliant on solely cloud-based solutions for new functionalities. This ensures we stay current with identity access management advancements without being pressured to migrate to the cloud, unlike some competitors who prioritize cloud-based updates over on-premise versions. With One Identity Manager, we access all new features, giving our company a significant advantage. Ultimately, success depends on understanding your company's needs and tailoring your chosen tool accordingly.

Having separate test, development, and production environments creates challenges for managing a product. While the product itself can improve efficiency, companies need to invest in installing and maintaining it across all three environments. This can be expensive, especially for less-used environments like testing. However, if the product is installed according to best practices, it can offer significant benefits.

One Identity Manager streamlines procurement and licensing by consolidating identity management within a single platform. This is particularly advantageous because One Identity Manager is part of a broader suite of security products offered by Quest, allowing our organization to benefit from volume discounts and a unified security approach when using multiple Quest products.

One Identity Manager simplifies application governance by managing access decisions, compliance, and auditing. For access control, One Identity Manager determines a user's privileges within an application based on their overall permissions, allowing granular control over what each user can do. This same system facilitates auditing by tracking all access requests and enabling the creation of compliance certifications.

One Identity Manager empowers application owners and line of business managers to handle access governance without relying on IT. However, this requires upfront effort from the company to set up the data structure. For instance, if we don't have a process for assigning application owners, no tool can automatically create that mapping. The tool can only utilize existing data to enforce our desired workflows. This initial data setup might be challenging for our company as it's still under development.

One Identity Manager supports an identity-centric zero trust model, which assumes no inherent trust and relies on verification for every access attempt. This means every action must be audited and approved, requiring a well-structured data model. To fully utilize One Identity Manager's capabilities for identity governance, our organization will need a data engineer who can create this optimal data structure.

One Identity Manager stands out because it offers a wide range of features without requiring complex installation or ongoing maintenance. While many identity governance products necessitate external integration specialists, One Identity Manager's user-friendly interface allows internal staff with some IAM knowledge to manage it effectively after hands-on training. This is particularly beneficial because the product's pre-built lifecycle features, the core functionality of any identity governance tool, are comprehensive enough to address the needs of most companies, including larger organizations, without extensive customization.

One Identity Manager's usability could be better. While user experience isn't a top priority for enterprise applications unlike customer-facing ones where ease of use is crucial, there's still room for improvement within the industry standard. One Identity Manager is on par with competitors like SailPoint and Omada, but overall, enterprise applications tend to prioritize functionality over a sleek user experience.

One key area for improvement is implementing continuous integration and deployment. CI/CD automates deployment across environments, streamlining the process and reducing the manual effort currently required. This would move the company away from a slower, waterfall-style deployment process and improve overall efficiency.

The user interface for submitting IT requests could be more user-friendly. While there have been improvements to the look and feel since we purchased One Identity Manager, there's still room for a more customer-driven experience on the end-user portal.

I have been using One Identity Manager for two years.

One Identity Manager has been stable with no downtime experienced. While the current user and transaction load is low, the system has significant capacity for increased volume and hasn't undergone any formal performance testing. However, based on real-world production use, One Identity Manager appears to be functioning well.

We have premier technical support through the partner. We were not intelligent enough to envision this could be a problem in the future. Luckily, we have expertise in identity access management in-house. Otherwise, it would have been a problem if we didn't have local expertise internally and we bought something that we didn't know how to use and our partner wasn't efficient. 

Our company is currently undergoing a split into two separate entities. Due to this unique situation, we haven't fully transitioned to a single solution. Our original company continues to utilize Omada Identity Governance, while the newly formed company will be implementing One Identity Manager. This transition process reflects the upcoming separation into two independent companies, requiring us to adapt our systems accordingly.

Our initial on-premises deployment of One Identity Manager was straightforward because we handled the two-tier installation ourselves. However, for the cloud version, there's no installation needed since it's pre-configured as a Software-as-a-service offering. Regardless of the deployment method, the most crucial tier is the database, which needs robust security as it stores sensitive information. Both Windows and Linux installations are supported, though Windows is generally preferred.

The actual deployment process can be completed in as little as half an hour, but that's only if all the preparatory work, like opening network ports, is done beforehand. In the worst-case scenario, where you need to do all the setup from scratch, the entire deployment could take half a day.

The implementation was completed in-house with the help of an external system integrator and a consultant from One Identity.

To an extent, we have seen a return on investment.

One Identity Manager's pricing is competitive and in line with what other companies offer. While we may have received a different pricing model due to the multiple Quest products we purchased compared to only One Identity Manager, the overall cost is considered average.

We bought the One Identity Manager license from a partner, but they weren't able to assist with implementation because they lacked experience with the product and even tried to steer us toward a different solution.

One Identity Manager stands out for its on-premise deployment option, allowing full internal hosting, unlike most competitors who push cloud-based SaaS solutions. While cloud offers convenience, our critical infrastructure necessitates on-premise control. One Identity Manager also delivers feature parity between cloud and on-premise versions, avoiding the typical delay where new features go to the cloud first. This flexibility caters to companies with strict security requirements or those who prefer a full cloud migration, making it a truly adaptable solution. The potential downside lies in its architecture, where heavy reliance on a single database creates a single point of failure. However, other drawbacks are yet to be discovered through further use.

I would rate One Identity Manager seven out of ten.

We don't use SAP connectors. One Identity Manager's SAP connector isn't unique; it allows connection to SAP systems like many other identity management products. While it simplifies SAP user provisioning within a centralized system, this functionality is common among competitor offerings.

There's a key distinction between privileged and normal business users. While some privileged use cases can be created, an identity governance tool like One Identity Manager, Omada, Okta, SailPoint, or Aviant alone won't handle them all. These tools focus on general identity management, and for comprehensive privileged access management, we need a dedicated privileged identity manager or privileged access manager alongside them.

Due to the partner's lack of experience with the solution, we received no training or post-implementation support. This highlights a challenge faced by organizations in Denmark, a small country with limited options, particularly in the area of identity access management.

Our One Identity Manager partner hasn't provided the value we expected. While choosing them may have been limited due to licensing restrictions, the consultants they sent weren't helpful enough. It seems our experience might have been better with a different product or a more capable partner for the specific solution we implemented.

Our company has a workforce of approximately 5,000 employees and utilizes roughly 1,000 applications, though not all are fully onboarded. This number is respectable considering the size of our country.

When choosing an identity access management solution, there's no one-size-fits-all answer. It's crucial to understand your specific needs first. Consider factors like your current IAM maturity e.g., do you need privileged access management yet?, scalability requirements, deployment options cloud vs. on-premise, and partner support. Don't be swayed by what others use; focus on what works for your business and regulations. One Identity Manager can be a good option for mid-to-large companies lacking internal IAM expertise, though it may have fewer partner integrators compared to competitors like SailPoint. However, it can be a more cost-effective choice.

My main use case for One Identity Manager is to manage the lifecycle of all people, including internal, external, business partners, and external personnel. We are currently in further development and are connecting several applications automatically to One Identity Manager, which is our main use case.

The best features that One Identity Manager offers include relatively no limitations when it comes to connecting, and if there is ever no API interface, you can create one yourself and write it in.

By using my own solutions such as scripts or email integrations, I can give an example of how I use this flexibility in everyday work. Currently, for an application called Fluency Direct, a custom PowerShell script was created for the automatic creation and setup of users and assignment of groups within Fluency Direct.

One Identity Manager has positively impacted my company through cost reduction and less effort in the individual departments for the technicians who used to manually create users in Active Directory, which now all happens automatically.

One Identity Manager could be improved by better prioritizing and processing bugs when tickets are submitted.

I have been using One Identity Manager for just under three years, as we set up the system almost three years ago.

One Identity Manager is stable in operation.

My experience with the scalability of One Identity Manager has been good.

One Identity Manager's customer support could be a bit faster, but otherwise it is acceptable.

Positive

I did not use another solution before One Identity Manager. I have only been working here for three years, and One Identity Manager has existed since I have been here.

Before deciding on One Identity Manager, I did not evaluate other solutions. One Identity Manager was already in place when I arrived and was then newly set up by us.

I would rate One Identity Manager an eight on a scale of one to ten. I chose an eight because it is very good, but there is still potential in small areas such as the usability itself for the admin within the interface. I find that everything is still not quite clear enough, especially with one or two things in Manager and Designer. You do not always quickly know where you have to click when you are looking for something, and you sometimes search a bit longer.

My advice to others who are considering One Identity Manager for themselves is to definitely hire people who have the skills and can quickly get to grips with an application that is relatively complex. My overall rating for this product is eight out of ten.

We use One Identity Manager for workforce identity and access management. We have implemented basic controls like joiner, mover, and leaver processes for our employees. 

We are integrating our most critical and important business systems and applications into it, handling the access management to those systems using One Identity Manager. 

I like the solution since it is very flexible, and I can basically do everything that I like and need with it. 

I appreciate its automation capabilities a lot. Through automation, we have been able to reduce the number of service requests and tickets to our vendor. We have also managed to reduce the cost quite drastically in that sense. 

Additionally, by automating the access reviews, we have saved considerable time for our business leaders, even talking about several full-time equivalent savings concerning access review automation.

It works well at an enterprise level. We use it as a centralized platform for the whole identity.

It is a flexible system and we can customize it the way we want.

We use the business roles to map company structure for dynamic application provisioning. This is a very important aspect of the solution. 

We use the solution to extend governance to cloud apps and this is very useful for us.

Through automation, we have been able to reduce the number of service requests and service tickets towards our vendor, and we have been able to reduce the cost quite drastically. By automating access reviews, we've been able to save quite a lot of time - up to several FTEs. When we launched the system, we had quite a wide scope and saw results immediately. 

The solution helps us achieve an identity-centric zero-trust model. As you are getting your identity only through a centralized system and also getting all the accesses attached to that identity and all the accounts attached to that identity through one system, then it is possible. We also handle access to any system through that one solution. When we do that, we have a full picture of the identities and what kind of accounts and entitlements they have. Having the full picture and having the governance of the whole entity when it comes to access management allows security to be tight. Also, the controls that we have in place then, for example, joiner, mover, leaver, that helps in maintaining that zero trust principle.

In regards to the front end, the portal that is offered to our users needs improvement. There is room for improvement on that side, particularly in user experience. It is not as intuitive as I would like. If there is something to improve in One Identity Manager, it is the end-user experience. 

The database structure is quite complicated. I don't know if it can be improved or if it can. It will probably be a long journey. The most important thing is to think of our customers, and then the user interface is the part of the system that needs some improvement.

We can customize it, however, we need skilled resources to do so. There aren't as many skilled people in the market.

We launched it in October 2023. However, we started implementing it in 2021.

We rely on vendor support, and I would rate it as ten. We mainly receive support through their partner. 

Positive

We did quite a large comparison when we chose this system, and I see that there are systems in the market which offer the same functionality. However, there are also a lot of systems that are more restricted in the functionality they offer. There are maybe a couple as large and with as many capabilities as One Identity Manager. One Identity Manager is one of the top systems in terms of capability offering. That's the reason why we chose it for our company's purpose.

Our experience was complex, however, it was not due to the system. It was due to the wrongly chosen partner who didn't have the needed skills to implement it properly. 

It also depends on the scope of what needs or is wanted to be implemented as the minimum viable product. I wouldn't say that it's complex, however, maybe not easy either, so maybe something in between.

We implemented via a partner. They are the ones doing the customization if we do any currently. Our partner organized the training, however, the training was given by One Identity itself.

We have been reducing costs and saving several full-time equivalents by using automation.

I would rate the solution overall as eight out of ten based on the bad user interface.

I use One Identity Manager for RBAC in my current project. We do provisioning and de-provisioning. After running certification campaigns, it automatically aggregates. I also onboard several applications in One Identity Manager. We also use it for audits, recordings, and activities like entitlements or policies with segregation of duties.

We use out-of-the-box connectors for SAP to automate account provisioning and de-provisioning and ensure the right access based on roles and responsibilities. For access governance, we also handle detecting and resolving conflicts. It reduces administrative overhead related to provisioning, de-provisioning, and role authorizations. When it comes to password synchronization with SAP systems, it ensures a smooth user experience. For disconnected SAP accounts, it helps to align the business processes and data flows. We have centralized dashboards providing a holistic view of identities, roles, and privileged access.

We also have Active Directory, Azure AD, and other enterprise applications. It serves as a single source of truth to ensure roles and privileges align with organizational policies. We can view policies and conflicts and also have custom rules.

It provides centralized administration through a single pane of glass. We can manage users' roles and entitlements, identity lifecycle management, and access review management. We can connect both on-premises and cloud systems, ensuring centralized provisioning. With automation for tasks like provisioning and password resets, we can efficiently manage a large user base in complex organization structures.

The analytics provide real-time insights into access, policy violations, and system health. We can also identify potential risks or inefficiencies.

One Identity Manager provides pre-built connectors, requiring minimal effort for standard user cases and workflows. All the common attributes are preconfigured. However, for customized and more complex use cases involving dynamic rules or unique compliance requirements, we need to use PowerShell scripts or APIs.

Business roles help map company structures for dynamic application provisioning. There are predefined templates for common business roles. It supports hierarchical roles and dynamic assignments. The drop-and-drag interface simplifies role creation and assignments and policy integrations. For example, when a new employee joins the finance department, the system dynamically assigns the required role containing the required access and privileges.

It has pre-built connectors for popular cloud apps such as Azure AD. It helps with policy enforcement for implementing RBAC and ABAC for governance across cloud and on-premises systems. We can automate access reviews and certifications for cloud applications ensuring ongoing compliance. We can also dynamically assign and revoke access to cloud apps based on the lifecycle events, such as onboarding, promotion, or termination. It supports monitoring user activities within the cloud apps, providing detailed audit logs and reports for compliance. It also helps with user access requests via self-service portals with automated approval workflows for cloud apps like Salesforce.

It helps with better license management and reduces over-provisioning. We can also track user licenses for cost-saving opportunities, audit reports for compliance, and vendor agreements. We can also create business rules to automatically revoke licenses with a role change. When it comes to the cloud application platform, it synchronizes license date and usage.

Its benefits were seen immediately after the deployment.

One Identity Manager offers identity-centric security, acting as a single source of truth by centralizing identity data for users, devices, and applications. It supports role-based access control and automatically assigns and reworks roles to minimize privileges. 

The solution integrates multi-factor authentication, enforcing stronger measures and requiring identity verification for accessing critical resources. It continuously monitors user behavior in real-time, triggering automated responses, and manages secure access for both on-premises and cloud applications using protocols such as SAML.

Additionally, it facilitates RBAC, provisioning and de-provisioning, certification campaigns, onboarding various applications, audits, and reporting with segregation of duties.

It can have a clearer navigation map of the user interface and user provisioning. The documentation lacks step-by-step details on common tasks like creating roles, running action reviews, and version control. Enhancements could also be made to feedback mechanisms. In development, understanding workflows and integrating ORDM skills with SAP could be improved.

I have been using One Identity Manager for approximately two to three years. I previously worked with an organization in India, where I utilized One Identity Manager. Currently, in my project in the US, I am working in the retail domain, and I am using One Identity Manager here as well.

I have worked a lot with SailPoint, so its deployment was easy for me. The deployment duration varies from project to project.

In terms of maintenance, it sometimes requires updates.

Pricing depends on licensing models, such as per-user licensing and feature-based pricing. Additional models like governance, provisioning, and reporting increase costs. Cloud or on-premises models follow different pricing approaches. On-premises might incur higher costs.

The cost also depends on integration systems like Active Directory, SAP, and custom connector requirements. Scalability influences costs, with larger organizations potentially benefiting from cloud setups. Cloud setups might be more cost-efficient compared to on-premises solutions.

I would rate One Identity Manager a seven out of ten.

The time needed to see the benefits depends on how you roll it out. You have two or three primary areas where you see the benefits. One is from the operations and process perspective. If you automate the processes, you can make a mess because the system creates the identity from the HR system and provisions it for all the target systems, like Active Directory. 

This is one area where your processes will be more mature because they're all automated. Another area is governance because you collect all the data from different systems into one system. Manager lets you start to govern the data when it comes to entitlements.

Identity Manager helps you minimize gaps in governance coverage among test, dev, and production servers. It depends on your setup, but if you have it configured correctly, it will help. 

We can close the security gap between privileged users and the standard users. However, it depends on how you define privileged users because this might be might have different meanings. From a business perspective, you have users who are business-critical. You can set up these compliance rules to control this and have additional checks if required. 

A typical use case is setting up privileged users twice a year or a recertification campaign compared to standard users. The other point of view you need to consider is the typical admin accounts with critical entitlements and permissions to applications that have significant positive or negative impacts on the organization.

It streamlines application decisions, improving application compliance. That's what makes One Identity strong. It's like an octopus with lots of connections to your environment and applications. You get the old data and create your rule set and governance based on that. At the end of the day, these applications or entitlements are under the control of your rule set.

One Identity streamlines application auditing. If the application is under Active Directory, you have security groups where the permissions are managed in the application. It's easy because you have a standard connector, which means all the application permissions are automatically managed and controlled in One Identity Manager. 

On the other hand, if you have an application with its own user and application governance, you must integrate this with an appropriate API integration. If this isn't possible, you need a ticketing system in between with a manual process. You are good if your process aligns with your governance and audit.

One Identity has the biggest out-of-the-box functionality set. I've worked with other platforms like SAP that have a lot of features, but One Identity Manager is on top. 

One Identity provides an enterprise view of the more logically disconnected SAP accounts. It has the strongest SAP connector on the market and it can fully replace SAP centralized administration. It connects SAP accounts to employee identities under governance. One Identity is the only solution that offers IGA for the harder-to-manage aspects of SAP on a deep level. 

It has out-of-the-box SAP workflows and allows you to customize workflows, but you need an SAP specialist to handle these customizations. One Identity provides a comprehensive perspective for governing identity and access processes, reports, compliance stuff, etc. 

One of the biggest challenges organizations have is setting up borders with other processes and enterprise applications like ServiceNow. You could handle these processes, but it would make no sense. A typical example for better understanding is the joiner-mover-lever process of an employee and the topic of hardware where an employee gets their notebook, mobile phone, etc. These are something you would not challenge in a solution like One Identity. 

It can be easy to customize depending on the integrator's expertise. It has many out-of-the-box functionalities, but it also provides full flexibility to customize it. You can do it the right way or the wrong way, and this depends strongly on the integrator's knowledge and expertise. You can build on out-of-the-box elements or code everything from scratch, but this is not recommended.

One Identity's business roles are one of the most critical features. They enable you to reflect the entire entitlement structure up to the manager abstraction layer. For example, you can form a role for marketing and assign access to everything people in the marketing department need to do their work, including all the entitlements on the Active Directory and Azure levels. 

You can also assign a role to the IT shop, so people can request roles through the UI that are automatically assigned by the marketing team. Without these role functionalities, people would need to know the exact entitlement they need to have for the work, or someone from the service desk needs to know which entitlements are required. 

That adds additional pitfalls when you are not using roles properly. People can choose the path with fewer obstacles. They can find the people in the marketing department and copy-paste the entitlement, which might be a way but not the correct way when it comes to audits and revisions.

We have started extending governance to cloud applications in the past two or three years. It has challenges because it strongly depends on the cloud applications and especially on the API end endpoint. The connection is done technically on the API level, so you are strongly dependent on the restrictions of the API.

The migration from one version to another requires a huge amount of effort. The user interface could be modernized. The old one is outdated and will be completely deprecated next year. 

I have worked on One Identity Manager for nine years as a consultant. I am the person companies call when they need someone to introduce and integrate it with their enterprise. 

One Identity is a mature, stable system. Issues can happen, but it's generally stable. 

There are two points that affect performance. One is the power of the database system because the application is strongly database-focused. Adding memory and processing speed on the data base level has a huge impact. These are mostly virtualized, so that's typically quite easy. 

The second level is on the back end where you have so-called drop servers. If you don't have enough, you can install new ones, add them to the queue, and you are good. 

One Identity support has a lot of room for improvement. I work with support for my clients identifying bugs and issues, and the quality has gone down considerably in recent years. The premium support is somewhat better.

If you get a good support engineer and the issue is obvious, I would rate One Identity support eight out of 10. If you get a new technician dealing with a sophisticated problem, I would rate their support two out of 10. For a mixture, I would say a five out of 10.

Neutral

My company has worked with all the big players in this field, including SailPoint, Omada, and Saviynt, so I have some knowledge of these products. 

One Identity is one of the best products on the market, but it might be too overloaded compared to some of the others. Some smaller organizations may not need a full-stack solution. A lighter or cloud-based solution would be a better fit for them.

We integrate One Identity for other companies, so we have it deployed on a test environment to demo it. Europe is more on-prem, whereas companies prefer deploying to the cloud in the United States. If you have the prerequisites ready, you can deploy it in one day. The only maintenance involved is updating the solution. 

I'm not involved in procurement.  One Identity isn't the most expensive, but it's not the cheapest. It depends on what the clients need. 

I rate One Identity Manager eight out of 10. 

We are currently using One Identity Manager for identity management, but not for access management. I have extensive experience with One Identity through previous work with large insurance and utility clients, both of which heavily utilized the platform for identity and governance.

One Identity Manager connects SAP accounts to employee identities under a governance framework. Many companies utilize SAP SuccessFactors for HR and customer management, including onboarding contractors. Since the HR data originates from SAP, seamless integration with the chosen product is crucial for efficient operations.

One Identity Manager delivers the subspecialized workflows and business logic.

In both of my organizations, One Identity Manager was not the primary interface for users. ServiceNow typically served as the front-end portal, while One Identity Manager functioned as the backend engine to fulfill requests. Consequently, primarily managers and administrators interacted with One Identity Manager for testing purposes, and their satisfaction with it was generally positive. Our current organization uses a request-based portal. In contrast, my previous organization employed six versions of One Identity Manager, which has since evolved to nine, indicating significant progress. While earlier versions required extensive customization, the current iteration is more functional.

Our SAP Security team manages several internal roles, each requiring specific access controls. To determine user access based on their position or SAP role, we need a mapping system, which is why we implemented business roles. We also utilize business roles for user onboarding lifecycle management. However, some applications remain disconnected and reliant on AD groups, necessitating additional rules for access control. The functionality of the business role is crucial for effectively managing these access requirements.

We use One Identity Manager to extend governance to cloud applications like ServiceNow. This is achieved through Starling Connect, a One Identity product that allows us to deploy connectors. While we can use generic connectors and APIs for connectivity, Starling offers pre-built connectors for specific platforms, such as SuccessFactors and ServiceNow, simplifying the onboarding process for these cloud applications. We leverage this capability to streamline our governance efforts.

Some of the benefits we have seen from One Identity Manager include its ability to streamline user lifecycle management and the use of attestation for verification. Additionally, request-based calls from ServiceNow have been significantly improved, providing a seamless user experience.

One Identity Manager helps minimize governance gaps across test, development, and production servers, particularly for Active Directory and SAP. We've developed attestation policies that enable regular verification of all accesses, effectively bridging these gaps.

Creating and managing admin accounts, including managing inactive users and potentially disabling their access, has significantly reduced the AD team's operational workload. Similarly, onboarding applications onto the SAP system has streamlined operations and minimized administrative effort.

One Identity Manager's structure is much cheaper than any other product in the market.

One Identity Manager helps streamline application access decisions, compliance, and auditing.

One Identity Manager helps application owners or line-of-business Managers make application governance decisions without IT. Many reports can be used daily, weekly, and quarterly to manage and validate user access.

Being able to manage access without the need for IT has helped reduce the workload of the Operations team.

The SAP integration is One Identity Manager's most valuable feature. It offers a strong, out-of-the-box integration that is easy to implement, a significant advantage over many other products that often lack this integration component.

While we are not currently using privileged accounts, data governance is a concern. Reports and customization are expensive, and the user interface reflects this complexity. We've encountered issues with the cumbersome user interface and slow performance. Unlike products like SailPoint, we have limited control over customizing performance and the user interface. The tools provided for UI customization are not user-friendly.

The UI customization is tricky. The web interface product that One Identity Manager offers is a bit tricky to use, and no extensive documentation is available on how to do the customization.

Their support is inadequate. Raising a query often results in days-long waits for responses. Even when tickets are acknowledged, cases progress slowly toward resolution. Overall, the product lacks sufficient support.

While generic connectors exist, some specialized connectors require additional capabilities. Simplifying the connector process would be a valuable improvement.

I have been using One Identity Manager for five years.

One Identity Manager remains stable as long as the environment doesn't change.

One Identity Manager is scalable by increasing the capacity of the servers. 

The technical support response time is lacking. It can take days to hear back from them.

Neutral

I've worked with IBM Tivoli, SailPoint, and RSA Aveksa.

The optimal identity manager depends entirely on a company's specific requirements. If a company primarily utilizes SAP and Active Directory, One Identity is suitable and easy to implement. However, for extensive customization, a product like IBM or SailPoint might be preferable due to their flexibility and ability to create a completely custom user interface. These platforms also excel in complex workflows, such as those found in banking, and offer robust CI/CD integration through Java scripting. In contrast, One Identity's change label system falls short of modern development practices, making it less appealing for organizations that prioritize agile methodologies.

The initial deployment is straightforward.

One Identity Manager requires a primary database to store all information. A secondary, optional history database can be used for archiving data to manage database size. We can combine the web server and job server functions on a single server, or use separate servers for each.

Provided all necessary requirements are met, a deployment can be completed within two days. While one person suffices for moderate deployments, larger or more complex projects necessitate a team of two or three individuals.

We have seen a return on investment.

One Identity Manager's pricing is reasonable.

I would rate One Identity Manager seven out of ten.

When we upgrade to the latest version, it includes three years of support.

We currently have 4,000 users and 20 applications that utilize One Identity Manager. We also have one team that manages it.

One Identity Manager is a suitable choice for simple implementations, but if your customizations are extensive, consider other solutions. Additionally, if your environment is not heavily reliant on SAP or Active Directory, or if you have Linux-based servers, carefully evaluate the feasibility of implementing One Identity Manager.