What is our primary use case?
We just divested half of the company, including all our old business systems and our former Access Management system. We were in a new situation with the new business systems that were mainly cloud-based, and we were looking for a new Access Management solution that was cloud-based.
We have various use cases. The first use case is that we want to make sure that everybody gets access by privilege and that access is approved. We can then document that they approved. We are an ISO 27001-certified company, so we need to have things like that in place.
The second use case is that we wanted life to be easier for managers. For instance, certain rights, such as access to email, should be allocated automatically to new hires.
The last use case is that we are looking at some automation around the accesses that need security clearance. We want to ensure that nobody gets them by accident.
How has it helped my organization?
Omada provided us with a clear roadmap for getting additional features deployed. As a part of the accelerator pack that we bought, by the end of the basic onboarding, we sat down and made a plan for:
- Where are we now?
- Where do we want to go?
- Which parts of Omada can be invoked as we mature as an organization?
The product has a lot of features, but for some of them, you need to be a mature organization. For example, for risk management, you need to have all your accesses qualified. You need to make a qualification of all your accesses, and when you have that qualification, you can start making your risk profiles on the employees.
Omada helped us to deploy IGA within 12 weeks, by focusing on fundamentals and best practices. They have an accelerator pack that we signed up for. They ran a 12-week project to help us onboard it and start using it. It was a fast track to get Omada onboarded and then get the HRID onboarded. We also onboarded one business system, so we had a starting point for developing the solution.
Our Omada solution is set up to remove an employee's access as soon as that employee leaves our organization. As soon as we get the information from HR that someone has left the company, accesses are closed down immediately.
We have role-based access control. That is why the onboarding of Omada is not done in one week because you have to identify the roles. I know they have something on the roadmap to suggest roles, but so far, building roles has been hard work. It involves interviewing business owners.
It helps us save time when provisioning access for identities. As soon as the access is approved, there is immediate provisioning. The access is also revoked immediately when people leave the company. It is hard to specify the time savings because we already had a top Access Management system before Omada. The previous solution was also set up to provision immediately. However, if we did not have a system like this, it would take at least three or four FTEs.
What is most valuable?
It has a very user-friendly interface compared to what we are used to, and it is highly configurable. In the old solution, when we needed to do something, we had to have a programmer sitting next to us, whereas, in Omada Identity, everything is configurable.
What needs improvement?
Certain things are unclear to us. For example, in situations where you can only request an access if you are a member of a specific department or if you are participating in a certain project, we are unclear about how to resolve such restrictions. We have some restrictions where you need to be a member of a special project in order to get access. We have restrictions on which accesses you can apply for, based on the context that you are a member of.
The comprehensiveness of Omada's out-of-the-box connectors for the applications we use could be better. We are getting a new HR system called Cornerstone for which they do not have an out-of-the-box connector, so we have to take the REST connector and play around with it. We might be the only Omada customer who is using this HR system. I would love to see more connectors.
For how long have I used the solution?
We have been using Omada Identity since September last year. We signed a contract in September, and we have been doing an onboarding project which went into production in January. We are now adding more applications to the solution.
What do I think about the stability of the solution?
We have not experienced any downtime or crashes. It is down only for a few seconds when it is restarting, so we start an upgrade and keep on working until there are ten seconds left to the downtime, and then it is up and running again. It has been very stable.
What do I think about the scalability of the solution?
For the scalability that we need, we are fully satisfied. We have 2,000 licenses, but I know that they have a customer in the US with 30,000 licenses on the same kind of solution, so I expect that they can support our needs for scalability.
How are customer service and support?
I have not interacted with them as a customer, but I have interacted with them as a partner. I used to work on a project for another customer. I know from back then that their tech support is okay.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We were using IdentityIQ. It was part of the divestment. The part that was divested from IT kept all the old business systems including the Access Management system, so we were in a situation where we needed a new Access Management system. We wanted a cloud-based one instead of an on-prem one. IdentityIQ was on-premises, but we wanted a cloud-based solution. Everything that we are buying at the moment is cloud-based.
Omada has not helped us consolidate disparate systems for access management because we are not consolidating. We are simply moving out because the systems that were controlled by the old Access Management system are also being sunset, so we are almost in a greenfield deployment. We are starting with new systems. We are also on a roadmap to replace the whole ERP system within this year, so Omada is not helping us, but we are in the process of replacing a lot of systems. We do not need Omada to do that.
How was the initial setup?
It is deployed in the cloud. I was involved in its initial deployment.
As soon as you sign the contract with Omada, they give you a call and say that everything is open and you start configuring. It took a couple of days before we could start looking at it, but that was only the test version. We had the accelerator pack where we deployed and onboarded connections to Entra ID, to a business application, and to the HR system, importing the HR data and getting the right data from HR. They take 12 weeks to onboard something, but the biggest delay factor is usually the HR system. I am still waiting to see an HR system that delivers correct data in the first go.
What about the implementation team?
We had a project team of four. Omada had a project team of four. Omada was doing the work. We were only participating in workshops where we were being interviewed. We were kindly asked to keep our hands off the systems while they were working, but we are now continuing with a team of four people.
In terms of maintenance, the solution as such does not require any maintenance, but there are always changes. When you get new business applications that need to be managed, you need to make some changes. This year, we not only have a new ERP but also a new HR system, so when the world changes, you also need to change what has to be managed.
What's my experience with pricing, setup cost, and licensing?
It is expensive. Fortunately, I had a very good procurement manager on my side, but they are expensive. The closest competitors are also very expensive.
You get a full-fledged solution that can do everything you dream of, but you pay for everything. They are quite expensive, but the challenge with the pricing when you talk about business solutions is that nobody is paying the full price anyway. I used to work for Salesforce. If you look at Salesforce's list prices, nobody would be able to afford Salesforce. If you look at the list prices, nobody would be able to pay for their licenses. The list prices are very high, but we did not pay the list prices. We went straight to them and told them what we were paying for our old SailPoint licenses, and then they were quite easy to negotiate with. So, the prices are high, but everything is up for negotiation.
Which other solutions did I evaluate?
We looked at three major ones in Gartner's Quadrants: SailPoint, Omada, and Saviynt. Based on the information that we got, our opinion was that Omada was making the best cloud offer. It was a short-length selection. We did not spend several months on it, but we had a look at these three in the top corner of Gartner's Quadrants. We also had some good connections in Omada, so we did not have a very long and tedious vendor selection. We looked at others, but it looked like Omada was the best one.
I have been working a little bit with IdentityNow, which is SailPoint's cloud-based version. It is still very reduced compared to the GIQ because they started all over coding it when they went for the cloud.
I have met customers who have been stuck with the same version of Saviynt despite it being a cloud solution. I have met customers who have been stuck with the same version for three years and cannot upgrade because they do binary modifications of the solution even though it is in the cloud, meaning that they suddenly have customers who cannot upgrade, and we do not want that. We have already upgraded our production three times since we had Omada installed. We could do that with the press of one button. We have not had any regrets about the choice of the solution.
What other advice do I have?
To those evaluating this solution or planning to implement this solution, I would say that it is not a solution that you just buy, install, and then it works like Office 365. You need to make sure you have all your systems mapped out and all the accesses to those systems mapped out. To get the full bonus from the functionality, you need to qualify your data and qualify your accesses. You need to see whether a certain access is giving access to something secret or HR data or whether it is just giving access to something that most of the company already knows. You need to differentiate how dangerous accesses are. You should start mapping that out upfront. You can easily do this exercise while you are doing the vendor selection because it is irrespective of the vendor you choose.
You should be aware that you need to have a project team of four or five people for a period of time. Very often, it takes about a year to onboard all your business systems and to make sure that everything is onboarded correctly. For example, while onboarding HR ID, I have seen companies with 15,000 different AD groups. If you want to search and get access from 15,000 AD groups, you need to organize that data. You can use Omada to do that, but it takes time. Everything takes time, so be prepared. The world is not safe by installing it and running an accelerator pack for 12 weeks. I have been working as a consultant in the IGA area for a number of years. I know a financial institution that has Omada. They have had it for four years, and they hated it because they only did the accelerator pack. Most of the business systems were not onboarded, and they said that it was of no use. We then onboarded 50 different systems and made 200 roles. There were about 100 functional roles. It was role-based access, and now, they love it. It is the same product. If you just install it as if it was Office 365, then you would be very disappointed. This is not just an Omada thing. This is applicable to any Access Management system.
We have not used Omada's certification surveys to recertify roles or to determine if roles are relevant. We have not gotten to that point yet. We have just put it into production, but it is definitely something we want to do. We need to do recertifications. We have the analytics part on the roadmap. It will help us reduce the number of recertifications that we have to look at. You can recertify every access, but usually, you would have thousands of roles and access rights in a company. You want to look at the ones that are giving critical access.
Omada has all the features, but we need to analyze our data to qualify our data. When we have done that, Omada can help us make more intelligent decisions, such as, am I applying for something that is unusual? Am I the only one of the departments applying for this, or am I applying for something that 80% of my department already has? It can then mark the access request with green, red, or orange. We can also use that for recertification. We only want to recertify "dangerous accesses". All the not-so-dangerous accesses are simply recertified once a year, for instance, whereas the red ones should be at least three months.
Omada's identity analytics will reduce the manual overhead. That is the whole point of it, but we need to map our data and qualify it because the analytics can only do so much based on non-qualified data.
Omada's identity analytics has not helped to reduce the cost of our IGA program because we have not gotten to that point yet. However, we expect that we will have a cost reduction because of two reasons. The first reason is that it is an integral part of the product, so we do not have to buy an extra license. The second reason is that we will reduce the workload on managers who have to approve accesses. We expect that workload to be reduced significantly.
Omada has not yet helped to automate reviews of access requests and reroute them to the appropriate people, but we expect them to. We have a framework agreement where we have a number of hours to get help from Omada when we get to that point in our own project. We know they would be helping us out.
I would rate it a ten out of ten. I have to choose a system again tomorrow, I would go for this one.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.