One Identity Manager OverviewUNIXBusinessApplication

One Identity Manager is the #2 ranked solution in top User Provisioning Software and #3 ranked solution in top Identity Management (IM) tools. PeerSpot users give One Identity Manager an average rating of 7.8 out of 10. One Identity Manager is most commonly compared to SailPoint IdentityIQ: One Identity Manager vs SailPoint IdentityIQ. One Identity Manager is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
One Identity Manager Buyer's Guide

Download the One Identity Manager Buyer's Guide including reviews and more. Updated: November 2022

What is One Identity Manager?

One Identity Manager is a value-added and trusted active directory management and user provisioning software solution. One Identity Manager administers and protects an organization’s data and users, minimizes threats, and ensures that compliance regulations are consistently satisfied.

Users will have access to the data and applications they need when they need them. One Identity can be used on premises, in the cloud, and also with hybrid options. One Identity Manager is able to easily combine strict governance compliance regulations and rigorous security protocols to keep business enterprises secure and functional today and into the future. One Identity Manager is also a robust, scalable identity governance and administration (IGA) solution. The solution is designed to meet the changing needs of a growing dynamic business enterprise, and not be limited or left vulnerable by IT department constricts.

One Identity consistently provides robust security solutions that facilitate a strong secure enterprise where the users, applications, and critical data are safe and secure. The unified identity security platform provides identity governance and administration (IGA), privileged access management (PAM), active directory management and security (ADMS), and identity and access management (IAM) processes to ensure an aggressive stance on security for today’s dynamic enterprise organizations.

One Identity is used by more than 11,000 organizations worldwide managing over five hundred million plus identities.

One Identity Manager Features

  • Self-service options: Organizations save time and are able to get tasks completed easily. Users can request permissions or access and receive predetermined approval based on role assignments.

  • Password management: Organizations can easily reset user passwords based on established organizational protocols. Password policies can be determined according to user roles and assignments.

  • Governance: One Identity Manager offers complete visibility regarding data access, such as who has access, when the access was given, and the reasons why access was given. The solution delivers clear reporting to comply with any regulatory requirements.

  • SAP certified: Users are able to amplify existing SAP security protocols and seamlessly connect accounts under governance. One Identity Manager is a complete identity access solution.

  • Reporting: One Identity Manager delivers reliable reporting regarding user access and privileged access to an organization's network. The reporting can satisfy all government and regulatory compliance standards.

  • Connectors: One Identity Manager’s significant amount of available connectors enable organizations to easily extend identity governance to the cloud and will ensure cloud application time is minimized significantly.

Reviews from Real Users

The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.” - Marc H., IT Architect at a tech services company

“The most valuable features are that it has a lot of capabilities, can integrate with a lot of systems, including automated onboarding like CyberArk, and allows you to integrate different entities.” - Security Consultant at a financial services firm

One Identity Manager was previously known as Quest One Identity Manager, Dell One Identity Manager.

One Identity Manager Customers

Texas A&M, Sky Media, BHF Bank, Swiss Post, Union Investment, Wayne State University. More at OneIdentity.com/casestudies

One Identity Manager Video

One Identity Manager Pricing Advice

What users are saying about One Identity Manager pricing:
  • "We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company."
  • "The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license."
  • "It's not cheap, but the pricing is okay. Other applications cost about the same."
  • One Identity Manager Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Senior Manager / IAM Evangelist at a tech services company with 501-1,000 employees
    Real User
    Helps streamline application access decisions, and when granted, access is automatically provided to target system
    Pros and Cons
    • "Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments... Doing that in One Identity Manager is a very simple task and it is very well organized."
    • "End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes."

    What is our primary use case?

    The use case is like any other identity management solution: to provision and de-provision software accounts and entitlements for new hires and terminations, and to update name changes, leaves of absence, and those kinds of business cases. The goal of the tool is to automate processes of updating or modifying user access.

    How has it helped my organization?

    One Identity Manager is going to improve your CIS standards, or any other security framework, because it going to help automate account management and entitlement management. It's going to help organizations run a certification campaign and implement role-based access processes.

    It also helps consolidate procurement and licensing. You can configure the tool to track cost-center expenses or licenses of software assigned to users' workstations. Typically, One Identity Manager is not used for that purpose, but it has those capabilities.

    Another benefit is that it helps streamline application access decisions, application compliance, and application auditing. You can implement a request process for onboarding of any application, meaning a user can request access to an application and it will follow a workflow approval process and the request can be approved or denied. Once access is granted, One Identity Manager will provide access automatically to the target system. You can also define certification campaigns to recertify access for users. On top of that, you can configure segregation-of-duty rules.

    In addition, if the application owner has all the information or the criteria to make a decision—i.e. all these users need access to my application, and all these users don't need access—we can integrate that application within One Identity Manager and enable a request engine process for that application. For example, if a new employee needs access to that application, they need to submit a request for access and the approval process will be directed to the application owner. The application owner can approve or deny access for that person. In that way, the entire decision process belongs to the application owner and not the IT department.

    One Identity Manager can also help achieve an identity-centric Zero Trust model. You can configure the tool to identify the different departments, call centers, and locations to give them the minimal permissions necessary to perform a task. Furthermore, if you have critical access or entitlements that need to be recertified, you can run a certification campaign against an Active Directory group or Google group or SIP entitlement to recertify that these entitlements in Active Directory, for example, are assigned to these 20 users. You can then ask someone to certify this critical group and determine if all 20 users are still needed. If the decision-maker denies access to some of those users, the tool can remove the access automatically. It definitely gives you that flexibility.

    What is most valuable?

    It helps in managing SAP. There is a connector that you configure with the tool and it helps to provision accounts and assign roles or permissions in SAP. If there is a disconnected SAP application and you want to bring it on board, One Identity Manager gives you the tools to do so.

    One Identity Manager connects SAP accounts to employee identities under governance. Although each organization is different, what is typical in some organizations is that it is important for them to meet security compliance regulations like CIS controls. They use the solution to meet those requirements.

    In addition, healthcare companies have to be HIPAA compliant. One of the HIPAA rules is related to terminations. They need to make sure that every user or employee who is terminated is denied access within 24 hours. One Identity Manager helps you to implement that kind of case. If we connect One Identity Manager with the human resources system, we can read the employee's end date and automatically disable access for that user in less than 24 hours. In fact, we can disable the employee, once we have connected to Active Directory, in five minutes or less.

    One Identity Manager doesn't have a privileged access management model but we can create one. A robust solution is based on the Windows platform. To address this use case you need a SQL Database and Microsoft Internet Information Services. If your organization is a Windows environment, One Identity Manager is a good option for your company.

    In terms of the user interface, Quest, the vendor, follows up-to-date web standards for development. Currently, they are moving to implement Angular as a framework to implement end-user UIs. As a result, end-users will see a pretty nice website, a web portal where users can approve requests, submit password changes, or submit new requests. Also, if there is a certification campaign running, the web portal is very user-friendly. The manager can log in and see items that need approval or denial. The current version is designed to support mobile, tablets, and web browsers.

    We also make use of One Identity's business roles to map company structures for dynamic application provisioning. That is a very important feature because most companies want to implement role-based access. Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments. For example, if you know all the people in your sales department, you can configure a business role so that anybody who is a new hire in that department will get certain accounts or certain access or certain groups in different applications. Doing that in One Identity Manager is a very simple task and it is very well organized.

    The product can also be extended to support any of the SaaS or PaaS applications on the cloud. Nowadays, identity manager solutions are focused more on managing of identities and entitlement access on-premises. But companies are moving to the cloud and it has become very critical for solutions to start handling user accounts and permissions in the cloud. One Identity Manager is specifically a product that is moving in that direction and providing connectors to the cloud. It's a gap that needs to be closed and not many providers are investing in that. I've been implementing One Identity Manager for 12 years and I still haven't seen any other company doing cloud identity management, 100 percent. Hopefully, next year and in the following years, more companies are going to start adopting that technology.

    And whenever you implement test, dev, and production servers, it will help minimize gaps in governance coverage among them. Using the solution you can connect and configure users in production, but if you configure dev or test instances, you should absolutely be able to handle ID and governance access for those applications.

    What needs improvement?

    End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes.

    There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.

    Buyer's Guide
    One Identity Manager
    November 2022
    Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    656,474 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been implementing the solution for about 12 years.

    I don't use the solution as an end-user, I just implement it as a consultant for multiple companies. When a company wants One Identity Manager, I gather requirements, do the design, implement the solution, and train people on how to use it.

    What do I think about the stability of the solution?

    The product is very stable and performs well for medium-sized organizations with fewer than 200,000 users. For organizations with over half a million identities, there are some performance issues that have been found in previous versions, issues that affect the end-user experience. For example, if you run an attestation cycle or a request for a deployment with half a million identities, the system becomes a little slow in processing end-user requests to refresh a page, because of the amount of data.

    Once you go into production and you have a stable system, you have it for a year or two, as long as there is no major issue that you find in your deployment, something that can be fixed in the next release. Typically, customers have the same version for one or two years before they decide to do an upgrade. Going through an upgrade to the next version means a lot of production testing of your current implementation.

    What do I think about the scalability of the solution?

    The scalability is very good. You can scale the application job servers or web servers. They are very easy to scale. Once you have identified your gap or your need for scaling in your current deployment, it's just a matter of adding a new server, configuring it, and you're done. It's highly scalable.

    How are customer service and support?

    The only advantage of their Premier Support is that you have an agent from the vendor assigned to your account, someone you can contact for any kind of product updates or fixes. That person will also tell you, "Hey, the next release is coming and these are the new features, these are the hotfixes." You get the added value that if you open a support ticket with them, your Premier Support agent will try to get a response a little sooner than usual.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The deployment is in between easy and difficult. On a scale of one to 10, where 10 is "easy," it's an eight. It's not difficult to implement and use the out-of-the-box functionality. I can have a company running in two weeks, including connecting the tool with Active Directory and creating and updating users.

    When a company wants more customization, that is when it starts getting more complicated. But if a company is looking for basic use cases and not too much customization, from the start of gathering requirements, though deployment in production and Active Directory, could take three to four weeks. That is fairly simple.

    You have the option of deploying the solution on-premises or in the cloud or using Quest's cloud. The solution requires application or database servers in a web server. You can deploy it on-premises or, if you have Amazon or Azure components, you can deploy the solution there. And Quest, as a company, offers cloud services, where you pay for a One Identity Manager instance with the number of users you need, and they will do the installation and configuration for you, and they will take care of all the technology. You then just need to implement your use cases. So there are three options: On-premises, where the customer handles all the servers, in the cloud, where the customer handles all the servers, or through Identity Manager on Demand, where Quest manages all the infrastructure and servers and the customer just implements the business cases.

    The number of people involved in an implementation depends. I have led teams of two people and teams of 20 people. I have implemented the solution for companies with 10,000 users and I have done an implementation for a major company with about half a million identities. For that instance, we had 10 dev servers and 20 people involved, including developers, testers, project managers, et cetera.

    At the very least, when the vendor releases hotfixes every three or six months, you will need to do maintenance if there is an issue with your implementation that has been addressed in that release. Typically, customers do upgrades once a year to the next version. But the solution doesn't require a lot of attention.

    What other advice do I have?

    My advice is to review your business cases and try to use most of the out-of-the-box features of the product, instead of asking a consulting company to customize the solution. Adding customizations will add some burden when you need to upgrade to the next version or make changes. They will increase the chances of failure and your progression and smoke testing. Try to reduce the amount of customization with this tool.

    When it comes to customizing One Identity Manager for particular needs, it's like any other tool. When the tool is implemented we try to push customers to use all of the functionality. If there is a need to customize, on a scale of one to ten, where ten is easy, customizing it is a seven.

    And as a tool, on its own, it does not create a privileged governance stance to close the security gap between privileged users and standard users. It needs to be integrated with another product. One Identity Manager does the user provisioning, de-provisioning, and access requests and management. But if you want a full integration with a PAM solution, Quest has a different solution called One Identity Safeguard. Safeguard is the solution for privileged access management and can be connected with One Identity Manager. By connecting the two tools, you can keep track of the submission of requests with One Identity Manager and the fulfillment of the requests in the privileged access management tool, which is Safeguard.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Security project Manager at a tech services company with 1,001-5,000 employees
    Real User
    Top 10
    Stable, has a large number of connectors, doesn't require a lot of maintenance, and provides quick and accurate support for major incidents
    Pros and Cons
    • "In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a stable system which I like."
    • "Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out. The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager."

    What is our primary use case?

    My company has a lot of use cases for One Identity Manager. In my previous company, I've been maintaining the tool, so I used to go to clients who needed improvements and support in terms of provisioning, and I provided those services. Now, in my current company, I'm in the Identity Management team, and my company is using its old Identity system with One Identity Manager, particularly for provisioning, access management, compliance, and certification, apart from identity management.

    What is most valuable?

    In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a really stable system which I like.

    What needs improvement?

    Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out.

    The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager.

    For how long have I used the solution?

    I've been using One Identity Manager for three and a half years.

    What do I think about the stability of the solution?

    Stability is one of the main qualities of One Identity Manager. It could run even if people go on a holiday for weeks, and nobody would be worried about the tool breaking down. One Identity Manager could work for months even if you don't look at it or check it. It's a well-designed tool.

    What do I think about the scalability of the solution?

    One Identity Manager is a scalable tool and its scalability is one of the reasons why my company chose it. The tool is capable of evaluation, and it has a lot of different connectors that come out of the box, so as soon as you know what you're doing, it's easy to extend the parameter and add new target systems to it. With One Identity Manager, you can have systems ready for future use. My company has never reached a point where it says: "Okay. There's nothing more you can do with this tool."

    How are customer service and support?

    I've contacted the support team for One Identity Manager several times. For level one support, particularly when something is broken and I need help, the team's been really quick and accurate. Most of the time, I get the first answer or first contact resolution in less than half an hour as written in the contract, and the support team has really found a quick solution. Every time I face an incident, the team finds a solution to it within an hour. Sometimes it could take a few hours to resolve which is when the One Identity Manager support team provides new patches to implement, for example, the issue started at seven at night and patching would be done at eight in the morning the next day.

    For major incidents, I would rate support a five out of five, but if it's just a little incident that does very little harm and is in development, issue resolution would take longer. The support team for One Identity Manager handles major incidents perfectly, so I have no complaints, but if you just have a little incident that appears on your development system and is not really that important, it could take days and days before a technician is sent onsite. This is why my company prefers to work with a partner that is more open to decision, and though the One Identity support team is really there to save your life, it's not there for every incident or situation that you come across.

    Which solution did I use previously and why did I switch?

    My company decided to use One Identity Manager because of the large variety of connectors available that lets you connect everything you need, even for future use, as well as the reputation of One Identity Manager in terms of stability. Another reason for choosing the tool is the online forum and YouTube channel that allow engineers to learn more about One Identity Manager without the need to ask a partner each time, so you can be independent of the vendor or partner. The support you get is also another reason my company went with the tool.

    How was the initial setup?

    Whether the initial setup for One Identity Manager is easy or difficult is hard to say because of other systems that have less functionality but are easier to deploy, and you won't face the same challenges that you'd face when setting up One Identity Manager. It's recommended for you to have knowledgeable engineers who can support you during the setup, especially if you don't have the knowledge on how to set the tool up. Setting up the tool may not be as easy, but considering all the things One Identity Manager can do for you, it's not such a big deal.

    If you just want to basic features to be up and running with One Identity Manager, deployment could take a few weeks, for example, if you just want to use an authoritative source and have provisioning, active directory, exchange, and other basic features set up in your company. For a company that has really stable jobs to provision, with role mining that isn't difficult, the tool could be ready and working within a few weeks, but for a large company with a really, really large variety of jobs and regulations, deployment of One Identity Manager could take a few months.

    What was our ROI?

    You can get ROI from One Identity Manager. It's worth the money because my company wants to be agile, and if tomorrow, the head of the company says, "Okay, let's open a new area," with One Identity Manager, I can say, "Okay. If you say there'll be three hundred people, tomorrow, I'm able to create accounts with the rules needed for those to work, and it won't be a mess."

    With One Identity Manager, even inexperienced people in the team can easily understand how each role works, and if you have a great conception of each role, you can just hire or transfer within days without being worried about whether or not each person has everything he needs to work.

    What's my experience with pricing, setup cost, and licensing?

    I'm unable to discuss licensing costs for One Identity Manager.

    What other advice do I have?

    I'm using the latest version of One Identity Manager.

    In my company, the tool is still in the deployment stage, but within a few months, all people in the company will be users of One Identity Manager, particularly the portal. There'll be about five thousand users of the tool within my company.

    My advice to anyone using One Identity Manager for the first time is to make an audit on your company with an independent partner to be sure if you need the tool because One Identity Manager won't be worth it for every company. You have to match it to your needs, or else you'll never get your money's worth. For example, in a stable company or one that has similar jobs, the tool won't be used a lot. If you have three to ten job types and all of those would be the same after many years, One Identity Manager won't be the tool you need. You can just go for a cheaper tool that can do the job for you, but if you have a complex company and you have to face a lot of regulations, and if you want to adapt more quickly, One Identity Manager is a good choice.

    I'm rating One Identity Manager nine out of ten because it fits my need, and though it's complex, it's a learnable product. It also helps my company become more agile and also helps it face new challenges. One Identity Manager is the tool I need, and I like it. The tool helps my company and also helped the previous company I worked for, so I have no complaints about it. It's a tool I like working with.

    I didn't give One Identity Manager a perfect score because the connection with ServiceNow isn't there yet, so that's an area for improvement. When you send in an incident or put in a request that's not a standard request on One Identity Manager, you have to make an exception in the way your company should work, and this is another area for improvement in the tool that I also don't like. My company came up with a workaround or a solution to this, but a company such as One Identity should be able to propose a solution out-of-the-box.

    My company is both a customer and a partner of One Identity Manager. I say partner because a representative from One Identity comes to my company every two months and listens to feedback about the pros and cons of the tool. I say customer because my company pays for the One Identity Manager license, and if there's an issue, my company makes a request and lets the support team know what makes us unhappy.

    Disclosure: My company has a business relationship with this vendor other than being a customer: customer/ partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    One Identity Manager
    November 2022
    Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    656,474 professionals have used our research since 2012.
    Srivalli Sristla - PeerSpot reviewer
    IAM Engineering Manager at a construction company with 10,001+ employees
    Real User
    Comes with a lot of out-of-the-box features
    Pros and Cons
    • "We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%."
    • "Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions."

    What is our primary use case?

    We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.

    How has it helped my organization?

    We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.

    One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.

    What is most valuable?

    One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.

    I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.

    As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.

    What needs improvement?

    In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.

    One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.

    If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.

    It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.

    For how long have I used the solution?

    I have used it for five and a half years.

    What do I think about the stability of the solution?

    We haven't had any stability issues.

    What do I think about the scalability of the solution?

    So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.

    We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role. 

    How are customer service and support?

    We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues. 

    Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.

    Which solution did I use previously and why did I switch?

    Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.

    Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.

    How was the initial setup?

    The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.

    The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.

    We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.

    What about the implementation team?

    Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.

    It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.

    We have had pretty good people on our team so far:

    • For deployment, one or two people were needed. 
    • For maintenance, our team is very small. We have two or two and a half people at all times. 

    Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.

    What's my experience with pricing, setup cost, and licensing?

    We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.

    Unless you are buying a new connector, you won't need to shell out more money for the solution.

    Which other solutions did I evaluate?

    My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.

    The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.

    There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.

    What other advice do I have?

    This solution should be considered by companies (based on their needs).

    The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.

    The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.

    We connected SAP through a database.

    We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.

    I would rate this solution as eight out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Vladislav Shapiro - PeerSpot reviewer
    Founder at Costidity.com
    Real User
    Top 10
    Business-oriented and IAM administrator-oriented, easy to configure and scale up, and has a helpful and knowledgeable technical support team
    Pros and Cons
    • "In terms of what I found most valuable in One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented."
    • "A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement. I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager. Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager."

    What is our primary use case?

    We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.

    What is most valuable?

    In terms of what I found most valuable in  One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.

    What needs improvement?

    A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.

    I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.

    Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.

    For how long have I used the solution?

    I've been using One Identity Manager since 2008.

    What do I think about the stability of the solution?

    One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.

    What do I think about the scalability of the solution?

    Scaling up One Identity Manager is extremely easy.

    How are customer service and support?

    I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.

    Which solution did I use previously and why did I switch?

    We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.

    How was the initial setup?

    In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.

    How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.

    What was our ROI?

    I've seen ROI from One Identity Manager.

    What's my experience with pricing, setup cost, and licensing?

    The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.

    Which other solutions did I evaluate?

    We evaluated SailPoint and Saviynt apart from One Identity Manager.

    What other advice do I have?

    I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.

    Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.

    My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.

    I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool,  the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.

    My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: customer/partner
    Flag as inappropriate
    PeerSpot user
    IT Architect at a tech services company with 501-1,000 employees
    Real User
    Top 10
    Significantly reduces time needed to create an account, mailbox, and default permissions for a new employee
    Pros and Cons
    • "Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions."
    • "The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified."

    What is our primary use case?

    We are a company in the health sector, with about 50,000 employees from six different health organizations. We use the solution to help automate all the processes around hiring and firing. We have automated as many processes as possible around user accounts and mailboxes, and file and folder administration. And with the IT Shop, customers can request permissions themselves.

    How has it helped my organization?

    Back in 2014, it took us six workdays to get an employee what they needed to do their work. The creation of the user accounts required two days, and the creation of the user mailbox and the assignment of permissions took another four days. Now, we get data from HR when a new hire begins and we have the user account, mailbox, and default permissions for the organization available approximately two hours later.

    The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.

    It has helped to simplify compliance. We are subject to compliance rules. Using the solution, a manager has the ability to check out which permissions an employee has and to make changes to the permissions.

    We have also integrated One Identity with SAP. Every one of our customers uses SAP and we have the synchronization agent for SAP in different landscapes. The integration process between One Identity and SAP is simple. We don't have to do many steps to integrate SAP landscapes. We just have to start a new synchronization process and that's fine. The SAP integration gives us the ability to make rules for SAP accounts and SAP role assignments. And what is very impressive is the way it handles role assignments. We have more than 2 million role assignments for just one of our customer's employees.

    What is most valuable?

    Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions.

    The solution is also very flexible. We can adjust all the standard processes that One Identity comes with and we can create new processes. We can always change whatever we need to change.

    What needs improvement?

    The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.

    For how long have I used the solution?

    I have been using One Identity Manager since 2013. I was formerly a consultant for Quest, beginning in 1998.

    What do I think about the stability of the solution?

    We don't have any problem with the stability of the solution. We have problems with the stability of our own processes and the systems that are behind One Identity.

    What do I think about the scalability of the solution?

    We have 50,000 employees. That speaks for itself regarding the scalability.

    How are customer service and support?

    One Identity support has been fine. We always have good, professional feedback and solutions, and the communication has always been okay.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    As an organization, we started the deployment with one of our customers in 2010 and completed deployment for all of our customers in 2016. Every system requires different processes and knowledge. We were able to set up some things in a really short time. Others took more time because we needed to learn the system and how it works.

    We are a team of four employees who design and customize the whole system. Our company has 80 support engineers on the help desk, and on our customers' sites there are between four and 10 employees who have read-only access for the One Identity system.

    What about the implementation team?

    We have worked with One Identity and with their partners, including IPG and Devoteam. In 2014, we worked with One Identity in our environment to deploy the IT Shop.

    APG provided training for me and my colleagues. It went very well. We were stronger in our skills after the training and it was done very professionally. They also helped us customize the solution for our particular needs, the first time. Now, we understand things and we can customize the system on our own. Their assistance, along with Devoteam, in customizing things was very helpful. They customized the whole system and we learned from them.

    What was our ROI?

    We have seen ROI due to the better performance we now have in getting employees working. That is very valuable. In addition, we have the self-service via the web interface. That helps with return on investment because every call to our help desk has to be paid for by our customers, but with the web interface they can do things on their own.

    What's my experience with pricing, setup cost, and licensing?

    It's not cheap, but the pricing is okay. Other applications cost about the same.

    What other advice do I have?

    Take your time in deploying the system and know the processes you want to support with it. Knowledge of the processes you want to support is the main thing.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Founder at a marketing services firm with 11-50 employees
    Real User
    Top 10
    Customizable, stable, and has synchronization and process orchestration features
    Pros and Cons
    • "In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager."
    • "The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager. What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself."

    What is our primary use case?

    One Identity Manager is a central identity provider and authorization provider, and I've been using it for multiple customers who use it as a central identity provider.

    What is most valuable?

    In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager.

    What needs improvement?

    The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager.

    What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself.

    For how long have I used the solution?

    I've been working with One Identity Manager and its predecessor Quest since 2014.

    What do I think about the stability of the solution?

    One Identity Manager is a stable solution, although like any vendor bugs occur. It is frustrating there's no bug tracker available of known issues. It would be very helpful to know what bugs are currently acknowledged to prevent continuity issues and wasted troubleshooting time. 

    What do I think about the scalability of the solution?

    In terms of the scalability of One Identity Manager, I mostly had experience with companies that had five to ten thousand identities in place, and now, I've been working with a setup in a larger enterprise environment with tens of thousands of users, and my impression is that everything is going much slower than what I was used to on the smaller scale, but I'm not completely familiar how it was set up. I know too little about the setup to judge the scalability of One Identity Manager.

    How are customer service and support?

    I've contacted the technical support team for One Identity Manager multiple times. Sometimes support is excellent, and sometimes, it's just okay. Support asks for a lot of information that's not always necessary.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    Installing One Identity Manager nowadays is getting more and more straightforward, but in terms of configuration and setup, that's complex.

    The time it takes to deploy the solution would depend on the organization. I've been involved in multiple projects and there were projects where One Identity Manager was deployed faster than others, so deployment time would depend a bit on the complexity of the organization and internal processes, but in theory, you could set it up within a week. Mostly it would take companies months to get the solution up and running.

    What's my experience with pricing, setup cost, and licensing?

    I'm aware there's a license cost for One Identity Manager, but I'm not part of the team who handles licensing, so I'm unable to give pricing information.

    What other advice do I have?

    I'm a freelancer, so I work for multiple customers and I work for three customers that are using One Identity Manager, so I can't give the exact number of users, but big teams use it.

    I'm using One Identity Manager because it's what my customers selected.

    My advice to anyone looking into using One Identity Manager is to start playing around on the virtual setup to get familiar with it, in particular, make a small domain, set some target systems up, and get familiar with the setup.

    I would rate One Identity Manager eight out of ten because it's very stable and very customizable. For the last two years, the solution has improved and cut back on technical depth, and it can stand on its own two feet, but there's still space to improve. Overall, One Identity Manager is one of the best in the market.

    I'm an identity and access management consultant, so I'm not a partner or a reseller of One Identity Manager.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Ahmad Sallam - PeerSpot reviewer
    Senior Specialist at a financial services firm with 1,001-5,000 employees
    Real User
    Top 5
    Scalable solution where the database acts as the central management configuration tool, but it must include SaaS in the future
    Pros and Cons
    • "The solution is a typical, conventional IGA but the tool itself offers many options for customization."
    • "The product must include SaaS in the future."

    What is our primary use case?

    Our company hosts our on-premises application with this solution. It is not a complete SaaS product but rather a hosted environment in their tenancy. 

    How has it helped my organization?

    We have an internal team of four administrators and site developers who manage the solution and provide support to 2,000 employees. Our operational model includes contracting with professional services for new development, managing releases, and deployment. 

    What is most valuable?

    The solution is a typical, conventional IGA but the tool itself offers many options for customization. Some other products are easier to implement but don't have the same customization capabilities. 

    What needs improvement?

    The product must include SaaS in the future. 

    The use of the administrative tools is cumbersome because too many are required for configurations. For example, the solution requires master usage of eight different client tools so it is excessive to manage the product. A small fix or deployment requires opening three or four different client tools that are not intuitive or easy to use.

    The user experience and interface need additional improvements. Version 8.2 included improvements to the GUI and the inclusion of Angular JS which is better. However, the interface for 8.5 is a bit basic. 

    Mastery of VB.NET is required to develop using the solution. Most developers use Java or .Net and VB.NET kills the vibe. We have to use VB.NET internally when working within the solution and that really needs to be modernized. To be honest, no developer is interested in learning VB.NET because it is a substandard language compared to newer options. 

    For how long have I used the solution?

    I have been using the solution for six years. 

    What do I think about the stability of the solution?

    The solution is very stable and we rate it a twelve out of ten. However, reaching that stability is torture. 

    We had issues and bugs because of customization requirements and it took us a year to go live. Too many custom processes cause issues even though the end result is stable. Gathering things to implement and install takes time. In our case, the implementation document for us to go live was 500 pages and that was a bit terrifying. 

    What do I think about the scalability of the solution?

    The solution is scalable and the database is the key element in integrations. Everything connects to the central database which is a benefit because then the database becomes the central configuration management tool. If you upload DLL code to the database, it pushes it to other components. It is a well-designed central configuration approach. 

    This approach can be a bit of a drain on performance because everything is connected to the central database. It is important to keep on top of database health with the solution.

    How are customer service and support?

    Support needs to be better because this is a framework-style product and your own developer needs to be able to work efficiently with theirs. Sometimes a problem is in the development code, not the core product functionality. It takes too much time, as operational support to investigate and find the root cause. The solution offers amazing functionality for the framework, but if you didn't write the code yourself you are in trouble. 

    For example, if a third party writes code and then their involvement ends, an issue in production that needs support won't get it because the third party's code error is an unsupported area. 

    Which solution did I use previously and why did I switch?

    If your company's active management processes are not aligned with ISO or NIST standards, a lot of customization is required and this is the best solution. For ITSM, this is also the solution to use. 

    If your processes are aligned then other solutions are appropriate. For a product like SalesPoint, the solution might be ServiceNow. 

    How was the initial setup?

    The initial setup is very complex and I rate it a four out of ten. 

    Deployment depends on the project scope. If the project is smaller, you can connect with Active Directory and auto RMS on the same day. However, if you want joiners, movers, or leaders to go live, it becomes more complex. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is good and I think more money is made out of selling professional services than the product itself. 

    Developers who have worked with the product won't need the assistance of professional services. It is easy to implement once you are accustomed to the product. 

    Someone new to the product would need 20-30 days of services a year and in that scenario, it is expensive to develop and maintain. 

    What other advice do I have?

    I rate this solution a six out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Matt Thomson - PeerSpot reviewer
    Principal Consultant at UNIFY Solutions
    Consultant
    Top 5Leaderboard
    Great security controls with tighter de-provisioning and excellent self-service capabilities
    Pros and Cons
    • "The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be."
    • "We fell into that trap of over-customization which made upgrading the product difficult."

    What is our primary use case?

    We used One Identity Management for 15,000 employees of a financial services firm. In addition to the IM functionality, we leveraged One ID for Identity Governance - including access certifications.

    We had automated provisioning of users based on HR data. This automatically created 4-5 base accounts and birthright access for users. In addition to that, we leveraged the IT shop to request roles for users which, for the most part, automatically provisioned access to users.

    In addition to this, we used the Attestation features of the product to aid in our User Access Reviews.

    How has it helped my organization?

    There were significant productivity benefits over our previous platform with the increased automation which took the process of onboarding staff down from days to minutes. It allowed user self-service for additional access. The approval process was tracked and auditable.

    It also improved our security controls with tighter de-provisioning, where we would automatically terminate a user's access when they left the company. In addition, regular user access certification campaigns were undertaken to review staff access and to ensure staff only had the access required to perform their role.

    What is most valuable?

    As the team supporting the platform, one of the key features One Identity Manager has that was very valuable was the administration interface which allowed a quick easy overview of staff, their entitlements, and how they had were entitled to access.

    Centralizing identity management allowed for a centralized governance model. 

    The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be. 

    What needs improvement?

    The blessing and curse with One Identity Manager was its flexibility and the ability to solve business problems in a number of ways. We fell into that trap of over-customization which made upgrading the product difficult. An improvement would be to offer guides on how you should set up a base configuration. There should also be integration guides to key systems like Active Directory.

    In addition to that, we had some slowness with the IT shop when we had significant amounts of data, users, etc., in the system and there were some slow database queries that needed to be optimized and patched. This caused some slowness when running Attestation campaigns. 

    For how long have I used the solution?

    I used the solution for over 6 years.

    What do I think about the stability of the solution?

    Overall, the tool was stable. Our issues were mostly around customizations and bad data.

    What do I think about the scalability of the solution?

    The tool is scalable and can include a number of the usual infrastructure scalability options.

    How are customer service and technical support?

    Technical support was good, for the most part, especially when the local support team understood our level of expertise. If we were raising a problem it was a real problem and we were put through to the level 3 support quickly.

    Which solution did I use previously and why did I switch?

    We had a previous Identity Management Solution and we swapped it out as the old solution had little investment in its user interface and we needed a better interface for our users to be able to self-service effectively.

    How was the initial setup?

    It was a complex setup process, however, it was the first time it was done in the country 7 years ago. Getting the product installed was straightforward. It would be important to follow a proper SDLC with requirements being a key initial piece of the puzzle to help you maintain costs.

    What about the implementation team?

    We used a mix of vendor and in-house resources on the project. Like the in-house resources, the vendor at the time had no prior knowledge of the tool so it was a learning journey for both sets of resources.

    What's my experience with pricing, setup cost, and licensing?

    When we started the journey 7+ years ago, there was a limited skill set in the market, and that is still the case today. 

    Like all Identity Management projects, setting firm requirements upfront is important to maintain costs.

    Which other solutions did I evaluate?

    We did evaluate other options, however, I wasn't involved in that process.

    What other advice do I have?

    Look to limit customizations where you can; it can be easier to customize the tool in the short term, however, it can result in significant technical debt and effort in the future.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free One Identity Manager Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Buyer's Guide
    Download our free One Identity Manager Report and get advice and tips from experienced pros sharing their opinions.