Our company hosts our on-premises application with this solution. It is not a complete SaaS product but rather a hosted environment in their tenancy.
Senior Specialist at a financial services firm with 1,001-5,000 employees
Scalable solution where the database acts as the central management configuration tool, but it must include SaaS in the future
Pros and Cons
- "The solution is a typical, conventional IGA but the tool itself offers many options for customization."
- "The product must include SaaS in the future."
What is our primary use case?
How has it helped my organization?
We have an internal team of four administrators and site developers who manage the solution and provide support to 2,000 employees. Our operational model includes contracting with professional services for new development, managing releases, and deployment.
What is most valuable?
The solution is a typical, conventional IGA but the tool itself offers many options for customization. Some other products are easier to implement but don't have the same customization capabilities.
What needs improvement?
The product must include SaaS in the future.
The use of the administrative tools is cumbersome because too many are required for configurations. For example, the solution requires master usage of eight different client tools so it is excessive to manage the product. A small fix or deployment requires opening three or four different client tools that are not intuitive or easy to use.
The user experience and interface need additional improvements. Version 8.2 included improvements to the GUI and the inclusion of Angular JS which is better. However, the interface for 8.5 is a bit basic.
Mastery of VB.NET is required to develop using the solution. Most developers use Java or .Net and VB.NET kills the vibe. We have to use VB.NET internally when working within the solution and that really needs to be modernized. To be honest, no developer is interested in learning VB.NET because it is a substandard language compared to newer options.
Buyer's Guide
One Identity Manager
June 2025

Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.
For how long have I used the solution?
I have been using the solution for six years.
What do I think about the stability of the solution?
The solution is very stable and we rate it a twelve out of ten. However, reaching that stability is torture.
We had issues and bugs because of customization requirements and it took us a year to go live. Too many custom processes cause issues even though the end result is stable. Gathering things to implement and install takes time. In our case, the implementation document for us to go live was 500 pages and that was a bit terrifying.
What do I think about the scalability of the solution?
The solution is scalable and the database is the key element in integrations. Everything connects to the central database which is a benefit because then the database becomes the central configuration management tool. If you upload DLL code to the database, it pushes it to other components. It is a well-designed central configuration approach.
This approach can be a bit of a drain on performance because everything is connected to the central database. It is important to keep on top of database health with the solution.
How are customer service and support?
Support needs to be better because this is a framework-style product and your own developer needs to be able to work efficiently with theirs. Sometimes a problem is in the development code, not the core product functionality. It takes too much time, as operational support to investigate and find the root cause. The solution offers amazing functionality for the framework, but if you didn't write the code yourself you are in trouble.
For example, if a third party writes code and then their involvement ends, an issue in production that needs support won't get it because the third party's code error is an unsupported area.
Which solution did I use previously and why did I switch?
If your company's active management processes are not aligned with ISO or NIST standards, a lot of customization is required and this is the best solution. For ITSM, this is also the solution to use.
If your processes are aligned then other solutions are appropriate. For a product like SalesPoint, the solution might be ServiceNow.
How was the initial setup?
The initial setup is very complex and I rate it a four out of ten.
Deployment depends on the project scope. If the project is smaller, you can connect with Active Directory and auto RMS on the same day. However, if you want joiners, movers, or leaders to go live, it becomes more complex.
What's my experience with pricing, setup cost, and licensing?
The pricing is good and I think more money is made out of selling professional services than the product itself.
Developers who have worked with the product won't need the assistance of professional services. It is easy to implement once you are accustomed to the product.
Someone new to the product would need 20-30 days of services a year and in that scenario, it is expensive to develop and maintain.
What other advice do I have?
I rate this solution a six out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Founder at a consultancy with 1-10 employees
Business-oriented and IAM administrator-oriented, easy to configure and scale up, and has a helpful and knowledgeable technical support team
Pros and Cons
- "In terms of what I found most valuable in One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented."
- "A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement. I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager. Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager."
What is our primary use case?
We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.
What is most valuable?
In terms of what I found most valuable in One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.
What needs improvement?
A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.
I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.
Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.
For how long have I used the solution?
I've been using One Identity Manager since 2008.
What do I think about the stability of the solution?
One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.
What do I think about the scalability of the solution?
Scaling up One Identity Manager is extremely easy.
How are customer service and support?
I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.
Which solution did I use previously and why did I switch?
We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.
How was the initial setup?
In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.
How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.
What was our ROI?
I've seen ROI from One Identity Manager.
What's my experience with pricing, setup cost, and licensing?
The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.
Which other solutions did I evaluate?
We evaluated SailPoint and Saviynt apart from One Identity Manager.
What other advice do I have?
I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.
Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.
My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.
I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool, the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.
My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. customer/partner
Buyer's Guide
One Identity Manager
June 2025

Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.
IT Architect at a tech services company with 501-1,000 employees
Significantly reduces time needed to create an account, mailbox, and default permissions for a new employee
Pros and Cons
- "Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions."
- "The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified."
What is our primary use case?
We are a company in the health sector, with about 50,000 employees from six different health organizations. We use the solution to help automate all the processes around hiring and firing. We have automated as many processes as possible around user accounts and mailboxes, and file and folder administration. And with the IT Shop, customers can request permissions themselves.
How has it helped my organization?
Back in 2014, it took us six workdays to get an employee what they needed to do their work. The creation of the user accounts required two days, and the creation of the user mailbox and the assignment of permissions took another four days. Now, we get data from HR when a new hire begins and we have the user account, mailbox, and default permissions for the organization available approximately two hours later.
The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.
It has helped to simplify compliance. We are subject to compliance rules. Using the solution, a manager has the ability to check out which permissions an employee has and to make changes to the permissions.
We have also integrated One Identity with SAP. Every one of our customers uses SAP and we have the synchronization agent for SAP in different landscapes. The integration process between One Identity and SAP is simple. We don't have to do many steps to integrate SAP landscapes. We just have to start a new synchronization process and that's fine. The SAP integration gives us the ability to make rules for SAP accounts and SAP role assignments. And what is very impressive is the way it handles role assignments. We have more than 2 million role assignments for just one of our customer's employees.
What is most valuable?
Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions.
The solution is also very flexible. We can adjust all the standard processes that One Identity comes with and we can create new processes. We can always change whatever we need to change.
What needs improvement?
The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.
For how long have I used the solution?
I have been using One Identity Manager since 2013. I was formerly a consultant for Quest, beginning in 1998.
What do I think about the stability of the solution?
We don't have any problem with the stability of the solution. We have problems with the stability of our own processes and the systems that are behind One Identity.
What do I think about the scalability of the solution?
We have 50,000 employees. That speaks for itself regarding the scalability.
How are customer service and support?
One Identity support has been fine. We always have good, professional feedback and solutions, and the communication has always been okay.
How would you rate customer service and support?
Positive
How was the initial setup?
As an organization, we started the deployment with one of our customers in 2010 and completed deployment for all of our customers in 2016. Every system requires different processes and knowledge. We were able to set up some things in a really short time. Others took more time because we needed to learn the system and how it works.
We are a team of four employees who design and customize the whole system. Our company has 80 support engineers on the help desk, and on our customers' sites there are between four and 10 employees who have read-only access for the One Identity system.
What about the implementation team?
We have worked with One Identity and with their partners, including IPG and Devoteam. In 2014, we worked with One Identity in our environment to deploy the IT Shop.
APG provided training for me and my colleagues. It went very well. We were stronger in our skills after the training and it was done very professionally. They also helped us customize the solution for our particular needs, the first time. Now, we understand things and we can customize the system on our own. Their assistance, along with Devoteam, in customizing things was very helpful. They customized the whole system and we learned from them.
What was our ROI?
We have seen ROI due to the better performance we now have in getting employees working. That is very valuable. In addition, we have the self-service via the web interface. That helps with return on investment because every call to our help desk has to be paid for by our customers, but with the web interface they can do things on their own.
What's my experience with pricing, setup cost, and licensing?
It's not cheap, but the pricing is okay. Other applications cost about the same.
What other advice do I have?
Take your time in deploying the system and know the processes you want to support with it. Knowledge of the processes you want to support is the main thing.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
One Identity Developer at Wipro Limited
Stable, efficient and easy to use but can be slow with a large number of users
Pros and Cons
- "It is easy to use and handle."
- "It is particularly slow if you are using it in a large organization."
What is our primary use case?
We use the solution for creating and completing enhancements and other features. Personally, I have experience working as a .NET developer and working with the SQL server database. When I joined Wipro, I worked mainly with One Identity Manager tool as a developer. In addition, I do web design and object browsers, job queues, and use other tools.
What is most valuable?
The best feature is the security of the solution.
What needs improvement?
The solution can be improved from a front-end point of view. It slows the portal down. The tool is too customized in our organization, and we face many challenges with the portal. We were able to make some improvements performance-wise to the portal slowness. It is particularly slow if you are using it in a large organization.
For how long have I used the solution?
We have been using this solution for more than two years. We are currently using version eight, which is deployed in cloud.
What do I think about the stability of the solution?
This solution is stable when we are using all its features. However, when we customize the solution, it becomes difficult to use.
What do I think about the scalability of the solution?
This solution is scalable.
How are customer service and support?
When we cannot resolve issues with the tool, the technical support team assists us by proposing solutions based on the tool requirements. They consistently respond to us and help us resolve any issues we encounter while using the tool. I rate the technical support a ten out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup process was easy. However, it took between 30 to 60 minutes to deploy the solution.
What's my experience with pricing, setup cost, and licensing?
One Identity Manager is very efficient for a limited amount of users. It is easy to use and handle. The license price is based on user capacity. However, I cannot speak about the exact costs.
Which other solutions did I evaluate?
Our company takes on projects for different types of clients, so we chose this solution because our clients had this solution implemented. Therefore, selecting this option made managing things more efficient.
What other advice do I have?
I rate this solution a six out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IIMB expert at a tech services company with 1,001-5,000 employees
Stable, has a large number of connectors, doesn't require a lot of maintenance, and provides quick and accurate support for major incidents
Pros and Cons
- "In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a stable system which I like."
- "Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out. The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager."
What is our primary use case?
My company has a lot of use cases for One Identity Manager. In my previous company, I've been maintaining the tool, so I used to go to clients who needed improvements and support in terms of provisioning, and I provided those services. Now, in my current company, I'm in the Identity Management team, and my company is using its old Identity system with One Identity Manager, particularly for provisioning, access management, compliance, and certification, apart from identity management.
What is most valuable?
In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a really stable system which I like.
What needs improvement?
Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out.
The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager.
For how long have I used the solution?
I've been using One Identity Manager for three and a half years.
What do I think about the stability of the solution?
Stability is one of the main qualities of One Identity Manager. It could run even if people go on a holiday for weeks, and nobody would be worried about the tool breaking down. One Identity Manager could work for months even if you don't look at it or check it. It's a well-designed tool.
What do I think about the scalability of the solution?
One Identity Manager is a scalable tool and its scalability is one of the reasons why my company chose it. The tool is capable of evaluation, and it has a lot of different connectors that come out of the box, so as soon as you know what you're doing, it's easy to extend the parameter and add new target systems to it. With One Identity Manager, you can have systems ready for future use. My company has never reached a point where it says: "Okay. There's nothing more you can do with this tool."
How are customer service and support?
I've contacted the support team for One Identity Manager several times. For level one support, particularly when something is broken and I need help, the team's been really quick and accurate. Most of the time, I get the first answer or first contact resolution in less than half an hour as written in the contract, and the support team has really found a quick solution. Every time I face an incident, the team finds a solution to it within an hour. Sometimes it could take a few hours to resolve which is when the One Identity Manager support team provides new patches to implement, for example, the issue started at seven at night and patching would be done at eight in the morning the next day.
For major incidents, I would rate support a five out of five, but if it's just a little incident that does very little harm and is in development, issue resolution would take longer. The support team for One Identity Manager handles major incidents perfectly, so I have no complaints, but if you just have a little incident that appears on your development system and is not really that important, it could take days and days before a technician is sent onsite. This is why my company prefers to work with a partner that is more open to decision, and though the One Identity support team is really there to save your life, it's not there for every incident or situation that you come across.
Which solution did I use previously and why did I switch?
My company decided to use One Identity Manager because of the large variety of connectors available that lets you connect everything you need, even for future use, as well as the reputation of One Identity Manager in terms of stability. Another reason for choosing the tool is the online forum and YouTube channel that allow engineers to learn more about One Identity Manager without the need to ask a partner each time, so you can be independent of the vendor or partner. The support you get is also another reason my company went with the tool.
How was the initial setup?
Whether the initial setup for One Identity Manager is easy or difficult is hard to say because of other systems that have less functionality but are easier to deploy, and you won't face the same challenges that you'd face when setting up One Identity Manager. It's recommended for you to have knowledgeable engineers who can support you during the setup, especially if you don't have the knowledge on how to set the tool up. Setting up the tool may not be as easy, but considering all the things One Identity Manager can do for you, it's not such a big deal.
If you just want to basic features to be up and running with One Identity Manager, deployment could take a few weeks, for example, if you just want to use an authoritative source and have provisioning, active directory, exchange, and other basic features set up in your company. For a company that has really stable jobs to provision, with role mining that isn't difficult, the tool could be ready and working within a few weeks, but for a large company with a really, really large variety of jobs and regulations, deployment of One Identity Manager could take a few months.
What was our ROI?
You can get ROI from One Identity Manager. It's worth the money because my company wants to be agile, and if tomorrow, the head of the company says, "Okay, let's open a new area," with One Identity Manager, I can say, "Okay. If you say there'll be three hundred people, tomorrow, I'm able to create accounts with the rules needed for those to work, and it won't be a mess."
With One Identity Manager, even inexperienced people in the team can easily understand how each role works, and if you have a great conception of each role, you can just hire or transfer within days without being worried about whether or not each person has everything he needs to work.
What's my experience with pricing, setup cost, and licensing?
I'm unable to discuss licensing costs for One Identity Manager.
What other advice do I have?
I'm using the latest version of One Identity Manager.
In my company, the tool is still in the deployment stage, but within a few months, all people in the company will be users of One Identity Manager, particularly the portal. There'll be about five thousand users of the tool within my company.
My advice to anyone using One Identity Manager for the first time is to make an audit on your company with an independent partner to be sure if you need the tool because One Identity Manager won't be worth it for every company. You have to match it to your needs, or else you'll never get your money's worth. For example, in a stable company or one that has similar jobs, the tool won't be used a lot. If you have three to ten job types and all of those would be the same after many years, One Identity Manager won't be the tool you need. You can just go for a cheaper tool that can do the job for you, but if you have a complex company and you have to face a lot of regulations, and if you want to adapt more quickly, One Identity Manager is a good choice.
I'm rating One Identity Manager nine out of ten because it fits my need, and though it's complex, it's a learnable product. It also helps my company become more agile and also helps it face new challenges. One Identity Manager is the tool I need, and I like it. The tool helps my company and also helped the previous company I worked for, so I have no complaints about it. It's a tool I like working with.
I didn't give One Identity Manager a perfect score because the connection with ServiceNow isn't there yet, so that's an area for improvement. When you send in an incident or put in a request that's not a standard request on One Identity Manager, you have to make an exception in the way your company should work, and this is another area for improvement in the tool that I also don't like. My company came up with a workaround or a solution to this, but a company such as One Identity should be able to propose a solution out-of-the-box.
My company is both a customer and a partner of One Identity Manager. I say partner because a representative from One Identity comes to my company every two months and listens to feedback about the pros and cons of the tool. I say customer because my company pays for the One Identity Manager license, and if there's an issue, my company makes a request and lets the support team know what makes us unhappy.
Disclosure: My company has a business relationship with this vendor other than being a customer. customer/ partner
Principal Consultant at CyberCX
Great security controls with tighter de-provisioning and excellent self-service capabilities
Pros and Cons
- "The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be."
- "We fell into that trap of over-customization which made upgrading the product difficult."
What is our primary use case?
We used One Identity Management for 15,000 employees of a financial services firm. In addition to the IM functionality, we leveraged One ID for Identity Governance - including access certifications.
We had automated provisioning of users based on HR data. This automatically created 4-5 base accounts and birthright access for users. In addition to that, we leveraged the IT shop to request roles for users which, for the most part, automatically provisioned access to users.
In addition to this, we used the Attestation features of the product to aid in our User Access Reviews.
How has it helped my organization?
There were significant productivity benefits over our previous platform with the increased automation which took the process of onboarding staff down from days to minutes. It allowed user self-service for additional access. The approval process was tracked and auditable.
It also improved our security controls with tighter de-provisioning, where we would automatically terminate a user's access when they left the company. In addition, regular user access certification campaigns were undertaken to review staff access and to ensure staff only had the access required to perform their role.
What is most valuable?
As the team supporting the platform, one of the key features One Identity Manager has that was very valuable was the administration interface which allowed a quick easy overview of staff, their entitlements, and how they had were entitled to access.
Centralizing identity management allowed for a centralized governance model.
The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be.
What needs improvement?
The blessing and curse with One Identity Manager was its flexibility and the ability to solve business problems in a number of ways. We fell into that trap of over-customization which made upgrading the product difficult. An improvement would be to offer guides on how you should set up a base configuration. There should also be integration guides to key systems like Active Directory.
In addition to that, we had some slowness with the IT shop when we had significant amounts of data, users, etc., in the system and there were some slow database queries that needed to be optimized and patched. This caused some slowness when running Attestation campaigns.
For how long have I used the solution?
I used the solution for over 6 years.
What do I think about the stability of the solution?
Overall, the tool was stable. Our issues were mostly around customizations and bad data.
What do I think about the scalability of the solution?
The tool is scalable and can include a number of the usual infrastructure scalability options.
How are customer service and technical support?
Technical support was good, for the most part, especially when the local support team understood our level of expertise. If we were raising a problem it was a real problem and we were put through to the level 3 support quickly.
Which solution did I use previously and why did I switch?
We had a previous Identity Management Solution and we swapped it out as the old solution had little investment in its user interface and we needed a better interface for our users to be able to self-service effectively.
How was the initial setup?
It was a complex setup process, however, it was the first time it was done in the country 7 years ago. Getting the product installed was straightforward. It would be important to follow a proper SDLC with requirements being a key initial piece of the puzzle to help you maintain costs.
What about the implementation team?
We used a mix of vendor and in-house resources on the project. Like the in-house resources, the vendor at the time had no prior knowledge of the tool so it was a learning journey for both sets of resources.
What's my experience with pricing, setup cost, and licensing?
When we started the journey 7+ years ago, there was a limited skill set in the market, and that is still the case today.
Like all Identity Management projects, setting firm requirements upfront is important to maintain costs.
Which other solutions did I evaluate?
We did evaluate other options, however, I wasn't involved in that process.
What other advice do I have?
Look to limit customizations where you can; it can be easier to customize the tool in the short term, however, it can result in significant technical debt and effort in the future.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Director, Global Identity and Access Technologies at a financial services firm with 10,001+ employees
Enables us to automate SOX recertification, saving a significant amount of time
Pros and Cons
- "The most valuable features include the automated attestations or recertification... The time that people have to focus on their real jobs and not spend it doing recertifications is huge."
- "[Regarding] their upgrades, we're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing."
What is our primary use case?
One of the key use cases is certifications for SOX applications. Another is centralized onboarding and offboarding. Another use case is the Self Service using the IT Shop, which gives us a repository of entitlements that people can request and then have the approval workflows, and document the approvals for SOX and other regulatory requirements.
The appliances we use for this solution are VMs. We went with that version because we're forced to. We're not allowed to use physical hardware. Our infrastructure group requires us to use VMs.
How has it helped my organization?
The process prior to One Identity was very manual for certification for SOX applications, using Excel spreadsheets etc. We were able to automate that process. Right now we're doing approximately 250,000 automated attestations every quarter. The time it takes to do those is greatly reduced. For example, with our financial system, reviews used to take two-and-a-half months to complete and now we have 90 percent compliance within two days.
When it comes to onboarding and offboarding, prior to our launching of One Identity Manager, users were provisioned disparately across the globe in all of our offices. There was no consistency or structure. We have centralized that and it's based on the HR data for new hires. And more importantly for "leavers" — and that was always an audit point, for not catching the leavers — we have a feed from Oracle as well that promptly disables access on the user's last day of work. That is a key use case.
In terms of integrations, we have a custom connector with our ERP system, JD Edwards. The process to build the connector was lengthy. It took us about six months. It was not easy. But with it in place, we improved the time for doing the recertifications. Once they saw the efficiency of the attestations for that, everyone was wanting to get on board with other apps as well.
What is most valuable?
The most valuable features include the
- automated attestations or recertification
- IT Shop, which reduced calls to the help desk by 60 percent from users not having to contact someone to request access to something. Now, they go to the Self Service portal.
Those two are the biggest wins.
In addition, when it comes to usability and functionality, users are always the most difficult to please. But when we went to version 8, we actually had zero negative feedback. We had people who were praising the UI of the new version. It was very well received. We had no pushback or anything negative that we had to address.
Another huge win is that a lot of our producers and salespeople are constantly on the road, and making them log into a portal for approval was very difficult. Once we implemented the approval feature, those users were extremely happy with it. It saves time and helps the end-users to become productive sooner because they can do the approvals.
What needs improvement?
There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking.
Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.
For how long have I used the solution?
We've been using One Identity Manager since 2013.
What do I think about the stability of the solution?
Once we went to version 8 it became very stable. Version 6 had a lot of issues with performance. But all of those were resolved with the new infrastructure and table structures. We are never down. We are 99.999 up.
What do I think about the scalability of the solution?
One of the reasons we bought One Identity was for scalability because we grow through acquisitions. We have about 40,000 internal users currently, but two years ago we only had 20,000. We knew that we would grow and would have to have something that would grow with us.
How are customer service and technical support?
We have really good support. We tend to deal with one support person in particular, so he knows our environment well. We have a great relationship with their support in general.
Which solution did I use previously and why did I switch?
Avatier was our previous solution. It couldn't scale with us. It was for a company with one domain, but we have about 12 domains and one forest. Even though it sat on a .NET framework, we could not do our own development so we were constantly going back to the vendor for enhancements.
How was the initial setup?
The initial setup was straightforward. It's really easy to install. The out-of-the-box functions really are out-of-the-box. You're not having to do a lot of custom development.
This is our second-generation tool, our first generation being Avatier. With our use cases already defined in that — and that's probably the longest thing that it will take to get done to get across the finish line — we had One Identity up and running within less than three months.
Because we have multiple divisions around the world, we broke up our implementation by region and then by division within those regions. We would launch a division and then leave a week between and then launch the next one so that we always had time in between. That's one of the things that I tell people: Do not do a big-bang launch because it will not be successful. You have to do a rolling launch, in my opinion.
When it came to training, we broke it up into the various populations. We did end-users, we did managers, and we did requesters. We developed that training internally. We did on-demand training modules as well as live training. From an engineering perspective, I did send engineers to One Identity. However, out-of-the-box, it was pretty straightforward. Based on the knowledge transfer from Professional Services, they were able to adequately manage the tool.
What about the implementation team?
For our initial implementation, we used One Identity's Professional Services. Our experience with them was good. They knew the system and they were able to deploy our use cases.
Our migration project with iC Consult happened about two years ago. We were on version 6 and we had just started to undertake a move to version 7 but 8 had come out. We decided to go ahead and jump from 6 to 8. The reason we decided to do so was that that migration took nine months and, while version 7 did not have a UI change, 8 was going to have a UI change and we could not put our users through two upgrades. We had to think about our end-users and jumped straight to 8.
But iC Consult is phenomenal. I recommend them a lot. Many of their consultants and engineers came from the original Volcker Informatiks, which created the tool that we see today. Their employees have fundamental, foundational knowledge of the tool inside and out. They had the scripts, they knew the tables that needed to be restructured, inside and out. It was just an amazing, smooth process. I have colleagues who have fired up to three partners, in trying to get themselves migrated off of 6 to 7, because they were not successful. They are still on 6 and are trying to get funding — because they've thrown away so much money — so they can get iC Consult to come in because iC Consult just knows its stuff around the tool so well.
Our experience with iC Consult was outstanding. They were very involved. During our go-live weekend, Ulli, who is CEO of the Americas now, was pulled onto another project. They felt confident we would get through it without him, but at their own cost they sent another engineer to the US to be here during the migration. They were always very thoughtful around making sure that it would be successful and that we felt confident that the right resources were available.
Because of their knowledge, the iC Consult consultants were able to hit the ground running. So many consulting companies will come in and it takes them a while to get the lay of the land. They've got junior people on the account. We did not have that experience, thank goodness. I had come from a consulting company that was renowned for just not putting the best resources on projects and thus it stumbled and failed. The iC Consult consultants' maturity levels and their knowledge around the tools allowed them to hit the ground running with no issues.
We were completely satisfied. We have used them continuously since then. I have a very lean team — I only have three engineers to handle the global program. So iC Consult will do special projects that we just don't have the time to focus on. They can go off, uninterrupted, and handle those for us.
What was our ROI?
We have seen return on our investment with this solution, especially, as I mentioned, regarding the attestation recertification. The time that people have to focus on their real jobs and not spend it doing recertifications is huge.
Which other solutions did I evaluate?
We had gone into PoC, originally, with Avatier, CA, and Quest. But Volcker had been purchased by Quest soon after. We liked Quest, we liked our salesperson and when the tool began to grow and when we re-org'd and I was allowed to choose a different tool, we decided to do a PoC.
From a cost perspective, One Identity has the biggest bang for the buck. We do not have a large team and I cannot spend a lot on services. I wouldn't even look at the likes of IBM and Oracle because I know how expensive they would be.
What other advice do I have?
It isn't just this product. IAM projects never come in on time or on budget. It's just the nature of the beast. But definitely have your use cases thoroughly defined. If you have those, the configuration will come rather easily.
Even though customization is available, you need to be aware of the dependencies and the other features that may be negatively impacted if you don't do best practices. You want to make sure that you're using best practices and not just configuring something because that's the way it's done in your company. That could negatively impact the other features that do adhere to best practices.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Software tech lead at 1DConsulting
It's a highly stable solution for deep provisioning
Pros and Cons
- "I rate One Identity nine out of 10 for stability. We haven't seen any downtime. It has worked smoothly since it went into production."
- "The performance could be better. I also think One Identity could improve its documentation for developers. Many of One Identity's features aren't fully documented. We don't have enough information on how to use them."
What is our primary use case?
We are tech consultants who deploy One Identity for our clients. Our clients use One Identity for provisioning and deep provisioning users. It is also used for the recertification process and access review. We have integrated One Identity for 15 to 20 clients. Soon, we expect to deploy it for another five to 10.
What needs improvement?
The performance could be better. I also think One Identity could improve its documentation for developers. Many of One Identity's features aren't fully documented. We don't have enough information on how to use them.
For how long have I used the solution?
I have used One Identity Manager for the past six years.
What do I think about the stability of the solution?
I rate One Identity nine out of 10 for stability. We haven't seen any downtime. It has worked smoothly since it went into production.
How was the initial setup?
Deploying One Identity can be straightforward or complex depending on the environment. The time needed to deploy varies with the scope of the project.
We typically have some meetings with the client to understand what they need to integrate with One Identity. We develop custom connectors and move to the production stage if everything is working.
What other advice do I have?
I rate One Identity Manager eight out of 10. My recommendation to new users is to be patient because it's hard to understand without adequate documentation. It gets easier with time and practice.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner

Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Popular Comparisons
Microsoft Entra ID
SailPoint Identity Security Cloud
Omada Identity
Fortinet FortiAuthenticator
ForgeRock
CyberArk Identity
One Identity Active Roles
Microsoft Identity Manager
SAP Identity Management
Oracle Identity Governance
OneLogin by One Identity
EVOLVEUM midPoint
OpenText Identity Manager
Symantec Identity Governance and Administration
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which one is best: Quest One Identity Manager or Forgerock Identity Management
- Looking for an Identity and Access Management product for an energy and utility organization
- Which Identity and Access Management solution do you use?
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- What are some tips for effective identity and access management to prevent insider data breaches?
- Which is the best legacy IDM solution for SAP GRC?
- Sailpoint IdentityIQ vs Oracle identity Governance
- OpenIAM vs Ping identity
- When evaluating Identity and Access Management, what aspect do you think is the most important to look for?
- What access management tools would you recommend to help with GDPR compliance?