One Identity Manager needs better documentation and more examples, especially for beginners, as it has a steep learning curve. They have rich forum but it often contain outdated information that could be improved for better guidance. If something is not working, we need to easily find out if it is a product defect.
Vice President, Infrastructure Security Technologies at a financial services firm with 5,001-10,000 employees
Real User
Top 10
2024-10-11T15:45:00Z
Oct 11, 2024
The client application should transition to a web-based interface to improve administration flexibility. Improvements are also needed in the analytics, peer comparison, and recommendation features, as these areas were added later and require more development. More flexibility in the portal is needed for multi-tenant environments.
Solution Engineer at a consultancy with 501-1,000 employees
Reseller
Top 20
2024-08-26T18:15:00Z
Aug 26, 2024
The user interface design could be improved, especially during checkout and navigation. The web portal, for instance, can be confusing at times, with buttons and steps not always clearly defined. This can hinder efficient task completion. The portal should include quick guides to assist users, as the descriptions can sometimes be challenging to understand. I used several cases to ensure consistent governance across test, development, and production servers. While this approach is common with transports and other tools, it's less familiar in One Identity Manager. I found the One Identity Designer more suitable for this task. Therefore, One Identity Manager is not optimal for achieving this goal.
I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer.
Senior Risk Manager at a insurance company with 10,001+ employees
Real User
Top 20
2024-08-07T15:26:00Z
Aug 7, 2024
I would rate the user experience a six out of ten. While we have extensively customized the system, it's unclear whether these modifications directly relate to the One Identity implementation. Regardless, we continue to receive numerous complaints from users who struggle to understand how to request or perform actions within the One Identity Manager portal. The ease of customizing One Identity Manager depends heavily on the user's knowledge of the tool. While customization is straightforward for experienced users, the tool is complex and requires significant expertise. Finding skilled individuals capable of maintaining or developing the system is challenging, particularly in Germany, especially with less than two years of relevant experience. Implementing the business role functionality has proven challenging. While One Identity Manager offers potential solutions, effectively implementing business roles from the company's perspective is incredibly difficult. Unfortunately, One Identity does not provide tools or support to aid in identifying and designing appropriate roles, hindering the process. The usability of the web shop is definitely an issue and could be improved. One Identity Manager could be improved by enhancing connectivity to various cloud platforms, such as GCP, AWS, and Azure, as well as to cloud-based SaaS applications. Upgrading to a new version is consistently challenging and time-consuming. This has been an ongoing issue for years. While necessary to access new features, upgrading requires complete system updates rather than individual modules. Subsequently, identifying and verifying changes in the new version is incredibly difficult. Our customization process mandates comprehensive testing of all functionalities after each upgrade, resulting in significant labor and time costs, making the overall experience highly burdensome.
One Identity Manager is a comprehensive but complex solution. Even for developers, gaining a deep understanding and implementing customizations would require significant effort. It is a challenging product to both implement and comprehend. The reporting and auditing functionalities within One Identity Manager could be enhanced, particularly in the reporting area, which would benefit from a wider range of pre-built reports.
Works at a comms service provider with 1-10 employees
Real User
Top 20
2024-07-15T13:58:00Z
Jul 15, 2024
One Identity's UI is fine once you get used to it, but it's a little harder to learn than its competitors. The font size is too small. You need bigger screens to host that application. The website and portal are fine, but the manager, designer, and other standalone applications used for management or configuration are too difficult to use. The UI should be easier to use, and they should reduce the number of standalone applications to three or four. Customization is somewhat difficult in One Identity Manager. The problem is they're using VB.NET, which no one uses. There are no resources because One Identity isn't available on YouTube or any coaching institutes. I also find it difficult to add resources to the business roles because we have to use many options in One Manager for that. We have to add it to the IT shop so that the users can submit requests through the web portal, and we must generate that IT shop structure to add resources to the business. There is a lot of complexity in that.
Solutions architect at a tech services company with 51-200 employees
Real User
Top 20
2024-06-07T09:25:00Z
Jun 7, 2024
The interface could be more customizable and developer-friendly. There's a different tool for everything in Identity Manager, so it would help if they could consolidate everything into one or two tools. A developer needs to use three or four tools to do various things, so we need to log in to multiple tools when we make changes. It's a pain if we want to do something quickly, and it's harder for new developers because they have to remember which tool they need for a task. It would shorten the learning curve. I've worked with two versions of One Identity. The earlier version was heavy on customization. We had mastered that because we were doing customizations. We knew how to change things and had our own SOPs, documentation, etc. In the last year, One Identity changed its UI. That involved a lot of code that is invisible to us, minimizing the amount of customizations we can do. To do some minimal customization, we had to try different things and almost break our dev environment. Once, we had to reset it using the backup because it was not coming up because of all the changes we did. Also, there is no clear documentation According to feedback from my users, the user experience is more of a mixed bag. Many of my users had problems with the password reset portal. It asks for a CAPTCHA code before they can log in. It's a standard feature, but how the CAPTCHA is displayed isn't user-friendly. People did not like it. We tried to customize and change that as well but had limited options. Aside from that, the normal UI is good, and we have not had much pushback. While the export and import feature is handy for minimizing gaps in governance coverage, we still need to use separate products like GitHub and other similar tools to maintain consistency between environments. There is nothing built-in to help us maintain configurations across environments. If they come up with something where I can quickly compare both my environments and see the differences, that'll be great. Identity Manager is good at managing identities, but I don't think it suits privileged accounts. IAM is split into three subdomains: IGA, access management, and PAM. One Identity is sufficient for IGA but cannot handle the others. The compliance reporting could be improved. One of the key requirements of SOC or any other audit is a snapshot of the system's configuration. The audit requires you to certify that the queries for generating the report have not been changed and that the configuration is the same as it was the day before the audit. We take screenshots with the timestamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity stores the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do.
Co-Owner at a tech services company with 1-10 employees
Real User
Top 20
2024-06-03T14:54:00Z
Jun 3, 2024
One Identity Manager doesn't provide all the user interfaces we need for business users out-of-the-box. This means we need to customize the web portal to display all the information we want to make available to them. The ROM control modeling has room for improvement. The user experience can be more user-friendly. How One Identity Manager deals with disconnected systems needs improvement.
One Identity Manager's usability could be better. While user experience isn't a top priority for enterprise applications unlike customer-facing ones where ease of use is crucial, there's still room for improvement within the industry standard. One Identity Manager is on par with competitors like SailPoint and Omada, but overall, enterprise applications tend to prioritize functionality over a sleek user experience. One key area for improvement is implementing continuous integration and deployment. CI/CD automates deployment across environments, streamlining the process and reducing the manual effort currently required. This would move the company away from a slower, waterfall-style deployment process and improve overall efficiency. The user interface for submitting IT requests could be more user-friendly. While there have been improvements to the look and feel since we purchased One Identity Manager, there's still room for a more customer-driven experience on the end-user portal.
Transitioning from legacy technologies, like for a seasoned web designer moving to Angular, can be challenging and requires dedicated learning. To ease this shift, One Identity Manager could provide reusable components, similar to other systems, which would streamline the learning process and allow for greater customization.
IT Engineer at a tech services company with 10,001+ employees
Real User
Top 20
2024-05-09T20:35:00Z
May 9, 2024
The identity governance components have some room for improvement, particularly the ability to terminate an employee's ID after leaving the company. Customization can be difficult because One Identity uses specified attributes that we must use.
IT Systems Manager at a insurance company with 1,001-5,000 employees
User
Top 20
2024-04-29T20:04:00Z
Apr 29, 2024
The One Identity system is very modular. The product is similar to an erector set, where you can do the same thing in many ways. While this is great, it also can allow you to set yourself up for failure later. The product does require some level of developer skills, so having the ability to make system changes without being a developer would be a plus. A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly. It would be helpful to have a tool to more easily find common groups across departments or teams so more groups could be managed in an automated fashion.
One area where One Identity Manager could be improved is in database performance. When handling a large number of users, I believe that built-in indexing or other optimizations would be beneficial. This would reduce performance-related resource needs in a production environment. Additionally, it would be helpful to have more visibility into job aspects within the tool itself. Information like the number of jobs in the Data Designer, along with date logs, would allow us to directly manage and terminate jobs as needed. This would lessen our dependence on the database team. I believe that these improvements would streamline operations. There are a few aspects of One Identity Manager's user experience that could be improved. Users sometimes find it confusing to navigate and understand how to use the tool effectively. As a result, customizing the front-end interface could be beneficial. For example, currently, users need to check multiple reports to gather complete information, which can be time-consuming and frustrating. Implementing a way to streamline this process, such as displaying relevant details directly within the application, could enhance user experience. Additionally, the current system requires manual creation of service catalogs for each application. It would be beneficial to implement pre-configured, out-of-the-box options for common applications like ServiceNow. This would save time and effort for administrators and improve the overall user experience. While I'm comfortable making back-end customizations, I find front-end customization to be challenging. It would be convenient if One Identity Manager offered a feature that allows bulk deployment and monitoring with a single click.
CEO, Executive Advisor (CyberSecurity IAM) at 8x8 Cybertech
Reseller
Top 10
2024-01-16T15:30:00Z
Jan 16, 2024
It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side. There can be more documented templates where you can take a piece of code and deliver a specific use case. I cannot find that in the documentation. Sometimes, you can go to the community, and sometimes, you have to use their support.
Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work. This is the only thing. There are some gaps in that, but One Identity is trying to bridge those gaps.
I would like them to enhance the search functionality to enable faster processing when looking for objects. Ideally, the system should automatically identify relevant entries and promptly present the results, eliminating the need for users to input search criteria each time they look for specific objects.
Technical Consultant at a tech services company with 51-200 employees
Consultant
Top 20
2024-01-05T10:55:00Z
Jan 5, 2024
In terms of improvement, the web portal for end-users in One Identity Manager has improved but could still see enhancements. The training for admins is crucial, and once you gather the knowledge, it becomes fairly easy. However, documentation could be better, especially for new features. It currently doesn't cover everything comprehensively, making it challenging to navigate some aspects. Improvements in documentation would be beneficial.
IT Engineer at a manufacturing company with 11-50 employees
Real User
Top 20
2023-12-18T12:58:00Z
Dec 18, 2023
The interface can be a bit complex for an administrator to manage. I've used it for a long time; however, for a bit, I was confused. They need to work to make it easier to understand more quickly.
The user experience is good, but it can be improved. There are a lot of features in the administration part, and they need better documentation. For example, they need to explain the main reason for a feature, and what the tables are in the database. It needs better documentation about all the features that are in the solution. They have a lot of documentation, not only about the installation processes, but also for the development side. For example, in the new IT shop that is using Angular, there are a lot of functions—more than 1,000—that don't have any information about what they do. The documentation is really important. Also, the documentation for the Data Governance Edition must be improved. In addition, when tasks are running in a tree, there should be an order. For example, if we have five tasks in a tree, we should be able to say this one is first, and the next is number two, then three, four, five. And it's important to have compatibility to use gMSA, group Managed Service Accounts.
Consultant at a tech services company with 11-50 employees
Consultant
Top 20
2023-09-26T10:33:00Z
Sep 26, 2023
Items that can be improved in the solution include pricing, integration, support, and analytics. The update processes for hotfixes need improvement. There are bugs in the system, and even though there are not a lot, there's no information about it until you happen to stumble upon it and then talk to the support, and then the support informs you there has been a hotfix for that for two months. Users need to be informed they exist in advance. Integrations are basically always able to improve. They can always have more standard connectors, more prepaid workflows, more templates, and stuff like that. That said, with the standard rest API and C-sharp and power share connectors you can basically do everything that you need to do even with stuff that is not supported.
One Identity Manager is an incredibly powerful product, but sometimes people need something simpler. The solution should come up with a lighter version so people can buy different versions. I want to see more analytics and not just analytics in terms of reports but actionable analytics.
I have used One Identity Manager for S/4HANA from SAP, and that was a very complex integration. S/4HANA has a very complex permission structure, and you cannot find the segregation of duty. That means you cannot do policy violations and policy checks. One Identity Manager does not provide a very flexible way to do segregation of duty based on the permission structure of S/4HANA. Doing so is beautiful in SailPoint, which has a more robust way of doing it. Also, integration with various applications should be made smoother. It is very difficult right now for regular implementers. Access reviews are another thing that is not that good in the solution. It needs improvement. Entitlement management is another area where I have struggled a lot, wherein you try to manage the access of users to various applications. It is not that smooth in the solution. These last three items need to be improved on a very urgent basis.
IIMB expert at a tech services company with 1,001-5,000 employees
Real User
Top 10
2023-05-25T08:41:00Z
May 25, 2023
One Identity Manager can be made more user-friendly for end users. Out of the box, it can be difficult to navigate through the drop-down menu, especially when it comes to accessing the subcategories.
The performance could be better. I also think One Identity could improve its documentation for developers. Many of One Identity's features aren't fully documented. We don't have enough information on how to use them.
Manager IAM at a computer software company with 11-50 employees
Real User
Top 5
2023-03-21T07:28:00Z
Mar 21, 2023
The tools within One Identity Manager are distributed, meaning there is no unified platform that covers all development, configuration, and installation details. Instead, there are separate tools for each requirement, such as object browser designer, manager tool, synchronization editor, report designer, job queue, and DBQueue. While these tools have built-in functionality, it can be tedious to learn and implement them all. This is in contrast to SharePoint, where all requirements related to role management, workflows, provisioning, and connector configuration can be implemented in one portal. In the case of One Identity Manager, different tools need to be used for each respective requirement. For example, the sync editor is used for connector configuration and related synchronization, while the job queue and DBQueue are used for monitoring jobs. One Identity Manager is currently in the process of modernizing its UI, which I hope will result in a more user-friendly interface for its Identity Manager. However, it is uncertain whether they have plans to consolidate their various tools into a unified system to simplify configuration and tasks. It is important to note that this modernization effort is a long-term goal, given that this solution has been in the industry for over 20 to 30 years. Despite its age, it remains one of the leading solutions in the market and is recognized by Gartner and other similar institutions as a top solution.
System Security Architect at a financial services firm with 10,001+ employees
Real User
Top 10
2022-12-26T20:01:00Z
Dec 26, 2022
The product's GUI could be more user-friendly. One Identity can improve its Password Manager solution for custom requirements. We want to manage different environments, such as test environments, and we want to manage their passwords, but we can't use this solution because their environment does not have its own connector server. I'm not sure if One Identity already has it or not, but there could be a Privilege Identity Management solution from the vaulting side in the One Identity family.
Manufacturing Executive at a manufacturing company with 10,001+ employees
Real User
2022-12-13T10:46:00Z
Dec 13, 2022
One Identity Manager needs to come up with many more out-of-the-box connectors, similar to Workday and ServiceNow. There's a scope for One Identity Manager to improve itself. The reporting feature should be improved similarly to other IGA products. Unlike other solutions, One Identity Manager doesn't have a strong support team. I consider One Identity Manager as a niche solution because we have a demand for it, but we can't find the proper skill set in the market. That is the highest pain point with this solution. Other vendors, such as SailPoint, Saviynt, and even Oracle and IBM, reach out to people to provide materials and make them aware of their products. This leaves One Identity Manager at a disadvantage.
Senior Manager / IAM Evangelist at a tech services company with 201-500 employees
MSP
2022-11-06T16:24:00Z
Nov 6, 2022
End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes. There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.
Senior Specialist at a financial services firm with 1,001-5,000 employees
Real User
2022-08-01T16:45:00Z
Aug 1, 2022
The product must include SaaS in the future. The use of the administrative tools is cumbersome because too many are required for configurations. For example, the solution requires master usage of eight different client tools so it is excessive to manage the product. A small fix or deployment requires opening three or four different client tools that are not intuitive or easy to use. The user experience and interface need additional improvements. Version 8.2 included improvements to the GUI and the inclusion of Angular JS which is better. However, the interface for 8.5 is a bit basic. Mastery of VB.NET is required to develop using the solution. Most developers use Java or .Net and VB.NET kills the vibe. We have to use VB.NET internally when working within the solution and that really needs to be modernized. To be honest, no developer is interested in learning VB.NET because it is a substandard language compared to newer options.
A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement. I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager. Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.
Founder at a marketing services firm with 11-50 employees
Real User
2022-07-31T13:24:00Z
Jul 31, 2022
The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager. What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself.
The solution can be improved from a front-end point of view. It slows the portal down. The tool is too customized in our organization, and we face many challenges with the portal. We were able to make some improvements performance-wise to the portal slowness. It is particularly slow if you are using it in a large organization.
IIMB expert at a tech services company with 1,001-5,000 employees
Real User
Top 10
2022-07-26T06:13:00Z
Jul 26, 2022
Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out. The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager.
IT Architect at a tech services company with 501-1,000 employees
Real User
2022-02-16T13:30:00Z
Feb 16, 2022
The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.
The blessing and curse with One Identity Manager was its flexibility and the ability to solve business problems in a number of ways. We fell into that trap of over-customization which made upgrading the product difficult. An improvement would be to offer guides on how you should set up a base configuration. There should also be integration guides to key systems like Active Directory. In addition to that, we had some slowness with the IT shop when we had significant amounts of data, users, etc., in the system and there were some slow database queries that needed to be optimized and patched. This caused some slowness when running Attestation campaigns.
Director, Global Identity and Access Technologies at a financial services firm with 10,001+ employees
Real User
2020-05-21T06:24:00Z
May 21, 2020
There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking. Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.
Works at a tech services company with 201-500 employees
MSP
2019-10-08T20:52:00Z
Oct 8, 2019
My largest issue with the product is the ability to customize the web portal. There is a tool that allows this to happen but it is difficult to use (except for minor changes like Logo or color scheme or basic edits such as displayed columns on an object. Then to make it worse the documentation is not helpful at all in describing what pieces do or how to use them. Even after training, I would not be confident in attempting any large change to the portal. For certain, this is the area that I think needs the most improvement from the current state.
Senior Manager Global IT Operations at a healthcare company with 10,001+ employees
Real User
2019-05-02T07:06:00Z
May 2, 2019
We are currently on an old system, an old version. We're working on upgrading to the latest version. So when it comes to cloud-IT strategy, for example, at the time we implemented this version it was not yet a consideration. We are now starting to develop this area, and One Identity will play a key role in our cloud strategy. Most of the issues that we are suffering from today will be fixed with the new version. The more we have integrations with other systems, for creation of user accounts for different applications, the simpler the scalability and the usability of the system will be. That's what will make our lives easier. I've seen that in the new version we're going to have connectors related to ServiceNow. That's a huge feature that will be important for us because we're using that system. Salesforce integration, more integration with SAP and with the internet of things would be good. We also have system devices that we could manage as identities, so that would be a feature to add.
Systems Specialist at a financial services firm with 501-1,000 employees
Real User
2019-05-02T07:06:00Z
May 2, 2019
I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.
Technical Support Analyst at a financial services firm with 1,001-5,000 employees
Real User
2019-04-25T11:03:00Z
Apr 25, 2019
My only complaint about this solution is the price, as I think that the cost of the full user license is a little high. A feature that I would like to see is a mobile app that provides users the ability to make changes or add users to the Active Directory on the fly.
Systems Specialist at a financial services firm with 501-1,000 employees
Real User
2019-04-22T09:21:00Z
Apr 22, 2019
This is getting at really detailed functionality, but the system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people. That's an issue for us at the moment. I would like the ability to have different user accounts and to have a flexible way to order things. For example, if you have a domain with a lot of sub-domains, for the end-user it should be easy to order to these other environments. But you would have to have sub-identities. We have tried to create different kinds of solutions for this.
Security Architect, InfoSec Consultant at Confidential ( Sensitive Industry)
Real User
Top 20
2019-04-16T12:54:00Z
Apr 16, 2019
The support documents and data sheets should be made available to the implementation of folks the product website. There's is less documentation available to the public. There should be installer version available than a portable/web-portal which will be more useful during the testing.
I am waiting to see the new API for the web. There are several smaller parts of the tool that have room for improvement. One Identity currently is in the development process of fixing these issues.
I would like some access management features to be added. We have some customers with a small need to do authentication as a service, and there are other solutions on the market which offer this. It is a large solution where you need to learn how to work in a certain way for it to provide the best benefit. On the other hand, it's really a structured way so you should work in a structure way, as it is a compliant to other frameworks.
Product Specialist at a retailer with 10,001+ employees
Real User
2019-04-10T07:57:00Z
Apr 10, 2019
The tool to develop the web portal needs improvement. We are pushing out a cloud strategy, but running this on-premise solution, and do not know what steps to take.
The connectivity to the cloud with the cloud identity need improvement. The whole security story in the area of access management along with the possibility to get access is part of this improvement process. This is the cloud access manager (CAM), and it isn't as it should be, but it's a very good long-term solution. It is important to get the cloud integrated. One Identity is stalling about this in America, and we need it in Europe.
I would like better integration with cloud apps, but I just learned this week that there is already a pretty advanced cloud integration. So, what I would like to see is already implemented, but I just need to start using it. When I first started using it, way before version 7, the manual wasn't comprehensive. The UX design needs improvement, but I have noticed that people are working very hard behind the curtains to make sure that UX is designed in such a way that the end user is going to have a much easier time using the product in future releases. My ideal was a product designed by IT guys with an IT guy mindset, not without realizing thousands of people in an IT portal would be using the product. Therefore, it took my customers many hours to find the correct links to order something from the IT shop, but I know One Identity is working very hard to improve this as well. If they could improve the UX within the Manager tool, this would be another huge upgrade in just lowering the learning curve of how to use the product.
As consultants, it's a very complicated to learn it at first, which makes it hard to find people to work with it. The Synchronization Editor has to become easier to use for us, as technical consultants, because sometimes it's very complicated. If, as a new feature, there would more connectors out of the box in the Synchronization Editor, this would help a lot.
Manager Global Identity & Access Management at a healthcare company with 10,001+ employees
Real User
2019-04-04T06:32:00Z
Apr 4, 2019
Connections with more clouds systems is already planned. The more that we can use One Identity to connect with other systems to manage all the applications accessed throughout One Identity, the better. I would expect to have more connections and setups to other systems. Visually, I would like it to be more user-friendly. Version 8 looks visually like version 6, so this still needs improvement in later versions.
When you see the product for the first time, it seems very complicated, but it's not. To improve the product, it should be made to seem simpler when you see it for the first time.
There are some good things about the policy and role management features, but you can't really use them to their full potential. A lot of customizing that we have to go through to implement new processes and new customized policies could be better. Though, overall, it is great. They need to implement a lot of best practices for this solution.
Solution Designer at a manufacturing company with 10,001+ employees
Real User
2019-04-04T06:32:00Z
Apr 4, 2019
I would like a secondary account approach out-of-the-box, as this would be really useful. Additionally, it would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes.
Service Owner Identity & Access Management at a financial services firm with 10,001+ employees
Real User
2019-04-04T06:32:00Z
Apr 4, 2019
I would like to see a lot more integration with our platforms, more on the connector side. We are still using version 7.1. There are a lot of new features in 8.1, so we will look forward to using that.
Governance Team Lead at a financial services firm with 10,001+ employees
Real User
2019-04-04T06:32:00Z
Apr 4, 2019
The web portal can be a bit muggy at times. This is one of the key complaints from our customers. This is a major issue with version 6, and while version 7 is slightly better, I am hoping this is fixed in version 8.
IAM Specialist at a financial services firm with 1,001-5,000 employees
Real User
2019-04-04T06:32:00Z
Apr 4, 2019
We would like the product to integrate with ServiceNow, since One Identity Manager and ServiceNow are two of our better tools. An integration between these two tools would be better for us.
Lead Technology Manager at a financial services firm with 10,001+ employees
Real User
2019-04-04T06:32:00Z
Apr 4, 2019
Better support for version control and multi-threaded development would be helpful additional features. The support for DevOps could be improved with quick delivery cycles and multiple delivery streams.
Senior System Administrator at a manufacturing company with 10,001+ employees
Real User
2019-04-04T06:32:00Z
Apr 4, 2019
Make logging and debugging easier to find, I never quite know which log to turn on for which use case (just for my tools, for the job service user, etc). Setting up permissions inside the admin tools could be easier, maybe have some roles already created and configurable, like helpdesk needs to view persons, accounts, requests, but not change anything, maybe be able to set delegations etc.
Improve the implementation of additional One Identity Manager’s features. This we are going to focus on after an upgrade to release 8.1 will be finished.
Maybe it is going this way with the angled frame work, but we really want to be able to watch and control things, so we can change things and know what the impact will be. Most importantly for automatic testing and rollouts, we need an easier way of connecting applications and an easier way of onboarding applications. At the moment, the process is very technical. People associate this as a technical and development thing. In the end, onboarding applications should be a business problem, not a development problem. They have take the technical work out of it. That is why we have to completely custom build a framework. Our work is not about connecting 20 or 50 target systems, as we have to connect thousands, which is difficult to do one-by-one. The end user experience needs improvement. One of the things the end users complain most about is the shopping cart, because they are not really on eBay or Amazon buying things. They just need access to business applications. Why do they have to click so many times? We probably have around 20 calls a day because a user hasn't got access, not realizing they haven't completed the shopping cart. So, I would recommend removing the shopping cart.
Senior Product Manager for Identity & Access Management at a non-tech company with 10,001+ employees
Real User
2019-04-04T06:32:00Z
Apr 4, 2019
I would like a more friendly web UI. This is something that they are already starting to work on. Because of our volume, the monitoring of the solution, several job servers, and DBQs has been very time consuming for us. I would also like it to have an easier integration with phones.
IT Business Process Specialist at a manufacturing company with 5,001-10,000 employees
Real User
2019-04-03T06:21:00Z
Apr 3, 2019
I would like the sync editor to be able to change labels because currently our concurrent development cannot work on this. Self-service is important for our end users. However, after three years, people continue calling the help desk, and the help desk is using this solution to make its requests. The web front-end definitely needs improvement.
We had to customize some stuff in the SAP system, because over the years there has been a lot of customizing in the Identity Manager. It works well, but some features that we would want or that our colleagues are operating and running with the SAP system, we can't really provide, or we have to develop on our own, with One Identity Manager. SAP works well with it, but it could be better. I would like them to add some lifecycle management features. They could improve the support. When you look at the connectors to Microsoft Edge, we think that maybe it could work. However, when we build a hybrid environment, you can't really use the tools that One Identity Manager is providing. They could make the product more user-friendly. It takes a lot of work to build technical and business cases with the product. The solution is more complex than you think to use. The API server needs improvement.
One Identity has a self-service portal but many customers need a helpdesk where they can go in and request. To make that happen we need to do a lot of customization. Maybe that could be improved, but it can be implemented.
Security Architect, InfoSec Consultant at Confidential ( Sensitive Industry)
Real User
Top 20
2018-06-14T11:14:00Z
Jun 14, 2018
A detailed solution document to registered aspirants and interested people would help them achieve what they require before its tested and pushed to production. Quest Software should provide notes and documents to customers before they buy the product and license.
One Identity Manager is a value-added and trusted active directory management and user provisioning software solution. One Identity Manager administers and protects an organization’s data and users, minimizes threats, and ensures that compliance regulations are consistently satisfied. Users will have access to the data and applications they need when they need them. One Identity can be used on premises, in the cloud, and also with hybrid options. One Identity Manager is able to easily...
One Identity Manager needs better documentation and more examples, especially for beginners, as it has a steep learning curve. They have rich forum but it often contain outdated information that could be improved for better guidance. If something is not working, we need to easily find out if it is a product defect.
The client application should transition to a web-based interface to improve administration flexibility. Improvements are also needed in the analytics, peer comparison, and recommendation features, as these areas were added later and require more development. More flexibility in the portal is needed for multi-tenant environments.
The user interface design could be improved, especially during checkout and navigation. The web portal, for instance, can be confusing at times, with buttons and steps not always clearly defined. This can hinder efficient task completion. The portal should include quick guides to assist users, as the descriptions can sometimes be challenging to understand. I used several cases to ensure consistent governance across test, development, and production servers. While this approach is common with transports and other tools, it's less familiar in One Identity Manager. I found the One Identity Designer more suitable for this task. Therefore, One Identity Manager is not optimal for achieving this goal.
I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer.
I would rate the user experience a six out of ten. While we have extensively customized the system, it's unclear whether these modifications directly relate to the One Identity implementation. Regardless, we continue to receive numerous complaints from users who struggle to understand how to request or perform actions within the One Identity Manager portal. The ease of customizing One Identity Manager depends heavily on the user's knowledge of the tool. While customization is straightforward for experienced users, the tool is complex and requires significant expertise. Finding skilled individuals capable of maintaining or developing the system is challenging, particularly in Germany, especially with less than two years of relevant experience. Implementing the business role functionality has proven challenging. While One Identity Manager offers potential solutions, effectively implementing business roles from the company's perspective is incredibly difficult. Unfortunately, One Identity does not provide tools or support to aid in identifying and designing appropriate roles, hindering the process. The usability of the web shop is definitely an issue and could be improved. One Identity Manager could be improved by enhancing connectivity to various cloud platforms, such as GCP, AWS, and Azure, as well as to cloud-based SaaS applications. Upgrading to a new version is consistently challenging and time-consuming. This has been an ongoing issue for years. While necessary to access new features, upgrading requires complete system updates rather than individual modules. Subsequently, identifying and verifying changes in the new version is incredibly difficult. Our customization process mandates comprehensive testing of all functionalities after each upgrade, resulting in significant labor and time costs, making the overall experience highly burdensome.
One Identity Manager is a comprehensive but complex solution. Even for developers, gaining a deep understanding and implementing customizations would require significant effort. It is a challenging product to both implement and comprehend. The reporting and auditing functionalities within One Identity Manager could be enhanced, particularly in the reporting area, which would benefit from a wider range of pre-built reports.
One Identity's UI is fine once you get used to it, but it's a little harder to learn than its competitors. The font size is too small. You need bigger screens to host that application. The website and portal are fine, but the manager, designer, and other standalone applications used for management or configuration are too difficult to use. The UI should be easier to use, and they should reduce the number of standalone applications to three or four. Customization is somewhat difficult in One Identity Manager. The problem is they're using VB.NET, which no one uses. There are no resources because One Identity isn't available on YouTube or any coaching institutes. I also find it difficult to add resources to the business roles because we have to use many options in One Manager for that. We have to add it to the IT shop so that the users can submit requests through the web portal, and we must generate that IT shop structure to add resources to the business. There is a lot of complexity in that.
The interface could be more customizable and developer-friendly. There's a different tool for everything in Identity Manager, so it would help if they could consolidate everything into one or two tools. A developer needs to use three or four tools to do various things, so we need to log in to multiple tools when we make changes. It's a pain if we want to do something quickly, and it's harder for new developers because they have to remember which tool they need for a task. It would shorten the learning curve. I've worked with two versions of One Identity. The earlier version was heavy on customization. We had mastered that because we were doing customizations. We knew how to change things and had our own SOPs, documentation, etc. In the last year, One Identity changed its UI. That involved a lot of code that is invisible to us, minimizing the amount of customizations we can do. To do some minimal customization, we had to try different things and almost break our dev environment. Once, we had to reset it using the backup because it was not coming up because of all the changes we did. Also, there is no clear documentation According to feedback from my users, the user experience is more of a mixed bag. Many of my users had problems with the password reset portal. It asks for a CAPTCHA code before they can log in. It's a standard feature, but how the CAPTCHA is displayed isn't user-friendly. People did not like it. We tried to customize and change that as well but had limited options. Aside from that, the normal UI is good, and we have not had much pushback. While the export and import feature is handy for minimizing gaps in governance coverage, we still need to use separate products like GitHub and other similar tools to maintain consistency between environments. There is nothing built-in to help us maintain configurations across environments. If they come up with something where I can quickly compare both my environments and see the differences, that'll be great. Identity Manager is good at managing identities, but I don't think it suits privileged accounts. IAM is split into three subdomains: IGA, access management, and PAM. One Identity is sufficient for IGA but cannot handle the others. The compliance reporting could be improved. One of the key requirements of SOC or any other audit is a snapshot of the system's configuration. The audit requires you to certify that the queries for generating the report have not been changed and that the configuration is the same as it was the day before the audit. We take screenshots with the timestamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity stores the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do.
One Identity Manager doesn't provide all the user interfaces we need for business users out-of-the-box. This means we need to customize the web portal to display all the information we want to make available to them. The ROM control modeling has room for improvement. The user experience can be more user-friendly. How One Identity Manager deals with disconnected systems needs improvement.
One Identity Manager's usability could be better. While user experience isn't a top priority for enterprise applications unlike customer-facing ones where ease of use is crucial, there's still room for improvement within the industry standard. One Identity Manager is on par with competitors like SailPoint and Omada, but overall, enterprise applications tend to prioritize functionality over a sleek user experience. One key area for improvement is implementing continuous integration and deployment. CI/CD automates deployment across environments, streamlining the process and reducing the manual effort currently required. This would move the company away from a slower, waterfall-style deployment process and improve overall efficiency. The user interface for submitting IT requests could be more user-friendly. While there have been improvements to the look and feel since we purchased One Identity Manager, there's still room for a more customer-driven experience on the end-user portal.
Transitioning from legacy technologies, like for a seasoned web designer moving to Angular, can be challenging and requires dedicated learning. To ease this shift, One Identity Manager could provide reusable components, similar to other systems, which would streamline the learning process and allow for greater customization.
The identity governance components have some room for improvement, particularly the ability to terminate an employee's ID after leaving the company. Customization can be difficult because One Identity uses specified attributes that we must use.
The One Identity system is very modular. The product is similar to an erector set, where you can do the same thing in many ways. While this is great, it also can allow you to set yourself up for failure later. The product does require some level of developer skills, so having the ability to make system changes without being a developer would be a plus. A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly. It would be helpful to have a tool to more easily find common groups across departments or teams so more groups could be managed in an automated fashion.
One area where One Identity Manager could be improved is in database performance. When handling a large number of users, I believe that built-in indexing or other optimizations would be beneficial. This would reduce performance-related resource needs in a production environment. Additionally, it would be helpful to have more visibility into job aspects within the tool itself. Information like the number of jobs in the Data Designer, along with date logs, would allow us to directly manage and terminate jobs as needed. This would lessen our dependence on the database team. I believe that these improvements would streamline operations. There are a few aspects of One Identity Manager's user experience that could be improved. Users sometimes find it confusing to navigate and understand how to use the tool effectively. As a result, customizing the front-end interface could be beneficial. For example, currently, users need to check multiple reports to gather complete information, which can be time-consuming and frustrating. Implementing a way to streamline this process, such as displaying relevant details directly within the application, could enhance user experience. Additionally, the current system requires manual creation of service catalogs for each application. It would be beneficial to implement pre-configured, out-of-the-box options for common applications like ServiceNow. This would save time and effort for administrators and improve the overall user experience. While I'm comfortable making back-end customizations, I find front-end customization to be challenging. It would be convenient if One Identity Manager offered a feature that allows bulk deployment and monitoring with a single click.
It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side. There can be more documented templates where you can take a piece of code and deliver a specific use case. I cannot find that in the documentation. Sometimes, you can go to the community, and sometimes, you have to use their support.
Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work. This is the only thing. There are some gaps in that, but One Identity is trying to bridge those gaps.
I would like them to enhance the search functionality to enable faster processing when looking for objects. Ideally, the system should automatically identify relevant entries and promptly present the results, eliminating the need for users to input search criteria each time they look for specific objects.
In terms of improvement, the web portal for end-users in One Identity Manager has improved but could still see enhancements. The training for admins is crucial, and once you gather the knowledge, it becomes fairly easy. However, documentation could be better, especially for new features. It currently doesn't cover everything comprehensively, making it challenging to navigate some aspects. Improvements in documentation would be beneficial.
The interface can be a bit complex for an administrator to manage. I've used it for a long time; however, for a bit, I was confused. They need to work to make it easier to understand more quickly.
The user interface needs to improve.
The customization process should be simplified.
The user experience is good, but it can be improved. There are a lot of features in the administration part, and they need better documentation. For example, they need to explain the main reason for a feature, and what the tables are in the database. It needs better documentation about all the features that are in the solution. They have a lot of documentation, not only about the installation processes, but also for the development side. For example, in the new IT shop that is using Angular, there are a lot of functions—more than 1,000—that don't have any information about what they do. The documentation is really important. Also, the documentation for the Data Governance Edition must be improved. In addition, when tasks are running in a tree, there should be an order. For example, if we have five tasks in a tree, we should be able to say this one is first, and the next is number two, then three, four, five. And it's important to have compatibility to use gMSA, group Managed Service Accounts.
Items that can be improved in the solution include pricing, integration, support, and analytics. The update processes for hotfixes need improvement. There are bugs in the system, and even though there are not a lot, there's no information about it until you happen to stumble upon it and then talk to the support, and then the support informs you there has been a hotfix for that for two months. Users need to be informed they exist in advance. Integrations are basically always able to improve. They can always have more standard connectors, more prepaid workflows, more templates, and stuff like that. That said, with the standard rest API and C-sharp and power share connectors you can basically do everything that you need to do even with stuff that is not supported.
One Identity Manager is an incredibly powerful product, but sometimes people need something simpler. The solution should come up with a lighter version so people can buy different versions. I want to see more analytics and not just analytics in terms of reports but actionable analytics.
I have used One Identity Manager for S/4HANA from SAP, and that was a very complex integration. S/4HANA has a very complex permission structure, and you cannot find the segregation of duty. That means you cannot do policy violations and policy checks. One Identity Manager does not provide a very flexible way to do segregation of duty based on the permission structure of S/4HANA. Doing so is beautiful in SailPoint, which has a more robust way of doing it. Also, integration with various applications should be made smoother. It is very difficult right now for regular implementers. Access reviews are another thing that is not that good in the solution. It needs improvement. Entitlement management is another area where I have struggled a lot, wherein you try to manage the access of users to various applications. It is not that smooth in the solution. These last three items need to be improved on a very urgent basis.
One Identity Manager can be made more user-friendly for end users. Out of the box, it can be difficult to navigate through the drop-down menu, especially when it comes to accessing the subcategories.
The performance could be better. I also think One Identity could improve its documentation for developers. Many of One Identity's features aren't fully documented. We don't have enough information on how to use them.
The tools within One Identity Manager are distributed, meaning there is no unified platform that covers all development, configuration, and installation details. Instead, there are separate tools for each requirement, such as object browser designer, manager tool, synchronization editor, report designer, job queue, and DBQueue. While these tools have built-in functionality, it can be tedious to learn and implement them all. This is in contrast to SharePoint, where all requirements related to role management, workflows, provisioning, and connector configuration can be implemented in one portal. In the case of One Identity Manager, different tools need to be used for each respective requirement. For example, the sync editor is used for connector configuration and related synchronization, while the job queue and DBQueue are used for monitoring jobs. One Identity Manager is currently in the process of modernizing its UI, which I hope will result in a more user-friendly interface for its Identity Manager. However, it is uncertain whether they have plans to consolidate their various tools into a unified system to simplify configuration and tasks. It is important to note that this modernization effort is a long-term goal, given that this solution has been in the industry for over 20 to 30 years. Despite its age, it remains one of the leading solutions in the market and is recognized by Gartner and other similar institutions as a top solution.
The product's GUI could be more user-friendly. One Identity can improve its Password Manager solution for custom requirements. We want to manage different environments, such as test environments, and we want to manage their passwords, but we can't use this solution because their environment does not have its own connector server. I'm not sure if One Identity already has it or not, but there could be a Privilege Identity Management solution from the vaulting side in the One Identity family.
One Identity Manager needs to come up with many more out-of-the-box connectors, similar to Workday and ServiceNow. There's a scope for One Identity Manager to improve itself. The reporting feature should be improved similarly to other IGA products. Unlike other solutions, One Identity Manager doesn't have a strong support team. I consider One Identity Manager as a niche solution because we have a demand for it, but we can't find the proper skill set in the market. That is the highest pain point with this solution. Other vendors, such as SailPoint, Saviynt, and even Oracle and IBM, reach out to people to provide materials and make them aware of their products. This leaves One Identity Manager at a disadvantage.
End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes. There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.
There is a small area inside the administrator's GUI that could be a little bit more organized.
The product must include SaaS in the future. The use of the administrative tools is cumbersome because too many are required for configurations. For example, the solution requires master usage of eight different client tools so it is excessive to manage the product. A small fix or deployment requires opening three or four different client tools that are not intuitive or easy to use. The user experience and interface need additional improvements. Version 8.2 included improvements to the GUI and the inclusion of Angular JS which is better. However, the interface for 8.5 is a bit basic. Mastery of VB.NET is required to develop using the solution. Most developers use Java or .Net and VB.NET kills the vibe. We have to use VB.NET internally when working within the solution and that really needs to be modernized. To be honest, no developer is interested in learning VB.NET because it is a substandard language compared to newer options.
A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement. I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager. Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.
The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager. What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself.
The solution can be improved from a front-end point of view. It slows the portal down. The tool is too customized in our organization, and we face many challenges with the portal. We were able to make some improvements performance-wise to the portal slowness. It is particularly slow if you are using it in a large organization.
Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out. The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager.
The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.
The blessing and curse with One Identity Manager was its flexibility and the ability to solve business problems in a number of ways. We fell into that trap of over-customization which made upgrading the product difficult. An improvement would be to offer guides on how you should set up a base configuration. There should also be integration guides to key systems like Active Directory. In addition to that, we had some slowness with the IT shop when we had significant amounts of data, users, etc., in the system and there were some slow database queries that needed to be optimized and patched. This caused some slowness when running Attestation campaigns.
There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking. Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.
My largest issue with the product is the ability to customize the web portal. There is a tool that allows this to happen but it is difficult to use (except for minor changes like Logo or color scheme or basic edits such as displayed columns on an object. Then to make it worse the documentation is not helpful at all in describing what pieces do or how to use them. Even after training, I would not be confident in attempting any large change to the portal. For certain, this is the area that I think needs the most improvement from the current state.
We are currently on an old system, an old version. We're working on upgrading to the latest version. So when it comes to cloud-IT strategy, for example, at the time we implemented this version it was not yet a consideration. We are now starting to develop this area, and One Identity will play a key role in our cloud strategy. Most of the issues that we are suffering from today will be fixed with the new version. The more we have integrations with other systems, for creation of user accounts for different applications, the simpler the scalability and the usability of the system will be. That's what will make our lives easier. I've seen that in the new version we're going to have connectors related to ServiceNow. That's a huge feature that will be important for us because we're using that system. Salesforce integration, more integration with SAP and with the internet of things would be good. We also have system devices that we could manage as identities, so that would be a feature to add.
I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.
My only complaint about this solution is the price, as I think that the cost of the full user license is a little high. A feature that I would like to see is a mobile app that provides users the ability to make changes or add users to the Active Directory on the fly.
This is getting at really detailed functionality, but the system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people. That's an issue for us at the moment. I would like the ability to have different user accounts and to have a flexible way to order things. For example, if you have a domain with a lot of sub-domains, for the end-user it should be easy to order to these other environments. But you would have to have sub-identities. We have tried to create different kinds of solutions for this.
The support documents and data sheets should be made available to the implementation of folks the product website. There's is less documentation available to the public. There should be installer version available than a portable/web-portal which will be more useful during the testing.
I am waiting to see the new API for the web. There are several smaller parts of the tool that have room for improvement. One Identity currently is in the development process of fixing these issues.
I would like some access management features to be added. We have some customers with a small need to do authentication as a service, and there are other solutions on the market which offer this. It is a large solution where you need to learn how to work in a certain way for it to provide the best benefit. On the other hand, it's really a structured way so you should work in a structure way, as it is a compliant to other frameworks.
The tool to develop the web portal needs improvement. We are pushing out a cloud strategy, but running this on-premise solution, and do not know what steps to take.
The connectivity to the cloud with the cloud identity need improvement. The whole security story in the area of access management along with the possibility to get access is part of this improvement process. This is the cloud access manager (CAM), and it isn't as it should be, but it's a very good long-term solution. It is important to get the cloud integrated. One Identity is stalling about this in America, and we need it in Europe.
I would like better integration with cloud apps, but I just learned this week that there is already a pretty advanced cloud integration. So, what I would like to see is already implemented, but I just need to start using it. When I first started using it, way before version 7, the manual wasn't comprehensive. The UX design needs improvement, but I have noticed that people are working very hard behind the curtains to make sure that UX is designed in such a way that the end user is going to have a much easier time using the product in future releases. My ideal was a product designed by IT guys with an IT guy mindset, not without realizing thousands of people in an IT portal would be using the product. Therefore, it took my customers many hours to find the correct links to order something from the IT shop, but I know One Identity is working very hard to improve this as well. If they could improve the UX within the Manager tool, this would be another huge upgrade in just lowering the learning curve of how to use the product.
The UI and user experience side of things needs improvement.
As consultants, it's a very complicated to learn it at first, which makes it hard to find people to work with it. The Synchronization Editor has to become easier to use for us, as technical consultants, because sometimes it's very complicated. If, as a new feature, there would more connectors out of the box in the Synchronization Editor, this would help a lot.
Connections with more clouds systems is already planned. The more that we can use One Identity to connect with other systems to manage all the applications accessed throughout One Identity, the better. I would expect to have more connections and setups to other systems. Visually, I would like it to be more user-friendly. Version 8 looks visually like version 6, so this still needs improvement in later versions.
When you see the product for the first time, it seems very complicated, but it's not. To improve the product, it should be made to seem simpler when you see it for the first time.
I would like to have more extensive out-of-the-box reports.
There are some good things about the policy and role management features, but you can't really use them to their full potential. A lot of customizing that we have to go through to implement new processes and new customized policies could be better. Though, overall, it is great. They need to implement a lot of best practices for this solution.
I would like a secondary account approach out-of-the-box, as this would be really useful. Additionally, it would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes.
I would like to see a lot more integration with our platforms, more on the connector side. We are still using version 7.1. There are a lot of new features in 8.1, so we will look forward to using that.
The web portal can be a bit muggy at times. This is one of the key complaints from our customers. This is a major issue with version 6, and while version 7 is slightly better, I am hoping this is fixed in version 8.
We would like the product to integrate with ServiceNow, since One Identity Manager and ServiceNow are two of our better tools. An integration between these two tools would be better for us.
Better support for version control and multi-threaded development would be helpful additional features. The support for DevOps could be improved with quick delivery cycles and multiple delivery streams.
Make logging and debugging easier to find, I never quite know which log to turn on for which use case (just for my tools, for the job service user, etc). Setting up permissions inside the admin tools could be easier, maybe have some roles already created and configurable, like helpdesk needs to view persons, accounts, requests, but not change anything, maybe be able to set delegations etc.
Improve the implementation of additional One Identity Manager’s features. This we are going to focus on after an upgrade to release 8.1 will be finished.
Maybe it is going this way with the angled frame work, but we really want to be able to watch and control things, so we can change things and know what the impact will be. Most importantly for automatic testing and rollouts, we need an easier way of connecting applications and an easier way of onboarding applications. At the moment, the process is very technical. People associate this as a technical and development thing. In the end, onboarding applications should be a business problem, not a development problem. They have take the technical work out of it. That is why we have to completely custom build a framework. Our work is not about connecting 20 or 50 target systems, as we have to connect thousands, which is difficult to do one-by-one. The end user experience needs improvement. One of the things the end users complain most about is the shopping cart, because they are not really on eBay or Amazon buying things. They just need access to business applications. Why do they have to click so many times? We probably have around 20 calls a day because a user hasn't got access, not realizing they haven't completed the shopping cart. So, I would recommend removing the shopping cart.
I would like a more friendly web UI. This is something that they are already starting to work on. Because of our volume, the monitoring of the solution, several job servers, and DBQs has been very time consuming for us. I would also like it to have an easier integration with phones.
I would like the sync editor to be able to change labels because currently our concurrent development cannot work on this. Self-service is important for our end users. However, after three years, people continue calling the help desk, and the help desk is using this solution to make its requests. The web front-end definitely needs improvement.
We had to customize some stuff in the SAP system, because over the years there has been a lot of customizing in the Identity Manager. It works well, but some features that we would want or that our colleagues are operating and running with the SAP system, we can't really provide, or we have to develop on our own, with One Identity Manager. SAP works well with it, but it could be better. I would like them to add some lifecycle management features. They could improve the support. When you look at the connectors to Microsoft Edge, we think that maybe it could work. However, when we build a hybrid environment, you can't really use the tools that One Identity Manager is providing. They could make the product more user-friendly. It takes a lot of work to build technical and business cases with the product. The solution is more complex than you think to use. The API server needs improvement.
One Identity has a self-service portal but many customers need a helpdesk where they can go in and request. To make that happen we need to do a lot of customization. Maybe that could be improved, but it can be implemented.
A detailed solution document to registered aspirants and interested people would help them achieve what they require before its tested and pushed to production. Quest Software should provide notes and documents to customers before they buy the product and license.