One Identity Manager Reviews

We use One Identity Manager to control what our users access.

Having a single platform helps streamline operations and connect to multiple systems, centralizing information for improved access and efficiency by eliminating the need for redundant software.

The UI is intuitive and user-friendly, so it doesn't require much training.

One Identity Manager has helped streamline our processes. Now we are all synced and data is not lost between teams.

One Identity Manager provides governance helping minimize the gaps within our test, dev, and production servers.

One Identity Manager provides governance helping minimize the gaps between privileged users and standard users.

One Identity Manager helps streamline application auditing.

The self-service functionality of One Identity Manager is arguably the most valuable feature. It allows us to easily initiate access requests for new hires through a user-friendly interface. This information is automatically sent to HR for review. Similarly, for departing employees, the intuitive interface enables us to import their details and trigger the termination process seamlessly.

I would like to have more advanced features and reporting added to One Identity Manager.

I have been using One Identity Manager for four years.

I have not experienced any stability issues with One Identity Manager.

One Identity Manager is scalable.

I would rate One Identity Manager a seven out of ten.

No maintenance is required on our end.

I recommend that organizations considering One Identity Manager ensure it aligns with their use cases and user base before implementation.

We provide IT services for several European clients, so their individual use cases vary. For example, one is a research center in Sweden. 

One Identity Manager helps minimize gaps in governance coverage. The privilege governance feature enables us to close the security gap between privileged users and standard users, positively affecting our overall operations.

One Identity Manager is user-friendly and easy to customize. One Identity's business roles enable me to map company structures for dynamic application provisioning, which is fairly important.

The user interface needs to improve.

I have used One Identity Manager for about five years. 

I rate One Identity technical support six out of 10. 

Neutral

I rate One Identity Manager seven out of 10.

The use case is like any other identity management solution: to provision and de-provision software accounts and entitlements for new hires and terminations, and to update name changes, leaves of absence, and those kinds of business cases. The goal of the tool is to automate processes of updating or modifying user access.

One Identity Manager is going to improve your CIS standards, or any other security framework, because it going to help automate account management and entitlement management. It's going to help organizations run a certification campaign and implement role-based access processes.

It also helps consolidate procurement and licensing. You can configure the tool to track cost-center expenses or licenses of software assigned to users' workstations. Typically, One Identity Manager is not used for that purpose, but it has those capabilities.

Another benefit is that it helps streamline application access decisions, application compliance, and application auditing. You can implement a request process for onboarding of any application, meaning a user can request access to an application and it will follow a workflow approval process and the request can be approved or denied. Once access is granted, One Identity Manager will provide access automatically to the target system. You can also define certification campaigns to recertify access for users. On top of that, you can configure segregation-of-duty rules.

In addition, if the application owner has all the information or the criteria to make a decision—i.e. all these users need access to my application, and all these users don't need access—we can integrate that application within One Identity Manager and enable a request engine process for that application. For example, if a new employee needs access to that application, they need to submit a request for access and the approval process will be directed to the application owner. The application owner can approve or deny access for that person. In that way, the entire decision process belongs to the application owner and not the IT department.

One Identity Manager can also help achieve an identity-centric Zero Trust model. You can configure the tool to identify the different departments, call centers, and locations to give them the minimal permissions necessary to perform a task. Furthermore, if you have critical access or entitlements that need to be recertified, you can run a certification campaign against an Active Directory group or Google group or SIP entitlement to recertify that these entitlements in Active Directory, for example, are assigned to these 20 users. You can then ask someone to certify this critical group and determine if all 20 users are still needed. If the decision-maker denies access to some of those users, the tool can remove the access automatically. It definitely gives you that flexibility.

It helps in managing SAP. There is a connector that you configure with the tool and it helps to provision accounts and assign roles or permissions in SAP. If there is a disconnected SAP application and you want to bring it on board, One Identity Manager gives you the tools to do so.

One Identity Manager connects SAP accounts to employee identities under governance. Although each organization is different, what is typical in some organizations is that it is important for them to meet security compliance regulations like CIS controls. They use the solution to meet those requirements.

In addition, healthcare companies have to be HIPAA compliant. One of the HIPAA rules is related to terminations. They need to make sure that every user or employee who is terminated is denied access within 24 hours. One Identity Manager helps you to implement that kind of case. If we connect One Identity Manager with the human resources system, we can read the employee's end date and automatically disable access for that user in less than 24 hours. In fact, we can disable the employee, once we have connected to Active Directory, in five minutes or less.

One Identity Manager doesn't have a privileged access management model but we can create one. A robust solution is based on the Windows platform. To address this use case you need a SQL Database and Microsoft Internet Information Services. If your organization is a Windows environment, One Identity Manager is a good option for your company.

In terms of the user interface, Quest, the vendor, follows up-to-date web standards for development. Currently, they are moving to implement Angular as a framework to implement end-user UIs. As a result, end-users will see a pretty nice website, a web portal where users can approve requests, submit password changes, or submit new requests. Also, if there is a certification campaign running, the web portal is very user-friendly. The manager can log in and see items that need approval or denial. The current version is designed to support mobile, tablets, and web browsers.

We also make use of One Identity's business roles to map company structures for dynamic application provisioning. That is a very important feature because most companies want to implement role-based access. Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments. For example, if you know all the people in your sales department, you can configure a business role so that anybody who is a new hire in that department will get certain accounts or certain access or certain groups in different applications. Doing that in One Identity Manager is a very simple task and it is very well organized.

The product can also be extended to support any of the SaaS or PaaS applications on the cloud. Nowadays, identity manager solutions are focused more on managing of identities and entitlement access on-premises. But companies are moving to the cloud and it has become very critical for solutions to start handling user accounts and permissions in the cloud. One Identity Manager is specifically a product that is moving in that direction and providing connectors to the cloud. It's a gap that needs to be closed and not many providers are investing in that. I've been implementing One Identity Manager for 12 years and I still haven't seen any other company doing cloud identity management, 100 percent. Hopefully, next year and in the following years, more companies are going to start adopting that technology.

And whenever you implement test, dev, and production servers, it will help minimize gaps in governance coverage among them. Using the solution you can connect and configure users in production, but if you configure dev or test instances, you should absolutely be able to handle ID and governance access for those applications.

End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes.

There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.

I have been implementing the solution for about 12 years.

I don't use the solution as an end-user, I just implement it as a consultant for multiple companies. When a company wants One Identity Manager, I gather requirements, do the design, implement the solution, and train people on how to use it.

The product is very stable and performs well for medium-sized organizations with fewer than 200,000 users. For organizations with over half a million identities, there are some performance issues that have been found in previous versions, issues that affect the end-user experience. For example, if you run an attestation cycle or a request for a deployment with half a million identities, the system becomes a little slow in processing end-user requests to refresh a page, because of the amount of data.

Once you go into production and you have a stable system, you have it for a year or two, as long as there is no major issue that you find in your deployment, something that can be fixed in the next release. Typically, customers have the same version for one or two years before they decide to do an upgrade. Going through an upgrade to the next version means a lot of production testing of your current implementation.

The scalability is very good. You can scale the application job servers or web servers. They are very easy to scale. Once you have identified your gap or your need for scaling in your current deployment, it's just a matter of adding a new server, configuring it, and you're done. It's highly scalable.

The only advantage of their Premier Support is that you have an agent from the vendor assigned to your account, someone you can contact for any kind of product updates or fixes. That person will also tell you, "Hey, the next release is coming and these are the new features, these are the hotfixes." You get the added value that if you open a support ticket with them, your Premier Support agent will try to get a response a little sooner than usual.

Neutral

The deployment is in between easy and difficult. On a scale of one to 10, where 10 is "easy," it's an eight. It's not difficult to implement and use the out-of-the-box functionality. I can have a company running in two weeks, including connecting the tool with Active Directory and creating and updating users.

When a company wants more customization, that is when it starts getting more complicated. But if a company is looking for basic use cases and not too much customization, from the start of gathering requirements, though deployment in production and Active Directory, could take three to four weeks. That is fairly simple.

You have the option of deploying the solution on-premises or in the cloud or using Quest's cloud. The solution requires application or database servers in a web server. You can deploy it on-premises or, if you have Amazon or Azure components, you can deploy the solution there. And Quest, as a company, offers cloud services, where you pay for a One Identity Manager instance with the number of users you need, and they will do the installation and configuration for you, and they will take care of all the technology. You then just need to implement your use cases. So there are three options: On-premises, where the customer handles all the servers, in the cloud, where the customer handles all the servers, or through Identity Manager on Demand, where Quest manages all the infrastructure and servers and the customer just implements the business cases.

The number of people involved in an implementation depends. I have led teams of two people and teams of 20 people. I have implemented the solution for companies with 10,000 users and I have done an implementation for a major company with about half a million identities. For that instance, we had 10 dev servers and 20 people involved, including developers, testers, project managers, et cetera.

At the very least, when the vendor releases hotfixes every three or six months, you will need to do maintenance if there is an issue with your implementation that has been addressed in that release. Typically, customers do upgrades once a year to the next version. But the solution doesn't require a lot of attention.

My advice is to review your business cases and try to use most of the out-of-the-box features of the product, instead of asking a consulting company to customize the solution. Adding customizations will add some burden when you need to upgrade to the next version or make changes. They will increase the chances of failure and your progression and smoke testing. Try to reduce the amount of customization with this tool.

When it comes to customizing One Identity Manager for particular needs, it's like any other tool. When the tool is implemented we try to push customers to use all of the functionality. If there is a need to customize, on a scale of one to ten, where ten is easy, customizing it is a seven.

And as a tool, on its own, it does not create a privileged governance stance to close the security gap between privileged users and standard users. It needs to be integrated with another product. One Identity Manager does the user provisioning, de-provisioning, and access requests and management. But if you want a full integration with a PAM solution, Quest has a different solution called One Identity Safeguard. Safeguard is the solution for privileged access management and can be connected with One Identity Manager. By connecting the two tools, you can keep track of the submission of requests with One Identity Manager and the fulfillment of the requests in the privileged access management tool, which is Safeguard.

We primarily use the solution for background management. It's used for provisioning and license management. 

The solution has helped a lot with compliance. We can review access and have recertification alerts that make governing very easy. 

It's very easy to roll out. They do have various defaults available, so you have a variety of rollout options.

It is very easy to handle complex requirements. It provides a very good user experience.

I like the user interface. I'd rate it three out of five.

The solution provides an attributes-based setup, a dynamic role setup, and many other features for enterprises. It provides a single platform for enterprise-level administration. 

It has an easy user experience. It's great. From an intuitiveness standpoint, I'd rate it three or four out of five. It tries to make it easy for administrators to fulfill requirements, even if it needs to be customized. 

The customization is top-notch. It's the best compared to any other tool we've used. It fulfills a lot of needs. I'd rate the level of customization three out of five. 

While I haven't really used the solution's business roles to map company structure for dynamic application provisioning, leadership has used it for this purpose. My understanding is that it is quite good.

The product does help minimize gaps in governance coverage for test development and production servers.

It's helped us to achieve an identity-centric zero-trust model.  We are able to set up dynamic rules centrally. 

The interface can be a bit complex for an administrator to manage. I've used it for a long time; however, for a bit, I was confused. They need to work to make it easier to understand more quickly.

I've been using the solution for a year and a half. 

The solution has great stability. I'd rate it eight out of ten. 

We had 20 to 30 resources involved in the solution. The scalability is very good. I'd rate the scalability seven out of ten. There are some slight challenges, moreso related to human error; however, beyond that, scalability is great.

Technical support has been responsive enough. We do use premium support. You get a great response time and it helps us manage things very smoothly. It also offers support for many different regions. They've helped a lot with integrations. 

Positive

I have used different solutions in the past, including CyberArk. This solution, however, is great for identity governance. 

There was no problem with the deployment process. It took around a week to implement - maybe less than that with planning in place. It usually takes about two weeks to deploy.

The product is fairly priced. 

I'd rate the solution eight out of ten. 

I'm a customer of the vendor. 

Our primary use case was to onboard certain applications for a customer.

One Identity Manager helps minimize gaps in governance coverage among various servers. If you are trying to do an access review, or want to grant access to someone, these generally require a review process. Those kinds of reviews are done manually if there are no governance tools. This tool makes that process smoother. It sends automatic reminders and will automatically discard a request if someone does not approve it. We can even configure it so that if someone has not approved it five times, it can be auto-approved. It streamlines the whole governance process and reduces a lot of manual activity with automation.

It also helps streamline application governance when it comes to application access decisions, application compliance, and application auditing. Previously, these processes required a lot of manual work, but that work has now been discarded.

Another benefit is that One Identity Manager definitely helps application owners make application governance decisions without IT. It sends regular notifications and anyone can see what is pending on their plate. They can take action on what should be a part of their application and what should not be a part of their application, and make informed decisions.

An outstanding feature of One Identity Manager, compared to SailPoint, is the dashboard where they present everything. With the dashboard, the customer can see how the integrations have happened. It is more presentable than what we have with SailPoint. The user experience is good because everything is exposed on the dashboard. They can tweak it a little bit if they want.

Also, using its business roles to map company structures is fairly easy and good, similar to SailPoint. It is handy. This function is very important because today, most organizations rely on RBAC, role-based access control. If a tool offers identity management capabilities, it must also offer role-based access control. Both One Identity Manager and SailPoint offer good role-based access controls. It's easy to configure and use.

I have used One Identity Manager for S/4HANA from SAP, and that was a very complex integration. S/4HANA has a very complex permission structure, and you cannot find the segregation of duty. That means you cannot do policy violations and policy checks. One Identity Manager does not provide a very flexible way to do segregation of duty based on the permission structure of S/4HANA. Doing so is beautiful in SailPoint, which has a more robust way of doing it.

Also, integration with various applications should be made smoother. It is very difficult right now for regular implementers.

Access reviews are another thing that is not that good in the solution. It needs improvement.

Entitlement management is another area where I have struggled a lot, wherein you try to manage the access of users to various applications. It is not that smooth in the solution.

These last three items need to be improved on a very urgent basis.

I used One Identity Manager for about six months.

On a scale of one to 10, where 10 is the best, if I look at the stability equally across all features, One Identity Manager is an eight and SailPoint is a nine.

The solution is very scalable.

I have not interacted with their support.

Onboarding certain applications for a customer was something that gave us difficulty with SailPoint. And the primary driver for switching was cost. SailPoint was very costly and One Identity Manager was a little bit cheaper.

The user experience is good, but the implementer's experience is not that great. As an administrator, when I'm trying to implement a solution, it is a hectic job.

The time it takes to implement depends on the requirements. If you want, for example, to integrate Active Directory, it will take two to four hours because it is an out-of-the-box application and very common. When it comes to complex applications like SAP, HRM, or ERP solutions, they have complex infrastructures. Integrating such applications takes no less than five to six working days.

The number of people involved is based on how big the project is. If it involves implementing 100 applications, you definitely need a team of 15 to 20 people to complete it within one year. But if you only have to onboard five applications with One Identity Manager from scratch, where you have to install the product, it will take six to seven months. With SailPoint, it takes a little bit less time.

We used the help of One Identity partners because we don't have expertise in One Identity Manager. We are SailPoint experts. They were involved in architecting the whole solution from the beginning as well as in customizing it.

The partners struggled a bit because some of the features are not that flexible in One Identity Manager. The product has all the capabilities required, but it is not that implementer-friendly.

In terms of the training that the partners provided to our customers, I was not present, but the feedback from the customers was that it was okay. They understood things.

Overall, the value provided by One Identity Partners was a seven out of 10.

The price of One Identity Manager is cheaper than SailPoint. When we initially suggested SailPoint to some customers they were surprised at the price, so we then suggested One Identity Manager and they went with that.

In addition to the licensing fees, there are costs for customization if you want to build custom modules.

In addition to SailPoint, I have worked with ForgeRock, Microsoft FIM a long way back, and others.

SailPoint has a lot of advantages as compared to One Identity Manager. First, the installation time is very short, and the process is very smooth. Second, it is an implementer's tool, meaning an implementer enjoys developing applications with SailPoint. SailPoint may not be that user-friendly, but it is very implementer-friendly. Implementation is easier with it. And because it is implementer-friendly, implementers can add value to the product, meaning its capabilities can be enhanced based on customer requirements, which is something that is lacking with One Identity Manager. And compared to SailPoint, One Identity Manager has fewer features.

Most of my customers in the region where I work, The Middle East, prefer on-prem solutions. They don't like the cloud. SailPoint and One Identity Manager both have on-prem solutions, so I am focusing my comparison on them.

I have also worked on cloud-based solutions but they have their challenges.

For enterprise-level administration and governance of users, data, and privileged accounts, One Identity Manager is average. Its privileged account management is lacking in capabilities. You have to integrate it with various other PAM tools and only then can it be used for that.

One problem with almost all identity managers today is that the implementation is based on certain information. After that, if certain big changes happen in the organization, you have to reflect all of those changes in the identity management solutions by doing certain customizations or implementation activities. That takes a good amount of time. That complexity is present in almost all identity managers today. It is not very quick when it comes to making changes.

Regarding Zero Trust, that is a buzzword as well as a big word. One Identity Manager alone cannot achieve an identity-centric Zero Trust model. It has to start at the network level through the identity management level, and we have to integrate it with multiple different solutions. We have not achieved Zero Trust for any organization yet.

One Identity Manager is mostly suitable for identity governance capabilities but is not that suitable for access management or privileged account management. If you are evaluating this product for access management or privileged access management, you should not go with it. If you want a governance product, go ahead and use this one.

We are a company in the health sector, with about 50,000 employees from six different health organizations. We use the solution to help automate all the processes around hiring and firing. We have automated as many processes as possible around user accounts and mailboxes, and file and folder administration. And with the IT Shop, customers can request permissions themselves.

Back in 2014, it took us six workdays to get an employee what they needed to do their work. The creation of the user accounts required two days, and the creation of the user mailbox and the assignment of permissions took another four days. Now, we get data from HR when a new hire begins and we have the user account, mailbox, and default permissions for the organization available approximately two hours later.

The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.

It has helped to simplify compliance. We are subject to compliance rules. Using the solution, a manager has the ability to check out which permissions an employee has and to make changes to the permissions.

We have also integrated One Identity with SAP. Every one of our customers uses SAP and we have the synchronization agent for SAP in different landscapes. The integration process between One Identity and SAP is simple. We don't have to do many steps to integrate SAP landscapes. We just have to start a new synchronization process and that's fine. The SAP integration gives us the ability to make rules for SAP accounts and SAP role assignments. And what is very impressive is the way it handles role assignments. We have more than 2 million role assignments for just one of our customer's employees.

Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions.

The solution is also very flexible. We can adjust all the standard processes that One Identity comes with and we can create new processes. We can always change whatever we need to change.

The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.

I have been using One Identity Manager since 2013. I was formerly a consultant for Quest, beginning in 1998.

We don't have any problem with the stability of the solution. We have problems with the stability of our own processes and the systems that are behind One Identity.

We have 50,000 employees. That speaks for itself regarding the scalability.

One Identity support has been fine. We always have good, professional feedback and solutions, and the communication has always been okay.

Positive

As an organization, we started the deployment with one of our customers in 2010 and completed deployment for all of our customers in 2016. Every system requires different processes and knowledge. We were able to set up some things in a really short time. Others took more time because we needed to learn the system and how it works.

We are a team of four employees who design and customize the whole system. Our company has 80 support engineers on the help desk, and on our customers' sites there are between four and 10 employees who have read-only access for the One Identity system.

We have worked with One Identity and with their partners, including IPG and Devoteam. In 2014, we worked with One Identity in our environment to deploy the IT Shop.

APG provided training for me and my colleagues. It went very well. We were stronger in our skills after the training and it was done very professionally. They also helped us customize the solution for our particular needs, the first time. Now, we understand things and we can customize the system on our own. Their assistance, along with Devoteam, in customizing things was very helpful. They customized the whole system and we learned from them.

We have seen ROI due to the better performance we now have in getting employees working. That is very valuable. In addition, we have the self-service via the web interface. That helps with return on investment because every call to our help desk has to be paid for by our customers, but with the web interface they can do things on their own.

It's not cheap, but the pricing is okay. Other applications cost about the same.

Take your time in deploying the system and know the processes you want to support with it. Knowledge of the processes you want to support is the main thing.

The primary use case for One Identity Manager is for managing identities.

One Identity Manager helps with role-based access and compliance. These are the two main advantages of One Identity Manager. In addition to identity governance, One Identity Manager supports attestation, filtration, and auditing.

One Identity Manager is very customizable. We are able to customize it as per the customer's requirements. However, when you have a lot of customization, it requires a skilled resource with a coding background. I would rate it an eight out of ten from that aspect.

It has enabled application owners or line-of-business managers to make application governance decisions without IT. Each application or role is tagged with an owner, and this owner has the privilege to manage.

We use business roles to map company structures for dynamic application provisioning. This capability is very important for us.

We have integrated the solution with AWS. This integration is very important because the infra of the organization is managed on the cloud.

One Identity Manager is very customizable to meet customer requirements. We can write custom code as per customer requirements.

Role-based access is also very valuable.

The implementation of the tool and management on the infra side is a bit difficult. They can simplify implementation and management, making it easier for more customers. Other market tools have better implementation capabilities.

I have been using One Identity Manager for three and a half years.

The stability of One Identity Manager is very good. I would rate it a ten out of ten for stability.

I would rate it a seven out of ten for scalability.

Our clients are medium-sized businesses, but we have had organizations with 1,00,000 users.

I would rate their support a seven out of ten. There are other vendors in the market that provide better support. We use regular support.

Neutral

I have used other vendors like SailPoint. One Identity Manager stands out in customization compared to SailPoint, but SailPoint is better in terms of implementation.

The initial setup was mostly straightforward. Only in certain areas, it was complex.

The deployment duration depends on the organization and the customization they want. It usually takes three to four months for a standard deployment without any customizations.

It requires maintenance on a regular basis. Mostly, it requires monthly maintenance.

I would recommend this solution depending on the environment and customization requirements of users. I would recommend it only if it meets the requirements of an organization.

I would rate One Identity Manager an eight out of ten.

We utilize One Identity Manager to manage the employee lifecycle, provision user accounts, administer numerous systems, and maintain a web portal.

One Identity Manager's ability to consolidate tools helps simplify the administration process.

I would rate the UI nine out of ten. The performance and appearance have improved since the new portal was implemented.

With my experience and the help of the user community, customizing One Identity Manager is not difficult.

The business roles feature is easy to use.

We see the benefits of One Identity Manager within weeks of deployment.

One Identity Manager helps minimize governance gaps between test, development, and production servers. An administrator's experience typically correlates with increased ease of use.

One Identity Manager simplifies the process of determining application access. Integration is straightforward for standard systems like Active Directory or Exchange, but connecting custom web applications requires developing a connector, which is time-consuming but manageable for experienced programmers.

One Identity Manager is more reliable than other identity managers. The most valuable features are the behavior, configuration, and customization options.

Using dynamic business roles can degrade the performance of One Identity Manager.

I would like to have better documentation for configuring other Microsoft systems.

I have been using One Identity Manager for almost four years.

One Identity Manager is stable. If it crashes, it is due to human error, not the solution itself.

One Identity Manager's scalability depends on the use of other Microsoft systems, such as SQL and Windows servers.

The deployment is straightforward. The deployment takes between one and two hours and requires one engineer. The overall implementation requires a team consisting of an architect, an analyzer, one or two programs, testers, and an engineer.

We are integrators who implement One Identity Manager for our customers.

I would rate One Identity Manager nine out of ten.

In most cases, the customer doesn't need to do any maintenance.