One Identity Manager Reviews

Our main use case for One Identity Manager is centralized identity life cycle management. We use it to automate user provisioning and de-provisioning across multiple applications and systems based on roles, departments, and the joiner, mover, leaver process. It helps ensure that users get the right access at the right time, reduces manual intervention from the IT team, and improves compliance by maintaining consistent access policy. We also rely on it for role-based access control, approvals, and audit reporting, which makes access reviews and compliance audits much easier to manage.

When a new employee joins, their details are created in the HR system which triggers One Identity Manager automatically. Based on the employee's role, department, and location, One Identity Manager provisions access to required systems such as Active Directory, email, VPN, and business applications. The access goes through predefined approval workflows so everything is controlled and auditable. Similarly, when an employee leaves, One Identity Manager immediately de-provisions all access across systems, including disabling accounts and revoking application permissions. This has helped us eliminate manual steps, reduce delays, and significantly lower the risk of orphaned accounts while keeping our access management fully centralized and compliant.

Beyond onboarding and offboarding, One Identity Manager has become a part of our daily operational workflow. IT teams use it to handle access requests, role changes, and periodic access reviews through automated approval processes instead of manual emails or tickets. Managers can request or approve access directly within the system, and employees get the permission they need much faster. It also helps us maintain continuous compliance since all access changes are logged and easy to audit. Overall, it reduces the repetitive admin work and lets the team focus more on strategic tasks rather than routine account management.

One Identity Manager offers many valuable features. The first is automated identity life cycle management. It handles user provisioning, de-provisioning, and updates based on HR events or directory changes. This removes manual steps and ensures users have appropriate access throughout their life cycle. The second is role-based access control. Here you can define roles and access policies that map to job functions. This makes it easy to assign consistent access rights and minimize access privileges, improving both security and governance. The third is the approval workflows and delegated administration. Built-in workflows allow access requests and changes to go through automated approval paths. Managers can approve access directly, and delegated admins handle tasks within their scope without overloading IT. The fourth is the integration with multiple systems. It supports a wide range of systems: Active Directory, cloud apps, databases, enterprise applications, and more, enabling centralized control over hybrid environments.

The integration with multiple systems is what I rely on the most day-to-day. One more feature is the policy enforcement and segregation of duties. The platform can enforce security policy and prevent conflicting access combinations through SOD checks, reducing risk from inappropriate access rights. Additionally, there is flexible customization and extensibility. We can tailor workflows, forms, and business logic to our organization's needs.

One Identity Manager could be improved by making the initial setup and configuration simpler, especially for complex workflows and integrations. The user interface and reporting dashboards could also be more modern and intuitive with better out-of-the-box analytics. Additionally, clearer documentation and faster implementation guidance would help organizations get value more quickly. One specific challenge my team encountered was the complexity during initial configuration, especially when setting up custom workflows and role models which required more time and expertise. We also felt that out-of-the-box reports and dashboards are limited, and more customizable real-time analytics would be helpful. Better documentation and guided setup wizards would make adoption easier, particularly for teams new to identity governance tools.

One improvement I think One Identity Manager needs is the enhanced self-service experience. The end-user self-service portal could be more intuitive with clearer guidance for access requests and password resets. Additionally, while integrations are solid, deeper cloud-native connectors and API-driven automation would help in hybrid and multi-cloud environments. A more responsive mobile interface or dedicated app for approvals and tasks would help managers who are often on the go. One more improvement is the built-in predictive insights or trend dashboards around access patterns and risk could improve proactive governance. More descriptive error messages and in-tool troubleshooting tips during setup configuration would reduce dependency on external documentation or support.

I have been using One Identity Manager since 1.5 years.

One Identity Manager is definitely stable. Its stability, especially once it is properly configured in our environment, is notable. Most user reviews describe the platform as robust with good uptime and many rate its stability highly when deployed and maintained well. The system is reliable in production. Users often highlight that the system does not go down easily and does not crash frequently, especially in later versions. Stability has improved over recent versions with fewer issues related to performance or outages, though occasionally bugs and update-related hiccups can occur. Configuration matters; how the product is set up and the underlying infrastructure influence stability. Well-configured systems tend to be more consistent. One Identity Manager is considered stable and dependable for enterprise identity management with a strong track record of uptime and reliability when implemented correctly.

One Identity Manager is considered to be very scalable due to its configuration. It is architected so that key components can be scaled both horizontally and vertically to handle increasing loads from employee accounts to millions of external identities if needed. This means I can expand capacity by adding resources or distributing workloads as demand grows. The platform's automation and optimized architecture support major identity lifecycle tasks even as user numbers expand. Many reviewers note that the solution scales well across various organization sizes and environments. Users with large deployments find it robust, though performance for extremely large data sets can depend on infrastructure and custom tuning. Some users also mention that performance and speed may require tuning when scaling to very high volumes or complex configurations. One Identity Manager is built to scale from mid-size to large enterprise environments, and it supports extensive identity populations when properly configured and resourced, though very large or highly complex implementations may benefit from careful performance tuning.

I had a really good experience with customer support. It can be helpful and knowledgeable, especially when working with premier support or trained partners. Where premium support packages are in place, organizations mention faster response and dedicated resources that make support more effective. The response time can be slow, particularly for complex issues, and resolution can take longer than expected. The level of expertise varies by region or support challenge, so experience depends on who handles the tickets.

One specific challenge my team encountered was the complexity during initial configuration, especially when setting up custom workflows and role models which required more time and expertise. The initial setup and configuration could be simpler, especially for complex workflows and integration. Better documentation and guided setup wizards would make adoption easier, particularly for teams new to identity governance tools.

Either train your internal team or work with experienced implementation partners. Having someone who understands identity governance products and your environment makes a big difference in a smooth rollout.

We have seen a return on investment after implementing One Identity Manager. Based on real user feedback and case studies, many organizations do see a positive return on investment. We have seen measurable time and efficiency savings. Several users reported reduced onboarding and offboarding times by around 40% thanks to automated provisioning and de-provisioning. This not only speeds up user productivity but also frees IT staff to focus on higher value tasks. One case study noted that after deployment, IT staff gained about four hours of productivity per day because engineers did not have to manually manage accounts and access changes anymore. It also reduces errors and support costs. Several reviewers specifically mentioned fewer manual provisioning errors which improve data integrity and decrease the time spent troubleshooting access issues. This also tends to reduce help desk calls for password resets and access problems, which translates into lower operating costs and better service levels. With automated attestations and centralized reporting, many organizations speed up audit cycles and reduce the manual effort involved in compliance activities. Although not always quantified publicly, this is frequently cited as a major ROI driver.

My experience with pricing, setup cost, and licensing regarding One Identity Manager is that it does not have public list prices. Costs are usually customized based on our organization size, deployment model, modules, and support needed. Pricing typically depends on the number of users, whether it is on-premises or cloud, and which features or modules you choose. Many customers find it fair and reasonable for enterprise use, though it can be expensive for smaller organizations due to total licensing and implementation cost. The setup cost, initial implementation effort, and professional services are often a bigger cost than the license itself. Many organizations invest in constant help or internal resources to configure workflows, roles, and connectors. The licensing offers flexible options, sometimes per user and sometimes based on feature sets or modules, which gives flexibility but can seem complex to plan without talking to sales. You may also pay maintenance and support fees yearly on top of the base license. We found the pricing fair for the capabilities and governance value we get, especially compared to managing identity tasks manually or with multiple tools. The setup cost was significant upfront because of initial configuration and planning, but it is paid back over time through efficiency gains. Licensing clarity varies; you need to get detailed quotes and agreements so you know what you are paying for and avoid surprises.

I would advise others looking into using One Identity Manager to invest time early in defining your roles, processes, and policies so the system aligns with your business goals from the start. Before going full scale, do a pilot project with a subset of users and applications. This helps uncover any integration or workflow issues early, and the lessons learned can improve the full deployment. Since the system affects IT and business users, plan for communication and training so that managers and end users understand how access requests, approvals, and self-service features work.

One Identity Manager is a strong enterprise-grade identity governance solution that delivers real value once it is implemented correctly. It excels at automation, access control, and compliance, and it becomes more valuable over time as processes mature and adoption increases. While it does require upfront effort and expertise, the long-term benefits in terms of security, efficiency, and audit readiness outweigh those challenges. For organizations that need robust identity lifecycle management and governance at scale, it is a reliable and worthwhile investment. I would rate this solution an 8 out of 10.

Public Cloud

Amazon Web Services (AWS)

My main use case for One Identity Manager is user life cycle management, which includes creating, modifying, disabling, and deleting accounts automatically. Day-to-day, I work on a variety of tasks, including compliance reporting, generating reports for clarification, and assisting with auditor reviews. I also monitor synchronized jobs and troubleshoot provisioning tasks, update roles and policies, run reports and audits, handle onboarding and access requests, manage the identity lifecycle with automatic provisioning, synchronize monitoring of access, approve requests, manage roles, troubleshoot provisioning issues, and maintain compliance workflows.

One important aspect of our use case is leveraging the automation and integration efficiency of One Identity Manager. In many organizations, the platform becomes the central identity governance system. It connects various systems like HR, Active Directory, cloud platforms, and email systems for business compliance. An additional key point is our focus on automation to reduce manual tasks. This includes automated account management, where we use automated onboarding and off-boarding workflows, which reduces the manual effort for account management. We also implement role-based access management (RBAC), manage access through business roles and departments instead of assigning permissions to individual users, and use scripting and Designer templates for customization, including process and SQL scripts, to create custom workflow policies. Additionally, we manage both on-premises and cloud identities from a single platform. In summary, my main use of One Identity Manager is for centralized identity lifecycle management and automated provisioning. I regularly work with synchronization monitoring, RBAC, approval workflows, troubleshooting provisioning issues, and compliance-related tasks. I also focus on improving automation and maintaining secure, policy-based access management across all connected systems.

What stands out most about One Identity Manager is its strong balance between automation, governance, and deep enterprise integration. In large organizations, those three areas usually become the biggest differentiators. The feature I would probably rate highest is the identity lifecycle automation. The platform can automatically create, modify, disable, and remove accounts across connected systems based on HR business events. This dramatically reduces manual work and onboarding or offboarding delays.

Another major strength is its compliance and governance features. Features like attestations, compliance policy violation tracking, approval workflows, audit history, and access reviews are very useful in regulated environments. The governance heat maps and reporting tools help our security and audit teams to quickly identify and address access risks. The integration capability is also one of the strong parts of the platform. It supports a very broad ecosystem, including Active Directory, Azure AD, SAP, ServiceNow, Workday, Exchange, AWS, Google Workspace, and many SaaS applications. That flexibility is a big reason it is a good fit for enterprises with hybrid environments.

Some additional features that stand out are role-based access, self-service access requests, privileged access governance, workflow customization, historical identity tracking, and AI-assisted reporting in newer versions. Many engineers also appreciate how customizable the platform is compared to some competitors. Several users have mentioned that you can configure complex workflows and integrations yourself without relying heavily on vendor services. To summarize, the strongest features of One Identity Manager for me are its lifecycle automation, governance and compliance capabilities, and integration flexibility. I especially like how it automates provisioning and de-provisioning workflows while still giving us strong audit visibility and role-based governance. Its ability to integrate with Active Directory, SAP, cloud platforms, and ITSM tools makes it effective in complex enterprise environments.

While One Identity Manager is powerful, users often mention a few areas where improvements could make the platform easier and more efficient to use. Some commonly discussed improvement areas include a simpler user interface (UI/UX), where some admin tools, especially Designer and Manager, can feel complex for new users. A more modern, intuitive interface would reduce the learning curve. There is also a desire for easier customization, as advanced workflow changes sometimes require deep technical knowledge of processes, SQL, templates, and scripting. Improved cloud-native experience is another area, as organizations moving fully to the cloud often want a simpler SaaS deployment and lighter infrastructure management. Users also seek faster synchronization troubleshooting since sync and provisioning errors can sometimes be difficult to trace quickly. More intelligent diagnostics and clearer explanations would help.

Additionally, many users would appreciate better built-in dashboards and analytics, wanting more modern, real-time dashboards, visual reporting, and executive-level analytics without additional customization. Another area where One Identity Manager could improve is overall operational simplification in very large, hybrid enterprise environments. Some additional improvement areas often mentioned include integration setup complexity; while the platform supports many systems, initial connector configuration and synchronization mapping can sometimes be complex and time-consuming, especially for custom applications. There is also a need for cloud and hybrid scalability optimization, as large, global deployments may require significant infrastructure planning for synchronization servers and job servers. Improved modern DevOps and cloud-native integration would enhance flexibility.

Users often want monitoring and alerting enhancements, looking for more proactive monitoring, predictive alerts, and a centralized health dashboard for sync features, processes, and performance bottlenecks. Upgrade and patch management can be complex, involving extensive compatibility testing in highly customized environments. More streamlined upgrade tooling would help reduce operational effort. Documentation and onboarding can be challenging, as beginners sometimes find the advanced configuration documentation difficult to follow. More guided implementation templates and learning resources would help new teams adopt the platform faster. Additionally, better built-in diagnostics for SQL database performance, synchronization load, and workflow optimization would simplify troubleshooting. Many organizations also want stronger SaaS application connectors, identity analytics, Zero Trust integration, AI-assisted governance recommendations, and low-code workflow configuration. While One Identity Manager is highly capable, improvements in integration simplicity, cloud scalability, monitoring, and the modernization of APIs would make the platform even stronger. Simplifying upgrades and reducing the complexity of customization would also improve operational efficiency, especially for large enterprise deployments.

I have been using One Identity Manager for about seven years.

One Identity Manager is considered a very stable platform, especially in a well-planned enterprise environment. It has a strong core architecture, a reliable user lifecycle management engine, a strong workflow engine, and stable integrations with Active Directory, SAP, HR systems, and enterprise applications. It has good performance for large-scale identity governance deployments and high customization capabilities for complex IAM requirements. Many enterprise users also describe it as a solid and powerful IGA platform with long-term vendor community and partner support.

That said, there are some common challenges reported by customers, such as performance can become slower in very large environments if not properly optimized, and upgrades and migrations can be complex. The UI is sometimes considered less modern compared to newer cloud-native IGA platforms. However, in our case, after the initial implementation and stabilization phase, the platform has been dependable for daily operations with very few critical outages. Most issues were related to customization complexity and integration rather than core platform instability.

I have contacted One Identity Manager support. Overall, the experience has been reasonably positive. The main strengths of the support are good product knowledge for complex IGA and governance scenarios, being helpful during development, providing troubleshooting and connector-related issue support, offering strong support for enterprise customers, and ensuring long-term product continuity with experienced engineering teams. In our experience, crucial issues were usually handled professionally, especially when accelerated through enterprise support channels.

However, there are some areas where support could be improved, as response times for non-critical tickets can sometimes be slow. Complex customization issues may require multiple follow-ups. Documentation gaps occasionally make troubleshooting harder. Additionally, cloud-related support is still less mature compared to their traditional on-premises and hybrid deployed support.

We were using in-house developed tools, manual processes, and some basic scripting for user lifecycle management. In some areas, there were also smaller IAM tools involved, but they lacked centralized governance and automation capabilities. The main reasons for switching were too much manual effort in provisioning and access changes, a lack of a centralized identity governance platform, difficulty in managing access across multiple applications and systems, limited automation and approval workflows, and audit and compliance reporting was very time-consuming. Additionally, there was a high risk of orphaned or excessive access between off-boarding and scalability challenges as the organization and application landscape grew. We evaluated multiple IGA platforms before selecting One Identity Manager. The decision was mainly influenced by its strong governance, compliance, workflow customization, integration flexibility, and better fit for our complex enterprise environment.

The initial setup of One Identity Manager can be complex due to the requirements for infrastructure setup, database or server resources, IAM consultants for implementation, custom workflow development, connector configuration, testing, and migration work. Organizations often justify the cost through the ROI from reduced manual administration, faster onboarding, lower audit effort, improved compliance, and reduced security risk. Upgrade and maintenance costs can also add to the total cost, as a large-scale customization can be costly over time.

I recommend using experienced implementation partners or internal IAM specialists and planning carefully for integrations with Active Directory, ERP, cloud applications, SAP, and ticketing systems. You should expect a learning curve for administrators and developers, and allocate enough time for testing, especially around provisioning and approval workflows.

Organizations typically measure the impact of One Identity Manager through operational KPIs, audit results, and service efficiency metrics. Some realistic examples of measurable improvements include a 50% to 80% reduction in manual provisioning effort due to automated onboarding and offboarding, which significantly reduces repetitive account management work. New user onboarding time is reduced from days to hours because accounts, mailboxes, access, and group memberships are assigned automatically. There is a reduction in help desk tickets, as self-service access requests and password-related workflows lower the support workload. We also experience fewer orphaned and inactive accounts because automated de-provisioning improves security and reduces audit findings. The administrative overhead is smaller, allowing teams to manage larger user environments without increasing headcount because many tasks become part of a workflow. Faster audit provisioning for reports that previously required manual data collection can now be generated directly from the platform.

Common ways organizations measure these improvements involve tracking the time required for onboarding and offboarding, the number of manual tickets before versus after implementation, provisioning error rates, audit findings related to compliance violations, SLA compliance for access requests, administrative hours saved monthly, and the percentage of automatically handled account lifecycle tasks. A practical enterprise example might sound like this: After implementing One Identity Manager, onboarding time was reduced from two or three days to a few hours through automated provisioning. The help desk team also saw a noticeable reduction in user access tickets, and audit preparation became much faster because reporting and attestation data were centralized. Overall, our organization reduces manual identity administration efforts significantly while improving compliance visibility.

The feedback on pricing and licensing for One Identity Manager is that it is considered a mid- to high-cost enterprise IAM solution. However, many organizations feel the investment is worthwhile because of the advanced governance and compliance capabilities it offers. Key points include that licensing is modular; pricing often depends on the number of managed identity users, connected systems, specific governance modules purchased, deployment size, and support level. The initial setup cost can be significant, as it often requires infrastructure setup, database or server resources, IAM consultants for implementation, and costs for custom workflow development, connector configuration, testing, and migration work. One Identity Manager is best suited for medium-to-large enterprises, as smaller companies sometimes find the platform expensive or overly complex for their needs. Organizations often justify the cost through the ROI from reduced manual administration, faster onboarding, lower audit effort, improved compliance, and reduced security risk. Upgrade and maintenance costs can also add to the total cost, as a large-scale customization can be costly over time.

Before selecting One Identity Manager, we evaluated and considered IGA solutions. The main competitors considered were SailPoint IdentityIQ, Saviynt Identity Cloud, and Forgerock Identity Platform.

I would advise others to clearly define their IGA and governance requirements before starting. Invest time in proper architecture and design before implementation. Keep workflows and customization as simple as possible initially. Ensure HR data quality and the role structure are clean before onboarding systems. Use experienced implementation partners or internal IAM specialists and plan carefully for integrations with Active Directory, ERP, cloud applications, SAP, and ticketing systems. Expect a learning curve for administrators and developers, and allocate enough time for testing, especially around provisioning and approval workflows. I would rate my overall experience with One Identity Manager as an eight out of ten.

Hybrid Cloud

Microsoft Azure

My use case encompasses everything that One Identity Manager offers, from the provisioning of accounts for the joiner-mover-leaver process to the data and governance module for attestations and reviews, including the web shop and self-service for the business.

One Identity Manager's flexibility and capability to handle everything we want is its best feature. However, that can be a challenge because our business might expect us to do anything based on past experiences. Therefore, it is essential to maintain a strict policy, adhering to standards and avoiding unnecessary customizations. In general, One Identity Manager can handle everything you can expect, and we haven't found anything we couldn't do.

One Identity Manager performs well as a single platform for enterprise-level administration and governance for all types of accounts, including non-human identities, ensuring that responsible individuals can manage system access and authorizations efficiently.

Business roles greatly improve our business functionality by automating processes. For instance, specific departments automatically get new employees added to relevant email distribution lists without manual intervention. This automation saves time and enhances efficiency, and we plan to expand on this in the future.

One Identity Manager enhances visibility regarding governance on our test, dev, and production servers by making issues apparent, allowing us to define the appropriate rule sets and tasks necessary to mitigate any identified discrepancies.

We utilize business roles to map our company structure for dynamic provisioning, having established numerous roles for various entitlements in AD and Entra.

Regarding the user experience of One Identity Manager, we notice a difference between the older front end we currently use and the back end. The older front end has been heavily customized to meet our needs, but the out-of-the-box version is not very user-friendly and requires many steps. This could be improved with tools like the new web front end, which we haven't adopted, aimed at making it easier for end users to interact with IT processes. On the back end, I work daily with the Fat Client tools, which are straightforward and function as needed for managing my company.

My primary area for improvement would be the web front end, which should be more user-centric, as not all business users understand technical IT terminology that may seem straightforward from an IT perspective. The newest web front end should enhance user experience for individuals who infrequently use the interface, as it currently isn't very intuitive.

Additionally, performance could be significantly improved. I've heard from other customers that performance issues consistently arise regardless of how large the SQL database is, often leading to slowdowns. Making performance a top priority in future development is essential, along with providing users better tools to diagnose performance issues.

One Identity Manager could certainly enhance their support in several areas.

I have been using One Identity Manager for eight years now, having implemented it in 2018.

As long as One Identity Manager is not being modified, it remains very stable. I've found it to run continuously unless significant changes are being made. Based on that, I would rate stability a nine.

One Identity Manager is scalable. We can quickly adjust to our requirements, especially with the new container capabilities that allow growth if needed. Generally, if we need to add thousands of new users, we can ramp up container resources effectively.

I use regular support instead of Premier Support.

Rating their support is challenging because the quality sometimes varies by the representative you work with. I would rate it a five since the quality of assistance can fluctuate.

They are quite involved with the operations side of things, checking that current jobs are running and troubleshooting any synchronization locks or errors, essentially handling all operational tasks. I would rate their customer support an eight.

Positive

I cannot directly compare One Identity Manager to other solutions like SailPoint or IBM since I haven't worked with them. However, I've heard feedback indicating that all tools have their strengths and weaknesses, making the choice depend on specific requirements and an organization's background. Colleagues who transitioned from One Identity Manager to other tools have noted challenges and expressed a desire to return to One Identity Manager.

The initial deployment was complex for me eight years ago, especially since I lacked experience then. However, we successfully set it up a second time using the latest version mostly on our own. Once you understand how everything works together in an enterprise environment, it becomes much easier to navigate, despite the inherent complexity at first.

We implemented One Identity Manager with One Identity itself, and currently, support is provided by IC Consult.

The implementation of One Identity Manager is solely done by the vendor, while IC Consult later assists with adaptations as requirements grow, such as adding new target systems and synchronizations, along with smaller enhancements.

Regarding customizing One Identity Manager to our specific needs, they helped, and it was all possible to implement every necessary feature. However, we mainly need to concentrate on how much customization we want to perform to ensure we can update in the future and keep all customizations under control.

It is tough to evaluate the return on investment accurately. However, I would estimate it to be up to eighty percent, indicating significant value derived from our usage over the last eight years.

In terms of pricing, I find One Identity Manager to be cost-efficient. I appreciate the licensing model where you purchase a license and only buy maintenance later, rather than paying for a subscription, especially for an on-premise installation, which I consider fair.

My key advice for implementing One Identity Manager is to ensure you start with a well-maintained and reliable source system for employee master data, typically an HR system. Without this, integration becomes challenging. Also, I recommend limiting customizations to maintain upgrade feasibility and system manageability.

We currently maintain entitlements without direct connections to applications, but we are planning to implement a more application-focused setup in the future that connects all entitlements to their respective applications for clearer compliance oversight. This will definitely streamline application compliance through effective auditing.

One Identity Manager is helping us move toward an identity-centric, zero-trust model. Currently, the framework only associates a human identity with a valid HR contract, meaning active identities are only those with validated employee status, while non-human identities still have gaps we need to address.

Within One Identity Manager, our SAP accounts function similarly to any other accounts, built to the identity framework, and we haven't missed any features regarding these SAP users so far. However, I did hear at a conference that the next version will enhance details on transaction codes, which is a positive improvement for the future.

One Identity Manager connects SAP accounts to employee identities under governance, so all accounts are linked, and we have governance checks in place to ensure that if these user accounts haven't been used for a certain period, an attestation will prompt the manager to confirm if they are still necessary, thereby preventing unused accounts.

We do use One Identity Manager to help manage SAP. We haven't delved deeply into the more complex aspects of SAP with One Identity Manager yet, but we anticipate the need for it in the future as we are currently integrating S/4 with One Identity Manager, which will provide more information on these topics. Right now, we only check if an account has been used.

In terms of time savings, I would estimate about twenty-five percent. Customizing One Identity Manager to our specific needs is generally too easy as it manages virtually everything and is simple to customize. However, it is crucial to stay mindful that with updates, we will need to adapt our customizations to align with new versions, which is why keeping customizations minimal is advisable. Business roles greatly improve our business functionality by automating processes, and this automation saves time and enhances efficiency, with plans to expand on this in the future.

I would rate this review a nine overall.

On-premises

One Identity Manager is used primarily for Identity Lifecycle Management, handling user onboarding, role change, and offboarding across different systems. The goal was to avoid extensive manual access provisioning work because managing access has become difficult when employees move between teams or leave the organization. A significant benefit is having more centralized visibility over who has access to what, but one practical challenge is that integrating older or custom applications is not always straightforward. Some systems connect easily, while others still need custom workflow or extra effort from the team.

Before using One Identity Manager, the user onboarding and offboarding process was much more manual and involved coordination across different teams. For onboarding, HR would usually share new employee details, then IT or system admin had to create accounts in different applications, assign access, and ensure the right permissions were given. Much of it relied on emails, tickets, and spreadsheets. Offboarding had similar challenges. When someone left the company, access needed to be removed across multiple systems, and there was always a dependency on people remembering every application involved. The biggest concern was not usually creating accounts; it was ensuring that access was fully removed from everywhere.

Several features stand out in One Identity Manager, including automated user lifecycle management, which reduces repetitive work around onboarding, role changes, and offboarding. Instead of handling everything manually, many tasks can follow predefined workflows. Role-Based Access Management is also useful because it makes access assignment more structured rather than granting permission individually each time. Workflow automation and the approval process help create more controlled processes instead of relying on emails or manual tracking.

One example is during employee onboarding and internal role changes. Before workflow automation, access requests would often move through email or ticket chains. Sometimes an approval was misused or someone accidentally gave broader access than needed because they were handling multiple requests at once. With One Identity Manager, the approval workflow becomes more structured. For instance, if an employee joins the finance team, the request could automatically go to the manager and then to the application owner before access is provisioned. This reduces back-and-forth communication and makes the process more consistent. In terms of saving time, it helps reduce manual follow-ups because people no longer have to keep checking who needs to approve next. It also helps prevent mistakes such as duplicate requests or missing approvals. One practical gap observed is that automation works best when approval hierarchy or roles are maintained properly.

One Identity Manager has improved efficiency and better control over user access management. Repetitive manual work around onboarding, role changes, and offboarding becomes more streamlined, which reduces effort from the IT team and helps speed up processes. It also improves visibility because there is a more centralized way to track users and permissions across different systems. From a security and compliance perspective, having an audit trail and approval workflow makes it easier to understand who approved access and when changes were made. Another benefit is reducing the chance of human error in manual processes. It is easy for access to be missed or assigned incorrectly, especially when organizations are growing.

Integration and implementation complexity would be one area for improvement in One Identity Manager. Standard systems are usually manageable, but connecting older applications or highly customized environments can still require additional effort and configuration. The user experience could also be improved in some areas. Identity and access platforms can become complex because they handle many workflows and permissions. Simplifying administration and making certain tasks more intuitive would help teams work faster.

Another point is around reporting and analytics in One Identity Manager. The platform provides visibility, but many organizations would benefit from more simplified and actionable insights rather than just large amounts of data. Teams often need a quick answer such as identifying unusual access patterns or outdated permissions without spending much time creating custom reports. Cloud and hybrid environments continue to evolve quickly. Many organizations now work with a mix of on-premises systems and SaaS applications and cloud platforms. Keeping integration smooth across all of them is becoming increasingly important.

One Identity Manager has been used for the last two years.

One Identity Manager is stable in our experience. For day-to-day operations such as user provisioning, workflow processing, and access management, it generally performs very well. There are no frequent major issues affecting normal business operations. Most of the challenges are less about stability and more around integration, configuration changes, or handling complex environments.

One Identity Manager scales well, especially for organizations managing a large number of users, applications, and access requests. As environments grow, having centralized identity management and automated workflows becomes much more valuable than relying on manual processes. It handled growth reasonably well in terms of onboarding, offboarding, and role-based access management without needing major process changes.

The experience with customer support for One Identity Manager is generally positive. For routine issues and standard queries, the support team is responsive and helpful, especially for configuration guidance and troubleshooting. For more complex cases involving integration or highly customized environments, resolution can sometimes take longer because those situations often need a deeper analysis.

Before using One Identity Manager, we were relying more on a combination of manual processes and native tools rather than a dedicated identity governance platform. Much of the access management activities were handled through tickets, emails, spreadsheets, and individual system-level administration. The main reason for moving was scalability and better control. As the number of users and applications increases, managing everything manually becomes difficult. Visibility across systems is limited and there is a great chance of delays or inconsistent access assignments. We also wanted stronger workflow automation and governance capabilities so access requests and approvals could flow through a more standardized process.

Spending enough time on planning before implementation is important. With One Identity Manager, the technology itself is important, but having clear processes and access policies matters just as much. It is recommended to understand your user roles, approval flows, and application landscape before starting. If roles and ownership are not clearly defined or redefined later, things can become more complicated, even if the platform itself is working properly.

There is no additional business relationship with the vendor beyond being a customer. One Identity Manager is used as an end-user for internal identity and access management needs, and we are not acting as a partner, reseller, or service provider.

One Identity Manager does provide ROI, but it is more visible through operational improvement than through direct headcount reduction. One Identity Manager was not implemented to reduce employees; it is more about making processes more efficient and scalable. For instance, onboarding and access request activities that previously involved manual coordination become noticeably faster after automation is introduced. There is less time spent on repetitive tasks and fewer access-related errors that need follow-up. The overall impact is mainly around productivity and process consistency rather than eliminating a certain number of positions. ROI for identity and access management solutions usually becomes clear over time. The value often increases as more systems and workflows get integrated into the platform.

Our experience with pricing and licensing is that it feels more like an enterprise investment rather than a simple plug and play product. The licensing model is manageable, but the overall cost is not just about the software itself. Implementation effort, integration, customization, and ongoing maintenance must also be considered. For setup costs, much depends on the environment. If an organization has many applications, legacy systems, or custom workflows, implementation can become more complex and require additional effort. From a value perspective, the return is more visible over time rather than immediately. The benefits come through reduced manual work, better access governance, and improved process consistency.

Several other options were considered during the evaluation phase, including SailPoint IdentityIQ and Microsoft Identity Manager. The comparison was not only about features; it also looked at integration capability, how the solution would fit into the existing environment, scalability, workflow, flexibility, and long-term administration effort. Each option had strengths. Some had good cloud-focused capabilities while others had strong governance features. One Identity Manager was chosen because it aligned better with the environment and requirements at that time.

As the number of applications or users grows, consistency becomes a challenge. Before implementing One Identity Manager, different teams sometimes followed slightly different processes for access requests and approvals. It worked when things were smaller, but as the environment scaled, it became harder to maintain visibility and standardization. Another practical challenge was role management. In a real environment, people do not always fit into perfectly defined access groups. Employees change teams, take temporary responsibility, or work across multiple projects. Access requirements can change quite often. That is still an area many organizations continue to improve because access models can become complex over time if they are not reviewed regularly. The implementation helps bring more structure and automation, but there is still a level of governance and periodic review needed. Technology helps significantly, but processes and coordination between teams still play a big role.

One more aspect is the visibility and governance side of One Identity Manager. Having a centralized view of user roles and access permissions is helpful because teams do not have to check multiple systems to understand who has access to what. The self-service capabilities are also useful in some cases because they reduce dependency on the IT team for routine requests. Users can request certain access through predefined workflows instead of creating multiple tickets. One challenge observed is that features are only as effective as the processes behind them. Even a good platform can become difficult to manage if roles keep expanding over time or if organizations do not periodically clean up old permissions.

While we do not focus on reducing headcount, we do notice improvement in time and operational effort. For instance, onboarding and access request processes become faster because many manual setups are automated. Tasks that previously involved multiple emails and follow-ups could often be completed through predefined workflows. Routine access-related tasks take noticeably less time, and there are fewer delays caused by manual coordination. There are also fewer access-related mistakes such as missed approvals or delayed de-provisioning. From a cost perspective, the time savings are more indirect rather than immediate. It is not really about removing people; it is more about allowing teams to spend less time on repetitive administration and more time on higher-value work. Measuring ROI for identity tools can be tricky. Some benefits such as reduced security risk, cleaner audit processes, or avoiding access-related issues are valued but not always easy to convert into an exact number. The overall review rating for One Identity Manager is eight out of ten.

My use case for One Identity Manager is provisioning, identity and access management, and Identity Governance and Administration.

What I like the most about One Identity Manager is that it's totally customizable. You can use One Identity Manager for not only Identity Governance and Administration and identity and access management, but also for other things, such as governance of Azure and app registrations, and creating custom systems for cases and giving access to specific folders.

One Identity Manager provides Identity Governance and Administration for difficult aspects of the solution, including T-codes, profiles, rules, and compliance.

I am satisfied with One Identity Manager for providing a single platform for enterprise-level administration and governance of privileged accounts and data. It has been a really complete tool.

One Identity Manager helps consolidate procurement and licensing with the Federations. When using sync projects, you can assign different licenses, and with system roles, you can create provisioning for each application and license that they need.

One Identity Manager helps streamline my application access decisions and application compliance while addressing application auditing.

This affects my operations by helping a lot and making things easier. It's beneficial to have everything in one portal so the operations team can see it, along with the reports that we can send to the customer, though there are some gaps there.

One Identity Manager helps minimize gaps in my governance coverage for my test, development, and production servers.

My experience with minimizing the gap affects my operations by allowing me to create custom rules for compliance. For example, if a person is part of this role, then they should have access to this part. As I mentioned before with the business roles, that's the base of most of everything. With governance, you can set up these custom roles and custom rules to say that this specific business role should have access to just these particular areas.

My impression of the user experience and intuitiveness is that the learning curve is quite slow because there are many functions and things, and it becomes really complex at some point because there are many different modules. I wonder which module is the best one to work with. For example, at a specific level, if we're looking at applications, should we use an AOB table or should we use the Application Governance module? It would be nice to have a description for the use case for each module.

While I mentioned that I like the customization, I would say that it's sometimes not that easy to customize One Identity Manager because you actually need knowledge in VB.NET and PowerShell. Sometimes there are different ways to approach customization, and I can say that it's a little difficult.

There are areas with room for improvement regarding the learning curve and complexity. Although One Identity Manager has improved the documentation, they really need to improve it even more. For example, there are different modules like Identity and Access Management, attestations, recertifications, and Data Governance Edition. However, there are other modules that exist, but it would be really nice to know what each one is used for. For instance, the AOB table module is used to manage applications, and it would be helpful to have a use case that lets us know whether to use this one instead of another. Additionally, in the documentation for developers, it would be really helpful to have a list of methods, the main reason for each method, their parameters, what function they perform, and where we are obtaining the information for each parameter.

I have been working with One Identity Manager for three years.

I would rate the stability as nine. There is some downtime, bugs, and glitches.

For scalability, I would rate it as ten.

Normally, I don't use support, but I'm pretty sure there are support options because I have colleagues that use it. From what I understand, when my colleagues have found some bugs, they launched a patch for it, probably around a week or so.

I haven't reached out to support directly, but I have used the support in the past with Data Governance Edition, which is another module from One Identity Manager. We had a few issues trying to implement it because the customer had a very new version of their operating system for PowerScale. So I actually have used it, but it was a couple of years ago.

I would rate support as nine.

Positive

It normally takes months to deploy One Identity Manager, depending on the complexity of the requirements, how many target systems they have, whether they already have a well-defined role system, or if we need to create everything from scratch. One Identity Manager's good aspect is that you can customize it and have everything you need or the customer needs, and create a custom process for it. So depending on the size of the workload, that would determine the time, but I would say months.

When it comes to implementation, I actually work with them.

I don't know about the pricing, but I've heard that it's quite expensive. I would rate it as seven because I'm not really sure about the pricing.

When comparing One Identity Manager with other solutions or vendors on the market, including SailPoint, Omada, IBM, and Microsoft, I would say that the best part of One Identity Manager is that it's really customizable. That's the main thing that I'm pretty sure is better than other products. Compared to Entra ID, which is Azure and the products within Microsoft, One Identity Manager is more global. You can get not only Entra ID but also Google Workspace, custom tables, custom databases, custom target systems, and custom source systems.

I definitely use the business roles to map structure for provisioning. The business role functionality is the base of everything.

I use One Identity Manager to extend governance to any cloud apps. Extending governance depends on the customer. Some of them are just focused on identity and identity and access management, but others focus on governance, which comes as a really complete package. You can govern most of the things we need. However, there are some other things that you need, such as a custom REST API that you need to get and work with using PowerShell or VB.NET.

One Identity Manager has helped achieve an identity-centric zero trust model. This affects my clients, as sometimes it's difficult to get there on time.

In terms of zero trust, it's the base of IT security. The thing with zero trust is that it's one of the requirements that customers have, such as insurance customers and bank customers. There's a complementation from One Identity Manager and also from PAM, which is Safeguard. These kinds of things complement each other, and definitely with zero trust, there's no gray area in IT security.

My thoughts on the integration capabilities are that with One Identity Manager, it's possible to install on-premises and also in cloud solution and connect to different target systems, which makes things really nice.

One Identity Manager requires maintenance. You need to do updates, patches, and renewals. Actually, it depends on the customer for maintenance. One Identity Manager releases Long-Term Support versions, and they have patch versions such as 10, 10.1, 10.2, and others. The customer has to decide based on their needs. For example, they may want Long-Term Support at X.2, and we say that's more stable. So it depends on the customer and how large the customer is.

I definitely recommend One Identity Manager. For developers, I would say to be patient and try to look at the forum if there's already a solution. I would give this review an overall rating of nine out of ten.

On-premises

Other

The use cases primarily focus on joiner and leaver workflows, which form the foundation of every IDM system, plus governance. Governance includes recertification, attestation, and self-service capabilities for employees. These are all the major components.

Regarding disconnected SAP accounts, One Identity Manager reads all objects into the system and makes the mapping. From the One Identity Manager database, you can easily find which objects are active and not connected to the right identities. You can make a good analysis, but you need to understand the whole data structure behind it.

One Identity Manager has valuable features, particularly the governance module and SAP integration. The SAP integration itself is very good.

Governance is really important because all major companies need to go through yearly audits. At audit time, you need to show whether your accesses are properly attested. Additionally, when a person leaves the company, the accounts connected to the employee must be removed. The JML processes must be properly configured if the accounts are properly connected. This is the most important and critical aspect.

One Identity Manager has multiple interfaces. The admin interface includes admin tools, which are mostly Windows applications including Manager and Designer. Version 10 and later versions can be viewed from the portal, which is a bigger change. The admin interface is excellent because it provides a very good overview of the system, connections, and everything else. There is also a customer or employee self-service portal interface. The later versions use Angular, which is also a bigger change, and I really loved the Angular portal.

Business roles are one of the critical role types in One Identity Manager. You can dynamically create a role, such as SAP Administrator, and assign all entitlements into that role. You can assign it to multiple people or manually assign it or dynamically assign it. If you do it dynamically, whenever a new employee comes in with attributes matching this business role, all these roles will be assigned automatically. This is a faster way of doing it. One Identity Manager has other role types where you can make it more flexible, but the business role is one of the critical ones.

Overall, One Identity Manager is a really good and very powerful product. However, Starling Connect could have been a little better. Starling Connect is a product inside One Identity Manager used to connect to cloud systems. It is good, but it could have been a little better.

I have been working on One Identity Manager for the last 11 to 12 years.

One Identity Manager is stable.

For the customers I have worked with, we have not managed profiles or other things. We were mostly managing roles, groups, and accounts, but not profiles. Roles are the most important part. One Identity Manager can do it, but in the projects where I have worked, the profiles feature was not used.

The quality of support is not bad; it is good. I normally get good support. I would not say it is amazing, but they are good. They give enough support, and in some cases, they even come on Skype meetings to fix our issues. Overall, the support from them is good.

I have not worked on any other products. I have analyzed a few products, but I have not used them.

Deployments are not very difficult. I could not say they are easy, but they are not complicated. I would say they are normal. I cannot say they are very easy for anybody who can come in. However, with the instructions One Identity Manager is providing, you can go through it, and videos are available. The deployments are not very complicated.

I am not really familiar with product pricing, but as I know, for big customers, the pricing is not very high. It is moderately priced.

I have been working with One Identity Manager for around 11 to 12 years now.

Customizations depend on various factors. For example, if you want to add a new target system, this is considered customization. Mostly, it depends on the target system. If the target system is very complex, then it takes more time to customize. Connections to a target system are generally not really complex. If the customer wants to modify the self-service portal, that is complex because you need to have Angular knowledge, plus you need to understand the data structure or data model behind it. You need to understand APIs, then modify your components or create new components. The basic customizations for normal company level work are not complex. However, if you want to change a lot of things, there are customers I have worked on that have many customizations, and those are really complex.

You cannot say One Identity Manager customizations are complex overall. When comparing One Identity Manager customizations with other cloud-based IDM tools, One Identity Manager customization is easy because cloud-based IDM systems cannot do many things. In One Identity Manager, whatever customization you can do in cloud-based systems, it is super easy here. If a customer mostly wants major customizations, then that is complex. However, if you want to keep your product working at your company level, it does not require much customization. It is easy and very easy. As a consultant, I prefer less customization for the customer and only needed customization. I normally do not recommend very heavy customizations unless the customer insists.

Governance happens only at the production level. This means in One Identity Manager, we have attestations, recertifications, and company policies that are applicable only in production. In the dev and test environments, we have all these things, but you do not have the actual data to test it. Normally, governance is only at the production level.

Regarding licensing, I am not really sure about all the details. Normally, there is an app inside One Identity Manager where you can see what modules have been used and how many active identities are being used for licensing. For example, if you have a 15,000 identity company and are using SAP, Azure, or some modules, you will generate this report and send it to the One Identity Manager accounts manager. They will give you the bill for the procurement. I think this licensing part is helpful.

My review rating for One Identity Manager is 8 out of 10.

I am a customer of this solution. I am supporting One Identity Manager, and every issue related to onboarding users is managed through the tool. Every issue that end users have is supported inside the tool, including the JML process and onboarding on systems. Everything is related to identity management.

I integrate One Identity Manager not only with Safeguard but also with other systems such as Active Directory, ID, Exchange Online, mainframe, and some other custom integrations.

The most valuable feature of One Identity Manager is the customization that can be done. Every out-of-the-box process can be changed or I can create any new processes, which is the most useful functionality in my area.

The ability to customize One Identity Manager impacts our operations by allowing us to provide all business needs that our end users would request. However, it might be difficult to maintain customizations when there is a new One Identity Manager release or a new version of the tool, making it challenging to maintain the customization.

I make use of One Identity Manager's business roles to map company structures for dynamic application provisioning. I believe the business roles functionality is important to simplify the onboarding and entire JML process for users, providing simple ways to obtain the needed access and overview of what is required, including roles, business roles, and other dynamic roles.

I think the most difficult tool that I am using in One Identity Manager is the Web Designer, but this has already been replaced with the new web portal, so I believe this has already been addressed. For the end user, the web portal should be more intuitive and easier to use. This is in progress and is getting better, but there are still many things that end users do not understand.

I have been working with One Identity Manager for four years.

I rate One Identity Manager as nine in terms of stability and reliability. We have not had any issue with the tool or downtime of anything related to the product. Any issue that we had was related to human error or other infrastructure factors not related to One Identity Manager itself.

I think One Identity Manager is scalable and rate it as eight. There are some possible issues with identity management, but eight is also very good.

I have contacted the technical support of One Identity Manager a couple of times during the four years. It was through the support portal, where I created a support ticket and they contacted me. The response was not what I expected. It was only when we escalated the issue that I received the hotfix that I needed. They already had this hotfix, and I waited two days just to receive the transport package that I needed, which was already available on their side. I created a support ticket and waited two days to receive the transport package which I needed, and only when we escalated this through our management did they send it to me.

I rate the technical support of One Identity Manager overall as five.

Positive

I did not participate in the initial setup and deployment of One Identity Manager since I was hired after the implementation.

I do not have a One Identity Manager partner.

One Identity Manager does not help me consolidate procurement and licensing, as it is not applicable to my situation.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. Minimizing these gaps affects my operations by providing clearer information for audit purposes and more reporting tools to help audits gain an overview of how the environment works.

One Identity Manager helps streamline some aspects of application governance, including application access decisions, application compliance, and application auditing. This streamlining affects my operations by allowing us to provide every kind of reporting from the tool for everyone, including managers, business users, auditors, and compliance teams, with the attestation being very effective inside the tool.

One Identity Manager has helped enable application owners or line-of-business managers to make application governance decisions without IT involvement, impacting my operations and business by automating all the ownership and lifecycles of systems and entitlements inside the tool through an integrated system where we have all these systems, creating a database.

One Identity Manager has not helped me achieve an identity-centric, zero-trust model, and I do not see any progress in this area as it is not in scope at this time.

One Identity Manager has helped me in the creation of a privileged governance stance to close the security gap between privileged users and standard users, as we have Safeguard for privileged access integration.

I do not use the vendor's Premier Support.

I rate One Identity Manager an overall eight out of ten.

On-premises

I have a role with Manulife for One Identity Manager Safeguard authentication, and I receive incidents or problems from the clients. I try to understand them and troubleshoot when possible, but in most cases, I submit a service call with One Identity Manager.

One Identity Manager SAS Safeguard Authentication has too many updates and change of revisions. Very soon the product that I have installed is not supported, meaning it's still functional and we can work with it, but if I have an incident, it's not responded to. Currently they are at version 6.01 and only the latest versions starting with 5.40 and 6.01, 6.1 are still supported. I have more than about 1,000 servers with One Identity Manager SAS product and if I don't upgrade all of them, then I am not supported. This is one challenge that I have faced with this product, and the last update was in less than six months.

One Identity Manager is very responsive, and that is the first thing I like most. As soon as I submit a case, all the times for the last eight years, I get a first reply that an engineer is investigating the case, and then in maybe one hour or two hours, I receive a reply with some suggestions or even a solution.

One Identity Manager SAS Safeguard Authentication has too many updates and change of revisions. Very soon the product that I have installed is not supported, meaning it's still functional and we can work with it, but if I have an incident, it's not responded to. Currently they are at version 6.01 and only the latest versions starting with 5.40 and 6.01, 6.1 are still supported. I have more than about 1,000 servers with One Identity Manager SAS product and if I don't upgrade all of them, then I am not supported. This is one challenge that I have faced with this product, and the last update was in less than six months.

There is no maintenance from us. One Identity Manager will release new releases and new software versions, and to have support for the expired older versions, even if they are still functional, I have to do the upgrade from the older version to the newest version. Most of the time it was flawless. I only had two or three times when I needed some help from One Identity Manager.

I have been using this solution since 2017, which would be eight to nine years.

One Identity Manager is very responsive. As soon as I submit a case, all the times for the last eight years, I get a first reply that an engineer is investigating the case, and then in maybe one hour or two hours, I receive a reply with some suggestions or even a solution.

Positive

The setup was easy. Not very easy, but it was easy. With all the instructions and support, I would say it was easy. On a scale from one to ten, it was a nine.

We were a team of three. One person could have done it, but so that everybody in the team understands the environment and the solution, we were a team of three.

I did not compare other solutions. There were some alternatives but with limited application, only for Red Hat. Our company is using One Identity Manager for the UNIX systems farm, which includes a lot of UNIX operating systems: AIX, Solaris, HP-UX, Red Hat, and Ubuntu. There are some alternatives but limited for Red Hat, such as Red Hat Identity Management, but this will not work with AIX or Solaris. Our management preferred a unique solution which should cover all the UNIX flavors.

I am a technical person. There is another department inside the company who does the purchases and covers the contracts. I am the hands-on person; I only ask them to renew the license for the product, and then they come back with confirmation, but I don't deal with the pricing.

We are deploying this by ourselves.

I think One Identity Manager is good for all types of corporations, even for large corporations.

We don't have any partnership. We are a financial institution in insurance, and I'm not aware of any partnerships. We are using the product for ourselves only.

One Identity Manager should be hidden because I don't know what kind of side effects it may have.

I would give this product a rating of 9.

I use One Identity Manager for IAM processes, governance, and policies. 

I use One Identity Manager to help manage SAP. The integration requires knowledge about the structure of the data. If you know the structure of the data, manipulating it is straightforward. With PowerShell scripts, you can connect to the SAP table you want and modify data based off of triggers in your database or processes.

The solution provides IGA for the difficult to manage aspects such as SAP T-codes, profiles, and rules. It depends on how complicated the architecture of the SAP is and the rules that govern it, but you can set those rules in your One Identity Manager and trigger those changes based off of those rules. You don't have to do any work in SAP; you can do all the work in One Identity Manager and trigger the change in whatever environment you want.

I use business roles to map company structure for dynamic provisioning. The business role functionality is important because it helps with the segregation of duties, the SODs. I can create business roles, assign privileges, and provision those business roles to identities, which is essential for managing privileged access.

I use the solution to extend governance to cloud apps. The extension is important to my new client because they want to manage everything in One Identity Manager without using different tools for cloud solutions and identities. Since they already manage their identities in One Identity Manager, provisioning cloud services becomes easy, allowing for seamless assignment of cloud functions to business roles.

The solution helps minimize gaps in governance coverage among test, dev, and production servers, but I don't think it's optimal out of the box. You have to manually create those environments on different servers. It would make sense to have a feature for creating a test environment on one server. It can test scripts, but I think it's not robust enough.

The solution does streamline application access decisions, compliance, and auditing. We have attestation policies that apply to every identity, and One Identity Manager gives you the ability to audit your data, delivering compliance and auditing power. The solution has helped achieve an identity-centric zero-trust model.

The best features in One Identity Manager include the new Angular portal, which is the best improvement they made by removing the old portal. This feature gives you access to customize and create endpoints, APIs, and now it makes sense because you can expose and create endpoints from your tables and other target systems can use them and add or remove from your database and trigger processes with APIs. That's a very cool feature because it makes the identity more robust, and you can integrate as many things as you want to integrate to One Identity now. It's a very good addition.

The solution provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts which is quite strong. I recently started a project where we're trying to integrate the management of nonhuman identities, such as Azure Functions and various other devices. I believe One Identity is very effective for managing these types of applications because it treats everything as an identity. You can also apply and request specific business rules for these identities. Overall, I find it to be a very robust solution for managing these kinds of applications.

For basic tasks, it's acceptable, but when there are complexities and building on those complexities, it becomes slow because One Identity Manager doesn't do parallel processing; it processes in series and in batches. That's a drawback because with a heavy database and many processes, it becomes slow, which isn't ideal for user experience.

There are many areas in One Identity Manager that have room for improvement. I don't prefer that One Identity Manager uses series processing where everything is in a queue; it has to process in order, which means there are too many layers involved in processing a single piece of information. If they could simplify that and make processing faster, it would be perfect. The database queue process doesn't make sense, and it's annoying waiting for processes to finish before another starts. Also, when upgrading, they should be more considerate; with the transition from One Identity Manager 7.0 to 8.2, many functions were phased out, requiring extensive upgrading of numerous scripts.

I find it pretty difficult to customize the solution because you really need to be an expert. If you have about one year of experience, you can't do much with One Identity Manager. You need many years of experience to customize solutions effectively.

I've been using One Identity Manager for almost five years now.

I'll give it a ten for stability. It truly is reliable. It's a solution you can depend on because you have your own on-premises solution as well as your own cloud solution. This means there's no interference from One Identity, such as unexpected automatic updates to your system. The way you deploy it is precisely how you have it set up. Therefore, I give it a ten; it’s very stable.

Regarding scalability, I would give it a ten because, with the new features added, you can integrate with many applications, and it's really scalable depending on your needs.

I've used both regular support and partner support, but recently, I haven't had to use it because I have experienced people around me, so I just ask them for guidance. Based on my experience, I would rate support as a two out of ten. I would rate it so low because support often lacks experienced technical personnel, resulting in long wait times and unhelpful solutions. They sometimes ask random questions or read from scripts, which can be frustrating. After a while, I didn't need support anymore because I had knowledgeable people to assist me.

It should be done properly. They need to hire technical experts and pay them accordingly. I believe the issue is related to budget constraints, which is why they avoid hiring experienced professionals. They should focus on bringing in technically skilled individuals who understand the tools and technologies involved. It’s important to have knowledgeable support staff rather than just hiring random people with only six months of experience.

Negative

My different clients have different models. They have the cloud model. They have the on-prem model. It just depends on their needs.

Overall, deployment is easy. Installation is straightforward. Deployment can take an average of a day to set up an instance.

The solution requires maintenance due to frequent bugs with new versions, and it takes time to apply updates. We often comment on bugs in the community platform, but it would help if they addressed them more consistently.

One Identity Manager is not cheap at all, which is a significant drawback for small to mid-sized companies. Only large enterprises can afford the licensing fees, and the pricing needs to drop. They could consider developing a mini version for smaller companies, similar to Microsoft's approach.

I have many partners because I worked with different companies including For Rivers, IT-Consult, and now Staffice. My experience with the partners has been positive. They did really help me out, especially IT-Consult. They helped me with trainings with their own customized training platform where they teach you how to use the tool in three months, where you can create your own processes, work on attestations, onboarding new systems, new target systems, handling sync projects, basically almost everything.

My clients are mainly large enterprise businesses. Most One Identity Manager clients tend to be large enterprises who can afford the costs. 

I can't recommend it to a small company because of its costs, but I can recommend it to big companies. However, the training materials are the worst I've ever seen; they don't provide practical learning, only theory. While it's a good system, it requires a lot of money to hire experts for maintenance. 

I can't rate One Identity Manager compared to other solutions because I'm biased; I still feel it's the best. I would choose it over CyberArk any day due to my experience.

I would rate this solution a seven out of ten.

One Identity Manager serves as our main platform for identity governance and lifecycle management, especially automating user provisioning, role-based access control, and ensuring compliance through access reviews and audit reporting.

We use One Identity Manager to automatically provision access when a new employee joins. Once HR creates a user record, the system assigns roles and app access based on job function, and later runs periodic access reviews where managers approve or revoke permissions to keep compliance tight.

We also use One Identity Manager for access certification campaigns and role mining, which helps us regularly clean up excessive permissions and design more accurate role structures based on actual user behavior.

The best features of One Identity Manager in my experience are automated user provisioning and de-provisioning, role-based access control (RBAC), access certification, attestation campaigns, and strong compliance reporting, all from a single centralized identity governance platform.

The biggest impact from One Identity Manager has been automated user provisioning because it removes the need for manual account creation and access setup, which makes onboarding and offboarding much faster and reduces errors in assigning permissions.

Another valuable feature is the access certification and attestation campaigns, which help us keep permissions clean because managers regularly review and approve or revoke a user's access, and it improves compliance without adding extra manual tracking work for IT.

The biggest positive impact of One Identity Manager has been improved control and visibility over user access across the organization because it automates the entire identity lifecycle from onboarding to role changes and offboarding, while also strengthening compliance through regular access reviews and audit-ready reporting. In day-to-day work, it has reduced manual provisioning effort for IT, minimized access-related errors, and made it much easier to prove compliance during audits since everything is centrally tracked and governed.

Several improvements for One Identity Manager that came up often in real-world use are around usability, performance, and cloud experience. The UI could be more intuitive and modern because new admins usually find the navigation and configuration quite complex, especially during initial setup. Reporting and dashboards could also be more flexible and easier to customize for audits without heavy configuration effort.

Another area is performance and scalability tuning in large environments. While it scales well overall, some teams still face slower response times during large access reviews or heavy provisioning cycles. Stronger out-of-the-box, cloud-native integrations and simpler deployment options would make it easier to manage hybrid and multi-cloud environments without so much manual configuration.

Another improvement area that comes up in real-world usage is around documentation, support, and integrations. The documentation could be clearer and more consistent, especially when working with advanced APIs or complex provisioning scenarios. We sometimes had to rely on trial and error or community input to fully understand certain workflows, which slows down implementation.

On the support side, basic issues are handled well, but more complex identity or workflow problems sometimes require escalation and longer resolution times, especially when custom configurations are involved. Integration works well with major enterprise systems, but cloud-native and modern DevOps-style integrations, such as API-first or CI/CD-driven identity workflows, could be more out-of-the-box instead of requiring additional customization effort. Overall, it is powerful, but improving these areas would make onboarding and long-term administration much smoother.

I have been working in my current field for one year.

One Identity Manager is generally considered stable in enterprise environments, but with a few practical caveats. From real-world user feedback and reviews, most users rate it between 7 and 10 out of 10 for stability, describing it as reliable with minimal downtime. It is widely seen as stable in production once properly configured, especially for Active Directory automation, user provisioning, de-provisioning, and role-based delegation. Many report no major outages or crashes even in large enterprise deployments.

That said, there are some common drawbacks people mention such as occasional slow performance or lag, especially in large environments, and minor bugs that sometimes require service restarts. Some issues are more about configuration complexity than core instability. The UI and workflow can feel dated, which sometimes gives an impression of instability even when backend services are performing well.

Scalability of One Identity Manager is very strong and it supports large enterprise environments with thousands to millions of identities. It is designed for enterprise-scale deployments and works well in complex hybrid setups.

Regarding limitations, it needs proper architecture and tuning. Performance depends on databases and configuration. The scaling is not fully plug-and-play, which requires experienced IAM admins for smooth scaling. The overall view is that scalability is strong, but the best results come with good design and maintenance.

Overall, customer support is good and responsive, especially for complex IAM issues. Standard support can be slow, and resolution time varies for complex tickets. Premium support is faster and more reliable with direct access to technical experts. Our overall view is decent enterprise-level support, but it is not always consistent in speed or depth.

Before adopting One Identity Manager, we were using a mix of manual Active Directory management and basic scripts, along with a lightweight IAM tool that did not fully support governance or advanced access reviews. We switched mainly because manual provisioning was error-prone and time-consuming, there was limited visibility into who had access to what, and audit and compliance reporting required considerable manual effort. Role-based access control and lifecycle automation were not strong enough. Moving to One Identity Manager helped us centralize identity governance, automate provisioning, and significantly improve compliance and access visibility across systems.

I advise others looking into using One Identity Manager to start with a solid design and clean identity data before implementation. Spend time on role modeling, workflow design, and connector setup. Avoid over-customization and follow a phased rollout approach. Do not skip proper planning, as most issues come from poor implementation, not the tool. Invest in skilled IAM engineers, as the tool performs best when well architected.

We are only a customer using the product and have no partnerships or reseller role. Our relationship is pure user engagement without any commercial or partner involvement.

Organizations using One Identity Manager often see strong ROI, but it usually shows up more in time savings and operational efficiency than direct cost-cutting alone. From real-world IAM benchmarks and identity governance studies, a fully automated IAM setup can deliver 300% ROI over three years due to reduced manual provisioning, access management, and support overhead. IAM automation such as provisioning and de-provisioning can save thousands of IT hours annually, especially in onboarding and offboarding in heavy environments.

In our case, we have achieved measurable improvements that include onboarding time reduced significantly because user provisioning is automated through HR-driven workflows from hours to minutes per user. Access request handling workload dropped since approvals and role assignments are automated. Fewer manual IT tickets occur, especially for access creation, changes, and deactivation. Audit preparation time has been reduced because access reviews and reports are generated automatically instead of being compiled manually.

The ROI is mainly seen in less IT manpower spent on repetitive IAM tasks, fast onboarding and offboarding cycles, lower risk, and reduced audit effort, which also saves costs indirectly. Overall, the biggest ROI impact is not just saved money, but that the IT team shifts from manual access handling to more strategic security work.

The pricing, setup cost, and licensing experience for One Identity Manager is typically enterprise-style and quote-based, so it is not very transparent upfront and depends heavily on user count, modules, and deployment complexity. In our experience, the initial setup and licensing cost was on the higher side, mainly because it is a full identity governance platform and requires professional services for proper implementation and integration. The licensing model is flexible but can become complex since different components such as provisioning, governance, and connectors may be licensed separately. Overall, while the cost is significant and not always easy to predict at the start, we found it justified by the long-term savings in automation, reduced manual IAM effort, and improved compliance visibility.

Before selecting One Identity Manager, we evaluated several major identity governance platforms in the market. The main alternatives we looked at included various solutions, and we also briefly reviewed Microsoft-based options such as Entra ID governance since we already use Microsoft tools. We ultimately chose One Identity Manager because it gave us a strong balance of on-premise plus cloud integration, deeper role-based access control, and more flexible customization for complex enterprise workflows, especially for hybrid environments with legacy systems.

One Identity Manager is a powerful IAM solution, especially strong in large enterprise environments. It offers good automation, flexible role-based access control, and strong integration with Active Directory. Regarding challenges, the complex setup requires skilled resources to manage effectively. Overall, my view is that it is a very capable product but best suited for organizations ready to invest in proper implementation and governance. I have rated this review at 8 out of 10.

Hybrid Cloud

Other