One Identity Manager Reviews

The primary use case is the JML role-based access provisioning and access re-certification.

We don't use the solution exactly for SAP, but for provisioning and reconciliation. We manage an integrated environment. We use SAP as one of our information sources. Although SAP is one of our trusted sources, it is not an authorized source.

One Identity Manager connects SAP accounts to employee identities under governance which is important for our organization.

The solution delivers SAP-specialized workflows and business logic. The good part is the customization; whatever way we customize the solution, the product is superb. But at the same time, complexity can be difficult because if we do a lot of customization, it's not easy for the new team to think exactly the same way as someone who has implemented the solution. 

We use the solution's business roles to map company structures for dynamic application provisioning.

We use the solution to extend governance to cloud apps. I don't have real-time experience with One Identity Manager Cloud One. I believe the solution extends governance to cloud apps because some of our cloud-based target systems are currently integrated, including Azure. I don't see any challenges, and One Identity Manager seems to be functioning smoothly.

The solution has improved the way our organization functions. In the latest version, some of the basic challenges and bugs have been improved. One Identity Manager is definitely one of the most robust enterprise identity manager platforms. One of the advantages is the cost-effectiveness of the solution. The solution is also a light-based application, has easy-to-manage infrastructure, and an easy-to-use UI. The reporting features and auditing features are all up to the mark. There are no issues, no security concerns, or risks. The risk handling is up to par, with features like managing privileged systems and accounts. This makes it a safe and reliable choice for businesses.

The solution helps us minimize gaps in governance coverage among testing, development, and production servers. One Identity Manager provides a number of out-of-the-box tools to help migrate the solution from one environment to another. This makes it easy to transport our package from the development environment to the testing environment to the production environment.

It helped us create a privileged governance stance to close the security gap between privileged users and standard users. One Identity Manager is a data-based application that provides a large scope compared to other IGA products such as SailPoint and Saviynt. The solution separates the identifier between the privilege and standard account as well as access certification, auditing, and reporting.

One Identity Manager is compliant with our business requirements regarding procurement and licensing consolidation.

The solution helps streamline application governance and application access decision compliance. One of the benefits of using the solution to certify privileged accounts and users is that it minimizes risk. This is done by applying proper governance, which is something that is needed in any organization.

The solution helps enable application owners or line of business managers to make application governance decisions without IT.

One Identity Manager helped us to achieve an identity-centric zero-trust model through risk minimization and segregation of duties.

We have Premier support services. If there's any product work or product limitation based on the requirements or any new challenges that come up, we can access the Premier support services, but we need to opt in.

Premier support has added value to our overall investment. We have a weekly follow-up call with their support team.

Having Premier support has influenced us to purchase additional licenses and products from the vendor. We also use Password Manager.

The most valuable feature is the JML. Unlike other identity manager tools, the JML is more customizable, making it easier to find.

The solution provides IGA for the difficult-to-manage aspects of SAP such as T-codes profiles.

It provides a single platform for enterprise-level administration and governance of users' data-privileged accounts. We have end-to-end JML features, including role-based access provisioning, access certification, and reporting. One Identity Manager is a very good platform, especially for those who have been working with it for the last two or three years. They are likely to be very happy with it.

Another good feature of One Identity Manager is its multi-language support. I give the solution a seven out of ten for its single platform feature.

One Identity Manager has an intuitive interface that is customizable.

One Identity Manager needs to come up with many more out-of-the-box connectors, similar to Workday and ServiceNow. There's a scope for One Identity Manager to improve itself.

The reporting feature should be improved similarly to other IGA products.

Unlike other solutions, One Identity Manager doesn't have a strong support team.

I consider One Identity Manager as a niche solution because we have a demand for it, but we can't find the proper skill set in the market. That is the highest pain point with this solution. Other vendors, such as SailPoint, Saviynt, and even Oracle and IBM, reach out to people to provide materials and make them aware of their products. This leaves One Identity Manager at a disadvantage.

I have been using the solution for four years.

The solution is stable.

It is scalable.

Technical support needs some improvement.

The initial setup is straightforward. There are more than 20 components. It takes almost eight hours to deploy. 

It is deployed in our customer environments. We monitor around 300 thousand identities.

We require over 50 administrators.

The implementation is done in-house with the help of our team.

One Identity Manager's pricing is one of its strong points. It is very reasonable compared to other IGA solutions. The licensing cost is per user.

I give the solution a six out of ten.

I have worked with similar solutions such as Oracle One, CA, RSA, SailPoint, and IBM. Other identity manager platforms mostly use Java J2EE-based frameworks. The challenging part with One Identity Manager is that it uses the .NET Framework, for example, VBScript. It's a struggle to find the properly skilled resources in the market. VBScript is considered a niche skill right now. 

One Identity Manager seems to be lagging behind its competitors in terms of its out-of-the-box connectors. Almost every other identity manager product has connectors for a variety of applications, such as ServiceNow, Workday, and SAP, but One Identity Manager does not. The auditing and reporting modules of the solution definitely need to be improved. It needs to be more intuitive for business people, especially those who don't deal with IT.

Each solution has its own pros and cons. Oracle has a little heavier deployment compared to One Identity Manager. However, when compared to other vendors' solutions - such as Saviynt or SailPoint that can be deployed within two to three hours, One Identity Manager requires a full day. 

The amount of maintenance required for the solution depends on the type of implementation.

One Identity Manager is good for organizations looking for multilingual support, low-cost, and highly customizable solutions.

The underlying technology of the UI is going to change. One Identity Manager is moving from VBScript and HTML to Angular with the latest version.

I use One Identity Manager to implement an identity governance and administration solution for end users.

One Identity Manager is a highly adaptable platform capable of integrating both connected and disconnected target systems through connectors and APIs. Its extensive customization options allow it to accommodate a wide range of customer use cases. Additionally, the tool can be scaled to support a large user base and effectively handles role provisioning, joiners, movers, and leavers automation. With its rich feature set and out-of-the-box functionality, One Identity Manager is a powerful solution.

Previously, our user interface relied on a legacy web portal built with VB.NET technology, which suffered from slow loading times. However, One Identity has significantly enhanced the user experience by upgrading to Angular technology for the web portal. This transition has resulted in a much more interactive interface and greatly improved response times. The codebase is entirely based on Angular, which we can leverage to create custom components and enhance the web portal with a more interactive user experience.

We leverage business roles to assign default access permissions. New employees automatically receive specific role-based access upon joining the company. This process is facilitated through the implementation of business roles. We can easily accommodate diverse user types using these roles. For example, a new sales employee can be assigned a corresponding business role. We can create hundreds of business roles to match different departments. Additionally, we can schedule when these business roles are executed, allowing for system operation flexibility. However, it's important to note that frequent scheduling can significantly impact overall system performance and efficiency.

We have integrated EntraID with One Identity Manager for application onboarding. Since authentication can be provided through EntraID, extending governance to cloud applications is necessary. Therefore, all cloud-based applications that are not connected to on-premises systems require integration with EntraID. Failure to integrate will result in authentication errors and prevent user logins. Consequently, EntraID is mandatory for all cloud-deployed applications.

When we deploy the portal, most projects involve migrating from other IGA solutions to our new platform. Initially, users may take time to familiarize themselves with the portal's web interface, but its navigation is intuitive. We provide extensive documentation on accessing the portal, its features, and how to submit requests, along with customer support. While there may be a brief learning curve, the user-friendly design should minimize difficulties.

One Identity Manager helps bridge governance gaps between test, development, and production servers. Development is migrated to a test environment for testing before approval and subsequent migration to production. One Identity Manager is installed on all three environments, each with its own database to facilitate this. Changes are developed in the development environment, packaged, and moved to the test environment for testing. Approved changes are then migrated to production. Maintaining identical One Identity Manager versions across all three environments is crucial to ensure successful package migration, as packages from one version are incompatible with others.

One Identity Manager allows us to establish a privileged governance framework to bridge the security gap between privileged and standard users. Our system defines roles with specific permissions, enabling us to display additional information to users with privileged roles while restricting access to this information for standard users. Our defined roles and permissions make this granular control possible.

We have an approval workflow and policy to streamline application access decisions. Obtaining a specific role must undergo an approval process, and only designated individuals can grant permission. This workflow ensures that role assignments are controlled and efficient, preventing unauthorized access.

One Identity Manager offers a wide range of connectors, allowing it to interface with multiple target systems and perform provisioning and de-provisioning tasks within them. This extensive connector library, available out-of-the-box, is one of its most valuable features.

One Identity Manager is a comprehensive but complex solution. Even for developers, gaining a deep understanding and implementing customizations would require significant effort. It is a challenging product to both implement and comprehend.

The reporting and auditing functionalities within One Identity Manager could be enhanced, particularly in the reporting area, which would benefit from a wider range of pre-built reports.

I have been using One Identity Manager for three years.

Technical support is helpful whenever we need troubleshooting services. 

Positive

The complex deployment took approximately seven months and involved a team of business analysts, a technical architect, and developers. 

We implement One Identity Manager for our customers.

I would rate One Identity Manager eight out of ten.

We are a service provider, and we provide the license to our customers.

One Identity is an IGA tool for identity and access governance. One Identity has another product called Safeguard for privileged access management. Our organization is a startup, so we don't have any cloud applications in One Identity Manager. We manage the Active Directory, LDAP, JDBC applications, and CSV files.

Realizing One Identity Manager's benefits takes some time because many organizations don't know the tool. It has to be pushed to the market. For big organizations that require more control over their data, such as pharmaceuticals and defense, it will be very successful compared to market competitors.

I like how One Identity Manager is designed. We can control granular-level permissions. Compared to SailPoint and CyberArk, we can go granular in the access levels. We can control it at the table, column, and database levels. That's the power of One Identity. 

We can import business roles from a .csv or create them in the manager. It is easy to create as many roles as we want, and there is no limit to the resources we can assign to them.

One Identity's UI is fine once you get used to it, but it's a little harder to learn than its competitors. The font size is too small. You need bigger screens to host that application. The website and portal are fine, but the manager, designer, and other standalone applications used for management or configuration are too difficult to use. The UI should be easier to use, and they should reduce the number of standalone applications to three or four. 

Customization is somewhat difficult in One Identity Manager. The problem is they're using VB.NET, which no one uses. There are no resources because One Identity isn't available on YouTube or any coaching institutes. 

I also find it difficult to add resources to the business roles because we have to use many options in One Manager for that. We have to add it to the IT shop so that the users can submit requests through the web portal, and we must generate that IT shop structure to add resources to the business. There is a lot of complexity in that. 

I have used One Identity Manager for 16 months.

It's an efficient tool for the enterprise level. There is no limit to the number of users. We can go from a hundred users to hundreds of thousands. It is based on the implementation level. We can add many servers to support the extension, but there are fewer resources in India because One Identity isn't a popular tool relative to SailPoint. 

I've used SailPoint. Compared to SailPoint, using One Identity is difficult and complex. You have to use many standalone applications to manage the target systems and for configuration and design, like custom implementation. With SailPoint, we don't need to use too many tools. It's all in the same product. 

In One Identity, we need to use Launcher, Designer, and other tools, whereas SailPoint is completely web-based, and the UI changes based on permissions. But One Identity isn't like that. There are standard applications for administrative purposes, but the end users have a web interface where they log in and request access. SailPoint has a single web platform for administrators, developers, and users. 

One Identity Manager is mostly difficult to set up. I cannot say that it is easy to learn. It takes time to habituate to it and memorize where the options are. There are many options in a single tool. At the enterprise level, it takes between six to nine months to deploy, but it depends on the organization's size. Our organization has between 10,000 and 15,000 users, so we could complete the installation in six months.

For maintenance, we have to take care of the database. We must back that up and ensure there are connections between the database, One Identity Manager, and target systems. There is not much maintenance involved in One Identity Manager.

I rate One Identity Manager eight out of 10. 

One Identity Manager can handle all identity use cases.

It's easy to integrate SAP with One Identity. SAP has different modules, and you can manage users through the One Identity interface. Integrating through a stream connector is simple. 

It's role-based access control, and you can manage it. It's perfect for our customer's governance control. One of my customers is using One Identity's PAM solution. It is a separate component and licensing model.

One Identity should open the market with accessible training material and content so that more developers can be available. They have to improve their marketing strategy, partners, and vendors. One Identity should be attracting engineers to learn their product and get certified. They should have strong forums. They could have a certification program where any engineer can get certified. However, their overall approach is complex, which I do not prefer.

The platform isn't very intuitive like the others, but One Identity Manager has migrated their review scripting to the Angular framework, so now it's good, and they're competing with others from the UI perspective.

One Identity Manager is a little complex from a development perspective. If you compare it to SailPoint, it is easy, but One Identity Manager has so many separate components that it is quite complex for development. And sometimes, we have seen some performance issues.

I have used One Identity Manager for more than 10 years. 

I rate One Identity Manager eight out of 10 for stability. 

One Identity is scalable.

One Identity must improve its support because they have a very limited pool of engineers, and they're often occupied. 

I have used SailPoint.

I rate One Identity seven out of 10 for affordability. It's reasonably priced. 

I rate One Identity Manager eight out of 10. It's more suitable for the enterprise level. I wouldn't recommend it for small or medium-sized enterprises. 

We use One Identity to integrate our internal and external applications into SSO.

One Identity's biggest benefit is application integration. The solution allows us to apply the same governance coverage to all environments. It helps consolidate procurement. One Identity streamlines application access decisions. It allows the application team to choose the protocol the application will use. We can automate access control with One Identity, saving us time and money. The automation gives us a few errors, but it's manageable. 

One Identity's interface is pretty good. It's user-friendly, and you can access most applications inside the console. The user experience is solid. You can use One Identity if you are a layman without much technical experience. You might need a little more training with admin access, but it's easy to learn. 

The identity governance components have some room for improvement, particularly the ability to terminate an employee's ID after leaving the company. Customization can be difficult because One Identity uses specified attributes that we must use.

We have used One Identity Manager.

I rate One Identity Manager eight out of 10 for stability.

I rate One Identity support seven out of 10. 

Neutral

Oracle Access Manager is comparable to One Identity. It's a good product.

Deploying One Identity Manager took around half an hour. Three or four people were involved on our side, and the application team required our product manager and change manager. One Identity requires annual maintenance depending on the customer's requirements, and the number of people devoted to maintenance depends on your environment's size. 

I estimate that the return on investment is around 40-50 percent. 

One Identity Manager isn't the best solution on the market, but it's cost-effective.

I rate One Identity Manager seven out of 10. I would recommend One Identity to a small company. It requires minimum support because it's user-friendly, but you may need something more secure for a large-scale deployment. 

We use the solution for the management of identity and access identity, mostly for our employees.

It really helps in application access decisions, application compliance, and application auditing. That is what we mainly use it for: to have governance and compliance.

The solution has helped application owners make application governance decisions without IT. That's how we configured it. That has been a positive effect.

There are a lot of valuable features, including connectors, attestations, and workflow.

For the governance of users, data, and privileged accounts, it's really strong. It's really good, a 10 out of 10.

We also make use of its business roles to map company structures for dynamic application provisioning. That aspect is super important.

It has problems with performance. This is a very serious issue for us. Other than that, it's really capable. The performance is what is missing. It's really poor.

A second problem is the visibility in the search functionality. You don't have flexible search capabilities when you look for either roles or users. You cannot use multiple attributes. The search fields are very limited and that definitely needs improvement.

Also, the interface is really old. From that perspective, it's a six out of 10.

Another issue is that it is really difficult to customize it to our needs. If "10" is super-difficult, I would rate the customization at eight. When it comes to the options, it is super flexible. From that perspective, it is really strong.

I have been using One Identity Manager for almost two years.

It's a stable solution.

So far, it has been scalable when it comes to connecting new systems. When it comes to the performance of the tool, as I mentioned, if you want to have multiple users using it at the same time, it really lacks scalability.

We currently have around 60,000 users of the solution.

I believe we use Premier Support. To be perfectly honest, we were not very happy about Premier Support, and it was escalated.

The answer we usually get is that something will be fixed in the next release, or the release after that. Sometimes they help, but most of the problems are not solved.

Neutral

We had a previous solution, RSA, previously known as Aveksa, but it was not scalable enough for our needs, and it had internal bugs and problems.

We upgraded to One Identity mainly for the connectors. Because of the performance, we're struggling a little bit with One Identity. Other than that, it gives us what we need.

Taking into account our requirements, the deployment had to be complex because we're a complex organization. In general, we have one central solution that is delivered to the entire organization. We operate in a tenant model where particular entities can manage their scopes of applications and roles.

We were super-fast in the deployment. It took us about one and a half years. But we migrated the previous solution into One Identity, so we had already built most of the structures. We also had the connectors and definitions.

We had 10 to 14 people involved.

There is a lot of maintenance, including patching, upgrading versions, implementing improvements, and building new functionalities. It includes the whole life cycle.

I don't have access to how much we pay for licenses. That usually depends on how the company negotiates. But I believe the pricing is fair.

We recently started connecting One Identity Manager to SAP. I'm not an expert on SAP, but it's not the main system that we're interested in. One Identity Manager connects SAP accounts to employees' identities under governance, but it's just in one of the countries where we operate, and it's not even the biggest one that is using SAP. It's critical for them, but our entire company is not based on SAP.

If you configure One Identity Manager and use it properly, it helps minimize holes in data coverage for test, dev, and production servers. But it usually depends on the coverage.

In terms of Zero Trust, that requires a lot of more things, not only One Identity Manager, and we don't use other products from them.

The performance problems are a pain point, but if I compare it to not having the solution in place, it really has a positive impact. One Identity Manager really can help you, but compared to our previous process, because of the performance issues, it is actually a little down from what we had before.

Overall, I would definitely recommend One Identity Manager because we were struggling previously with our other solution, which was a little bit worse.

We utilize One Identity Manager to oversee all the identities within the company, and we are constructing workflows to enable self-service keys for compliance and access matters.

One Identity Manager is the optimal solution for creating a unified platform for enterprise-level user administration and governance.

One Identity Manager provides a unified platform for managing both data and privileged accounts. We receive alerts for privileged access and, based on specific criteria, we can determine whether the request is for an end-user account or a privileged account, and apply the appropriate permissions seamlessly.

The user experience and interactivity of One Identity Manager are straightforward for non-IT individuals to utilize.

Customizing One Identity Manager is easy to do.

The business roles of the solution that maps company structures for dynamic application provisioning are important because they help our organization fulfill the needs of any employee automatically, based on the structure. This provides users with immediate access, eliminating the need for human intervention.

The ability of One Identity Manager to extend governance to cloud applications is of great importance because cloud applications have become a new tool in our society. Whether we use private or public clouds, every company will eventually have to transition to the cloud. Therefore, it is crucial to be able to manage all our access within a single platform, which is the best approach. Hence, we obviously require a platform that can connect to the cloud and also handle compromised applications, making it transparent for business use.

One Identity Manager's ability to automate tasks that previously required human intervention has benefited our organization by freeing up the time of our IT department to concentrate on other tasks.

The solution helps us minimize gaps in governance coverage among test, development, and production servers because we can provide access through any environment within the system, freeing up time for our business.

The solution has helped us create a privileged governance stance to close the security gap between privileged users and standard users. We can now view all the accesses from a single interface, which enables us to be proactive in our compliance efforts. Without One Identity Manager, we would have to depend on multiple tools and reports, which can sometimes be delayed. By utilizing One Identity Manager, we can establish preventive rules to avoid any SOC problems or on-the-fly access. While certain access can be granted without risk, it is crucial to have a clear overview, of which One Identity Manager provides.

One Identity Manager helps streamline application access decisions for both permissions and licenses. Using a web designer, we have designed routines that allow us to create disclaimers or automated questions. Based on the user's responses, we can propose either a free license or a pro license, depending on the specific case. Additionally, we have implemented routines to uninstall and deactivate licenses when they are not in use. However, this is always a challenging task because we want to ensure that users do not waste time if they need the software again. The fact that we can easily request any application through an automated process is advantageous. Furthermore, canceling a license does not significantly impact the business since it can be reinstated within minutes if needed again after a few months of not being used.

Streamlining application compliance and application auditing is essential. The single pane of glass visibility helps us maintain compliance, and for application auditing, we can utilize all the reports provided by the IT team. Additionally, we can conduct our own audit reviews and collect evidence to ensure that the process is followed without relying solely on the IT team. This approach aligns with our automation mindset, which we aim to introduce.

One Identity Manager facilitates application owners or line of business managers in making application governance decisions without involving IT. We can provide them with a view where they can see the individuals who have worked on it, the process of their request, and the validating authority, all without needing to inquire from the site.

One Identity Manager has assisted us in achieving an identity-centric zero-trust model through the implementation of various processes.

One Identity Manager is flexible and offers numerous connectors that enable us to serve as the core component of the system, as well as to construct our own connectors using the API.

One Identity Manager can be made more user-friendly for end users. Out of the box, it can be difficult to navigate through the drop-down menu, especially when it comes to accessing the subcategories.

I have been using One Identity Manager for four years: two years as an integrator and two years as a user.

One Identity Manager is stable.

I give the scalability of One Identity Manager a ten out of ten. We are able to scale no matter what. It's completely compatible with the S5 and can achieve load balancing on web servers. It can be integrated into a single database or a cluster for scalability. I can confidently say that if my company were to triple in size tomorrow, it could handle that. I don't have to install what I don't see. I just need to make some improvements to the database and convert it into a web server that will be accessible to users.

If we experience a major incident in production, we can expect to receive a response within one hour. We find solace in knowing that any significant problems will be promptly addressed.

Positive

We had previously worked with Evidian Identity Governance and Administration, among others, but none of them provided all the features in a single solution, unlike One Identity Manager.

The initial setup is complex. Every identity solution is complex because the most important thing is not really linked to the project. It's linked to the analysis we have made before, and then our solution is not linked to the project. Every time, I think that whenever we have to put the analysis management solution in place, it will be complex because we have to take care of the processes that are already in place and also what is happening in the same tool. We have to consider all the existing processes and challenge them to make them better. Many times, some processes are difficult because we couldn't execute them perfectly with the previous solution. So we have to be able to identify if the process is in place like this because of the previous solution that doesn't handle every aspect easily, or if it needs to be redone. The deployment took one year to complete.

We had two individuals from the integrator and two internal employees dedicated full-time to the deployment.

The implementation was completed by our integration partner who provided us with an excellent expert from their team, even though the solution required additional personnel capable of integrating everything within one year. Overall, the experience was positive.

I give One Identity Manager a nine out of ten. This is a solution I want to work with because it brings satisfaction to our users.

We have a complex environment with over 50 locations, various departments, and multiple companies, each with hundreds of distinct functions.

We have two individuals responsible for maintenance, updates, and access to integrators who can provide assistance if necessary. We have around 5,000 end users.

I recommend that organizations wishing to utilize One Identity Manager should first provide internal training for their employees. This approach will enable them to develop their own understanding of the company and reduce dependence on external integrators.

We are utilizing One Identity Manager as a provisioning engine. The main use case for us is to manage the identity life cycle of enterprise users in our context.

In my current role where I am managing this overall program, not only from the administration aspect but as the one whom all other departments reach out to with their request, one clear benefit is delegation. One aspect that I like about this solution is delegation. We have delegated administration in a way that we have access to new campaigns configured. This solution has a prebuilt option where we can configure campaign managers, and those campaign managers have a very nice prebuilt dashboard where they can monitor the campaign itself. That is very helpful. We can give these department's folks access.

Our identity landscape is very customized and unique. We are not only providing access for different users; we also have a huge set of non-human identities. We have a huge set of provisioned and service accounts. In our previous legacy solution, the issue that we were facing was that the solution was not very robust. We could not come up with some self-governed scenarios, such as moving the ownership of non-human identities, moving the ownership of service accounts based on the change in the managerial hierarchy, or based on users' movements within the organization. With One Identity, there are very good features that come prebuilt. For example, the department hierarchy within the One Identity solution helped us to build some automated logic, which was missing in the legacy solution. Other than the self-service features, there is also the ability to use ready-made capabilities and scale up on top of it. That was another reason to go for this solution at that time.

We make use of the solution’s business roles to map company structures for dynamic application provisioning. We use it quite heavily. In our context, we have two types of roles. We are using more of the requestable roles, not dynamic roles, and we also have dynamic role-based access control configured as per our organization hierarchy. We have defined entitlements and accesses that each department leverages. Accordingly, we have defined roles in our system.

The capabilities of this solution, in terms of out-of-the-box features and the ability for us to do customization on top of it, have helped us to come up with some automated processes, which were earlier taken care of manually by our staff. Whenever human intervention is involved, it is prone to error. It has helped us to bridge those gaps, which ultimately enhanced our governance score.

It has overall helped us to create a privileged governance stance to close the security gap between privileged users and standard users. With the processes that we had earlier, there were gaps in terms of changing the ownerships of privileged accounts and managing them in a way to have notifications in place. The majority of the stuff is provided out of the box to manage privileged accesses. Also, if you are a One Identity shop and have the Privileged Access Management product from One Identity, you are covered 100% out of the box. You do not have to do any customizations. If you are using any other tools for privileged access management, the product has very good features, which you can scale up and customize in your own context.

It has helped enable application owners or line-of-business managers to make application governance decisions without IT, but we are not using it that extensively for that. In terms of the product having features to do it, it has the features because we are using business roles where we have defined owners of business roles. Product-wise, there is out-of-the-box functionality for business owners to manage the membership. In this way, those lines of business owners are empowered to either revoke access or conduct a review on it. Earlier, with the legacy product, they were not able to do that because there was no such functionality.

In terms of user experience, once you get an understanding of the overall working of the product, it is not that difficult. There are so many underlying components within the product, and they are interlinked and working together. The initial impression is that it is just way too complicated for any developer to customize, but once you get familiar with how it is processing the information and how each box is working in silos, and what is the linkage in between, it makes sense. On a scale of ten, I would give it a seven. Three points to spare are for One Identity to enhance its documentation and maybe come up with more. They have a very good YouTube channel where they post content about One Identity. That is very helpful. However, in terms of explaining to new developers, there is room for improvement.

It has a lot of depth. It has advanced features. As a customer or as someone who is managing the solution, I like its self-service capabilities where it has lots of powers, and the users can select any reference users. The majority of the time, we face an issue where new joiners are not aware of what they need to have in order for them to do their job. One Identity has the answer where they can know this by selecting any reference users, which are basically their colleagues. This way, they can quickly know what sort of access they have in the system, and they can raise the same. The system will automatically identify it for them. It saves a lot of time and is also a very useful feature.

Another valuable aspect is the depth of the product. It allows the support team to reroute certain requests to different people, and within their request flow itself, you can ask questions. All these features are very helpful in our context.

There is room for improvement in terms of the ease of adding custom forms to onboard contingent workers. IT Shop is a great tool, specifically in terms of the self-service mechanism where it allows users to request different accesses. However, there are no prebuilt or easily customizable forms that developers can use to create onboarding forms for contingent workers. In most organizations, contingent workers do not have any authoritative source as HR. The majority of the time, the only authoritative source is the Identity Manager or the Identity Management department itself. I would love to see any enhancement in this regard. For user experience and intuitiveness, on a scale of ten, I would rate it an eight out of ten.

There is no out-of-the-box or very easy way to configure processes to manage non-human accounts. The functionalities that we have built are totally customized on top of what One Identity provided out of the box. It would have been nice to see some out-of-the-box or plug-and-play features available for it. However, the functionality was there, and we were able to scale up in terms of customization. Whatever we did was totally customized.

There should be some ready-to-use templates or utilities as the other Identity product providers have. There should be some sort of features that you can enable or there should be utilities that you can even purchase at extra cost. For example, it would be nice to see the utilities to manage privileged accounts or forms, onboarding forms, or other small things that different clients can leverage, even if it comes at a fraction of the cost.

The overall documentation needs improvement. This product has a lot of features, but people are not aware of it. The depth itself is still unknown.

Skilled resources are very difficult to find for One Identity, which leads us to the conclusion that there is very little certification or free information that users can just opt for and learn. In addition to the documentation, they should also provide more resources. Free training for partners would be nice because being a manager, it is very hard for me to locate skilled resources for this tool.

I have been using this solution for a total of five years. I have worked with it for three years in a technical role and for two years in a managerial role where I am managing people who are directly and technically managing the solution.

It is very stable. We do not need to do anything even with patching. I would rate it a nine out of ten for stability.

I would rate it a seven out of ten for scalability because I feel that the architecture of the product is such that you cannot have very effective active-to-active integration between the job servers.

For critical issues, it is good because you can call them, but for the regular issues, I feel that there is a lack of skilled resources on their side.

Neutral

We had another solution from a different vendor, and we replaced that solution with One Identity. We switched because of the self-service capabilities and advanced governance features, which were missing in the earlier solution.

Onboarding from authoritative sources and onboarding directly to One Identity Manager for contingent workers was never an issue for us, even with the legacy solution that we had earlier. The main use case for which we mainly deployed One Identity Manager and replaced the legacy solution was the self-service capabilities. There were limited self-service capabilities in the legacy solution. So, we brought this solution, which complemented the automated provisioning of users in a way that not only the solution is capable of automatically provisioning accesses based upon the policies and templates that we define in our system, but it also has very good features where it allows the end users to do many tasks by themselves. There is a self-service portal, which is called IT Shop in One Identity's terminology.

In terms of consolidation of procurement and licensing, we have not used any other solutions in such depth or so extensively. We still have one use case, which we had with the previous product as well, where we have all Oracle E-Business Suite accesses published on our self-service. The same flows are valid with One Identity as well. However, they are managing the POs and other things. That is still with the ERP itself. We have not gone to the extent of taking responsibility for the functionality of each responsibility within our identity management.

It is deployed on-prem. Our project was not just a deployment. It was also replacing the legacy solution. It was quite a unique and complex project. It took us around eight months to complete it fully because we not only deployed it, we also replaced the whole solution, and we had many integrations in place.

It requires maintenance in terms of product upgrades and security patching. In terms of One Identity upgrades, every two years, we have to upgrade because the previous version is not supported. The other thing for every organization is infrastructure vulnerability patching, so it does require maintenance.

The team that performed the deployment and did the migration had three people: two technical and one architect. The team that is currently managing includes one administrator, one architect, and one developer.

It is cost-efficient compared to its competitors. It is cost-effective. I do not know about the other regions, but here in the Middle East, the competitors are almost double the price.

I would recommend One Identity Manager in terms of value for money, but I would not recommend it in terms of skilled resources. If One Identity increases education, then it is a very good value product.

In terms of the extension of governance to cloud apps, we do have such a mechanism, but we are not directly connecting with any cloud apps. We follow our process. We do it through a proxy or some sort of data power or middleware tool. So, we do have some integration with cloud apps, but we have not used the new feature. I suppose they now have out-of-the-box connectors to connect with cloud apps, but we are not using that feature as of now because it requires a separate license. Unfortunately, we have a short budget on that ground. However, from what I heard from my developers, it is a very nice feature, and it is easy to connect, but we do not have the use case to validate.

Overall, I would rate One Identity Manager an eight out of ten.