One Identity Manager Reviews

One Identity Manager is a central identity provider and authorization provider, and I've been using it for multiple customers who use it as a central identity provider.

In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager.

The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager.

What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself.

I've been working with One Identity Manager and its predecessor Quest since 2014.

One Identity Manager is a stable solution, although like any vendor bugs occur. It is frustrating there's no bug tracker available of known issues. It would be very helpful to know what bugs are currently acknowledged to prevent continuity issues and wasted troubleshooting time. 

In terms of the scalability of One Identity Manager, I mostly had experience with companies that had five to ten thousand identities in place, and now, I've been working with a setup in a larger enterprise environment with tens of thousands of users, and my impression is that everything is going much slower than what I was used to on the smaller scale, but I'm not completely familiar how it was set up. I know too little about the setup to judge the scalability of One Identity Manager.

I've contacted the technical support team for One Identity Manager multiple times. Sometimes support is excellent, and sometimes, it's just okay. Support asks for a lot of information that's not always necessary.

Neutral

Installing One Identity Manager nowadays is getting more and more straightforward, but in terms of configuration and setup, that's complex.

The time it takes to deploy the solution would depend on the organization. I've been involved in multiple projects and there were projects where One Identity Manager was deployed faster than others, so deployment time would depend a bit on the complexity of the organization and internal processes, but in theory, you could set it up within a week. Mostly it would take companies months to get the solution up and running.

I'm aware there's a license cost for One Identity Manager, but I'm not part of the team who handles licensing, so I'm unable to give pricing information.

I'm a freelancer, so I work for multiple customers and I work for three customers that are using One Identity Manager, so I can't give the exact number of users, but big teams use it.

I'm using One Identity Manager because it's what my customers selected.

My advice to anyone looking into using One Identity Manager is to start playing around on the virtual setup to get familiar with it, in particular, make a small domain, set some target systems up, and get familiar with the setup.

I would rate One Identity Manager eight out of ten because it's very stable and very customizable. For the last two years, the solution has improved and cut back on technical depth, and it can stand on its own two feet, but there's still space to improve. Overall, One Identity Manager is one of the best in the market.

I'm an identity and access management consultant, so I'm not a partner or a reseller of One Identity Manager.

This solution creates the roles for the NDSS, including onboarding of accounts. It's an end-to-end solution in that the customer will request some permissions, and it will enter treatment for that user, then push the data or automatically onboard admin accounts for that user.

The most valuable features are that it has a lot of capabilities, can integrate with a lot of systems, including automated onboarding like CyberArk, and allows you to integrate different entities.

One area that could be improved is the speed of performance - it's often a bit slower because of the size of its database.

I've been using this solution since 2017.

It's a stable solution.

OIM can be scaled.

We subscribe to premium support from Dell IBM. It's pretty good but can take a while to respond with a solution, sometimes up to a week if it's a major issue.

It depends on the expectations and scope, but OIM is easy to deploy and can be completed for a medium organization in six months to a year.

I used a consultant integrator for deployment.

Licenses are available on a three or five-year basis.

I would recommend OIM to other users and would score it seven out of ten.

Access governance related to audits.   

BAAN, AX, AS400, AD, Exchange, Footprints, several home-grown applications.

We had a relatively small AD (about 5,000 users) but our primary challenge was that all of the legacy systems in place, including multiple instances of BAAN that came from different M&A deals, each with their own configurations and entitlements. 

The short version is that we gained significant insight into the issues of access governance. One of our largest challenges was lacking insight into who had what access and where. For years access had been granted in an ad-hoc manner, mostly as "I need access like Sally" situations resulting in a mess of too much access son nearly every account in our organization.  Implementing an IAM system allowed us to turn this auditing nightmare into praise from our auditors, eliminating fines and cutting operational costs, paying for the implementation within a year. 

Additionally, we found all sorts of questionable activity that we were able to address. Using the built in policy tools we were able to identify those who went around controls and address them both stopping their unapproved activities as well as getting feedback to improve the IAM interaction with the company. The loss of unapproved access also stopped a few cases of potentially criminal activity that came to light because of our new found trove of data but further details cannot be shared. 

The amount of useful data we were able to gain immediately after a basic implementation was exceptional. Within days of installing the product in production and well before the official go-live we were able to create meaningful reports of all sorts and start correcting missing and wrong data as well as access control issues. We had tried system cleanup projects before and had some success but correcting our data in earnest began once we could see everything in one place.  

As the project matured we were able to move more and more out of the hands of IT and into the hands of the LOB representatives. Which in turn both improved the business' view of IT as a whole and allowed IT to focus on other projects and trim staffing levels on low tier work, moving those employees to more important work and helping some of them grow their careers. 

The value gained by taking control of your access data and walking the path towards governance is immense and the progress we made inspired me to pursue a career helping other companies achieve the same success. I would recommend that every company undergo an IAM project especially if they have nothing in place now. 

In dollars: access reviews. In QoL: Entitlement requesting, Approval workflow, and Attestations. 

At the start of our project, IT was considered a burden by most of the company. One Identity's easy to set up requestable items and the associated smart approval workflows gave IT the power to become a hero to the company. Eventually we had lines of business coming to us with requests to integrate more and more into the self-service portal. Then on top of that, the existing attestation cycles allowed us to confidently know for certain that correct access was issued and maintained across the company. 

My largest issue with the product is the ability to customize the web portal. There is a tool that allows this to happen but it is difficult to use (except for minor changes like logo, color scheme, or basic edits, such as displayed columns on an object. Then, to make it worse, the documentation is not helpful at all in describing what pieces do or how to use them. Even after training, I would not be confident in attempting any large change to the portal. 

For certain, this is the area that I think needs the most improvement from the current state. 

I have been using One Identity Manager for six years.

The stability is fantastic. 

Your real stability issues are going to come from SQL and not the product itself. There are redundancies built into any general implementation and always-on availability is expected. If you are already running your SQL in an always-on way, the chance of downtime with One Identity is essentially zero. 

Upgrading from one version to another is the only potential issue. You have to have an outage to perform it. There are ways to make this smooth but it is the one area where stability could be an issue. 

The solution scales very well. I have experienced issues when attempting to scale to the largest companies. However, when we did encounter issues, One Identity did a fantastic job of providing the resources and fixes needed to scale the system to millions of identities. 

The support team could be improved on. The first level of support essentially looks up knowledge base articles and often can't provide the answer needed. This could be skewed because any issue we couldn't solve with our implementation partner was certainly not a level 1 issue. However, even with One Identity knowing that we would have to deal with bad level 1 before we could get someone who could actually help on the line. 

However, to give a positive side, any time there was an emergency they were very quick to get the right resources on the issue, even when it meant waking people up in the middle of the night.  

We did not have a solution in place. This was a greenfield project. 

The initial setup was very, very easy. 

Our complexity all came from integrating outside systems. The out-of-box experience with One Identity was genuinely fantastic.

We used a 3rd party partner of One Identity as well as trained an in-house team to administrate and extend the system.

The partner was extremely knowledgeable and in a couple of cases more so than the vendor. We were extremely happy with the outcome of their work. 

Our ROI is very, very large. 

We eliminated ongoing SOX violations and associated fines.

Additionally, and without including the above, we were able to see savings in IT costs greater than the cost of our implementation within one year. A significant portion of this came from moving our most common help desk requests into self-service. 

The example I would give as the largest of these is Baan. Traditionally, a ticket was submitted, then tier 1 moved it to the Baan team who was responsible for both access and troubleshooting. Baan was significantly understaffed and the turnaround was slow. When they did address the ticket it would require calling managers and attempting to figure out what access they actually needed. Turn around was 2 to 3 weeks PER REQUEST. By defining roles with the business (a huge task in itself), creating self-service requestable items, creating approval flows, and automatically producing formatted tickets to Baan (direct connection to add access was not available to us) we were able to reduce the turn-around time to less than a day. Freeing up resources to do more important work. 

Finally, we were able to change the perception of IT nearly company-wide. While this has no dollar amount attached this is probably the most significant return we experienced. 

One Identity genuinely provides one of the lowest costs for the initial setup of any product while still being a robust suite of tools. Price was a major driving factor in or choice to use One Identity. 

We did evaluate multiple other options before choosing. Hitachi ID, Salesforce (they really do have an IAM offering), Oracle.

My advice would be to implement the out-of-box product and pull in your initial data sooner rather than later. Planning is needed but I assure you that you likely don't know how much of a mess you're in, especially if you have no IAM solution already in place. 

The OOB data collection will help shed light on the issue you have and have yet to discover then you can craft robust solutions to tackle them.

Involve HR, involve your process owners, involve your business unit leads. Ultimately, you want to use a tool like this to empower your business to make decisions and engage in self-service. It may be difficult at first but if you involve them and try to meet their needs you can turn IT from a burden into the hero of your company. 

Work with a partner. While the vendor has great staff and is very knowledgeable, ultimately the partners are the ones who can really help you make the magic happen. All partners have the ability to engage the vendor directly should the need arise. You can save a significant amount of cost by going this route. 

We had several tools over time to try to gain control of IAM, but none of them were capable enough for our needs. We simply had too many systems to work with. We wanted one digital identity for each user and a comprehensive view of each user’s entitlements.

Before the implementation, it was necessary to create user accounts to give access to every single information system and application. A lot of resources were needed for development, implementation, support and control of identities and their entitlements. Employees had up to ten credentials for various applications. Now, our users have just one digital identity for all of our systems.

One Identity Manager provides one digital identity for each of the university’s 20,000 users. It also unifies and automates all processes in staff’s and student’s lifecycle by interfacing with other university systems. IAM is now more transparent to IT, students and staff, and helps reduce risk by automatically controlling access according to a user’s status.

This new approach to IAM has created huge efficiencies for IT, especially when it comes to managing more than 300,000 rights. Compared to the situation we had before, IT staff now spend less or almost no time for managing identities and rights.

We are located in Europe, so GDPR is a must for us. So, One Identity solution is helping  with this topic too.

• It gives the best user experience, enabling us total transparency in user access rights.
• We unified business processes for students and staff at enrollment/hiring/graduation/termination of contract in all organizational units of the university.
• It reduced risks by granting adequate access rights to users.
• The best feature is that HR finally took responsibility of it, so not everything is on IT.
• The policy and role management features are important for identity management.

Improve the implementation of additional One Identity Manager’s features. This we are going to focus on after an upgrade to release 8.1 will be finished.

Generally speaking, the solution has great stability, modularity and scalability. We have not had many stability issues until now. However, my opinion is there is still some space to improve performance. Sometimes synchronizations take too long.

We had several tools over time to try to gain control of user accounts and their privileges. But none of the solutions were capable enough to cover all our our needs. We simply had too many disparate systems to work with. We wanted one digital identity for each user and a comprehensive view of each user’s entitlements. Plus, we needed to ensure we could control those entitlements easily.

We noticed that One Identity Manager was positioned well in Gartner’s Magic Quadrant for User Administration and Provisioning, based on its evaluation of One Identity Manager.

The initial setup was complex. We have a lot of different systems. But, we started step by step with connecting active directory for employees to the IAM system and with data and business processes consolidation. Then, we used the same approach for all our students’ identities and related processes. Many processes we had to redesign, but the main benefit is the processes are much more simplified now. Yes, the journey from introducing One Identity Manager solution to joining all the systems was difficult, but we have reached our final goal.

We have a valuable partner located in Slovenia, who is helping us with analysis and architecture. They advise us with many best practices and are responsible for the implementation and technical aspects of the solution.

This solution helped us to reduce help desk calls. Before the implementation, people were calling because they didn't have access to some systems, etc. After the implementation, we implemented the application access metrics - authenticated users may conduct only previously authorized transactions. Now, all our users have access to these applications when they get their digital identity. Thus, there are no more calls to help desk.

While our journey to find a solution was tiring and we invested a lot of work and knowledge, our expectations have been reached and even exceeded. It's really good to invest time and money in a solution which offers you something that all users, not just IT, can use.

Sometimes, the solution is flexible. However, the customer should sometimes be flexible to the solution, as well.

Those who worked on this implementation now spend less time on user rights, etc. While it lowered their workload with this solution, they are now working on something else.

Our primary use case is to control access to our open source Unix and the app store games. This is a banking organization, so you don't want to give all of the rights to one person.

Using this solution means that our engineers do not need to log in to a domain controller as frequently. Rather, they can log in using One Identity and perform all of the administrative tasks. This is beneficial from a security perspective, and also helps to complete the task in the least amount of time.

It provides Authentication services and integrates Active Directory for open source operating systems.

The most valuable feature for me is the built-in security, which is the best that I have seen. The interface is also very good.

My only complaint about this solution is the price, as I think that the cost of the full user license is a little high.

A feature that I would like to see is a mobile app that provides users the ability to make changes or add users to the Active Directory on the fly.

Three to five years.

I would rate the stability of this product a nine out of ten. This is the only tool that will comfortably help you work with Active Directory in other solutions. 

It is scalable across infrastructures. It works with Windows, open source operating systems, and covers almost everything that you need. We have more than 4,000 users in this solution. Our organization keeps growing, so our base will forever be increasing.

To this point, we have not had to reach out to the solution's technical support.

Prior to using this solution, everything was done manually. Security was at risk of breach and we thought that we needed to be compliant.

The setup of this solution was simple and straightforward. Any admin can do it by looking at the whitepaper.

The process of deployment took approximately one month. However, that is not because the process is complicated or time-consuming. In our case, being in banking, there are a lot of policies and processes that have to be followed before implementing a new solution.

One Identity does what we need it to do, so we do not require any other plugins or packs to run our solution. 

One Identity sells everything that is required to deploy. We directly deal with them and do not use a vendor or a consultant.

There is a one-time licensing cost, and there is also a yearly subscription fee. The fee is related to the number of users and is perhaps $6 or $7 per license per month. 

We did look at other options, but it boiled down to choosing One Identity with no second thought.

My advice is to try this product first and then decide. In organizations with a large footprint of open source operating systems, such as Unix or Linux, security for them is a bigger concern, especially for banking. They should take advantage of using the evaluation version.

Overall, I would rate this product eight out of ten.

We use it to manage all identities within the company. We use it to monitor users when onboarding and offboarding. We also use it for all the related accounts, such as SAP accounts and AD, to give permissions to our employees within these systems.

We do all the privileged management as well within One Identity Manager, which mainly consists of monitoring and control of users, especially who's changing what.

There are users within SAP, the so-called "firefighters," who need to have a little bit more access to SAP. They are the ones who are allowed to switch down modules, put down the systems, and so on. They require high-privilege access. One Identity helps us to monitor those activities and ensure that we make the changes that are required so the users will have those permissions.

When we have a request from HR for onboarding a new employee, before having One Identity, we had all manual processes. If the user was going to be assigned to a specific application, we needed to contact the responsible person on that team to open multiple tickets, multiple requests. Today, those activities, are completely managed by the Service Desk. That means we have reduced the time it takes for the onboarding process enormously. It used to take two or three weeks to do a full onboarding, but today we can do it in two or three days, providing access to the systems.

The solution has reduced Service Desk calls by 75 to 85 percent. In terms of automation with this system, we now have 94 percent coverage of our users and systems. That means we increase security as well, and not only reduce calls to the Service Desk.

In addition, when it comes to compliance, One Identity is used to cross-reference between the identities and accesses. This has improved the detection time of security events and has helped us with both data protection and compliance. One Identity is a main driver and helper in improving this area.

It's the automation. With One Identity you can have multiple accounts and everything is managed in the same system. You don't need to manage different systems at different times. With just one, you can do everything. It saves a lot of time for us and simplifies things.

In terms of the policy and role management features, through the automation that we have within the system, we are able to simplify those processes. The role management is really a great solution because we assign and define roles within the system and then apply them to the identities that we create for our employees.

It is definitely a flexible solution. The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc.

We are currently on an old system, an old version. We're working on upgrading to the latest version. So when it comes to cloud-IT strategy, for example, at the time we implemented this version it was not yet a consideration. We are now starting to develop this area, and One Identity will play a key role in our cloud strategy.

Most of the issues that we are suffering from today will be fixed with the new version.

The more we have integrations with other systems, for creation of user accounts for different applications, the simpler the scalability and the usability of the system will be. That's what will make our lives easier.

I've seen that in the new version we're going to have connectors related to ServiceNow. That's a huge feature that will be important for us because we're using that system. Salesforce integration, more integration with SAP and with the internet of things would be good.

We also have system devices that we could manage as identities, so that would be a feature to add.

Three to five years.

The system we are using is five years old and we have had no issues at all. It is fully stable.

It's scalable. We grew over the last year. We integrated companies within the group, which included creating more and more users in the system. Scaling is pretty simple. We didn't have to make major changes to the system itself. It was something that the system could support easily, especially from a functional point of view. 

It can scale vertically and horizontally without any problems. With the upgrade, we are scaling up technically, adding more servers, and it's pretty easy as well.

We are working with a One Identity partner. This is really important. One of the most important things to do when going with One Identity is to choose a partner wisely. We are currently working with a partner and we're still evaluating that. It needs to be assessed a little bit better and to ensure that they can support us. It has nothing to do with One Identity support itself. The important thing is ensuring that the partner is able to support requests. That's what we are currently assessing and evaluating.

We are working with IPG because our headquarters are based in Germany. We have a history with them. We are currently ensuring that they are capable of providing the support that we require, and especially provide us the agility and flexibility we need.

The partner is important because the implementation of the systems and the configuration of the systems are done by the partner. It is key for One Identity to ensure that the partners can do the work properly.

We had nothing before using One Identity.

We implemented One Identity in 2015 with the main goal of controlling SAP access and users, especially the privileged access in SAP and the segregation of duties. That's what we wanted to control. One Identity was the best system at the time, with really exceptional out-of-the-box functionality. It was mainly done, at that time, for SAP. It was a risk and compliance issue that was fixed with One Identity.

We are seeing return on investment although I can't quantify it. If we just think about the reduction in the onboarding time which is impacting other teams, that is an area of ROI. And especially with the Service Desk, there has already been a benefit and a return of investment in terms of resources.

The tool is one of the best tools, out-of-the-box. It has great integration, especially for companies using SAP. On the other side, choose the right partner and don't look at only one system, but other systems as well. If a company is looking for a system to control SAP, don't focus on your SAP. Look at one system which is able to manage in general, and with good integrations. One identity is one of those systems.

It is also important to have a defined process. We establish it and then, with the use of the tool, we apply it.

I would rate the solution at nine out of ten. I like the out-of-the-box functionality. You don't need to do specific customizations; you can quickly use the system as it comes. And the solution has flexibility.

We use it to control identity and access management in our company.

It has helped when people need access somewhere. It makes it much faster to grant user access. I used to be the one who gave everybody their rights and it took me a few days per week to do it. Now, it's just pressing a button. It's a huge time saver. I don't have to create the users in AD anymore.

All of the systems that we use are in Identity Manager, we didn't have that before. It was hard to even say what kind of systems we were using. Everybody had their own system. When somebody said, "I need to get access to that system," everybody often answered, "Oh, what system is that? Do we have a system like that?" Now, everything is in the same place and they can access so much more, and it's easier to get access.

The solution has also helped to very much simplify compliance. By law, once a year, we have to check what kind of access our users have. For compliance, they can look at everybody's rights because they can see them from Identity Manager. They can look at what kind of rights and access people have and get reports easily. It was very much harder before when we had to make Excel lists.

It has also helped to notably reduce helpdesk calls. Before we had Identity Manager, people called a lot. Now they don't call that much anymore about needing access to something. They can get access, themselves, from the IT shop.

Nobody has to put people in AD groups by hand anymore. It goes automatically and that's very good.

It's also very flexible. It's quite easy to customize and we have customized it a lot. There are many features already in it that you can choose from but you don't have to use everything. You can use just a few features and leave things out.

I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. 

For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.

It has been stable. We haven't had many technical problems at all. Maybe there have been some small issues, but not anything that has been affecting my work. The performance is okay. It works quickly and is stable.

We speak to our consultants. They are our technical support.

We had something we built ourselves, but it was not integrated with anything. It was mostly just a list. 

When the world is changing and getting more technical, people need more access and we needed the ability to check what kind of access people have. There are all the GDPRs and other things that involve our company. We also thought it would be nice to have some automation for AD. I was literally creating people in AD and giving them rights to different places, putting them in AD groups. It was wasting time and, when a person does it, there are probably mistakes and you're not always sure what's happened. There's no tracking of who did what. Now we can track everything.

That initial implementation was a long process. It took about two years from the time we decided to take the product until we had it in production. There was a lot of fixing and thinking and configuration.

Overall, there were about ten people involved in the implementation, but we have two developers who work actively in developing it at our company. And we have about two-and-a-half people who actually work with it.

Upgrades take a while. The last upgrade we did was from version 6 to 8, when we migrated. It wasn't that difficult. It took time but we prepared properly for it, so it went very smoothly. That migration took a weekend or three days, but the preparations were over the course of many months.

We had a lot of customization in version 6, and we had to clean that up so that version 8 would work smoothly and without problems. Then, we changed our consultants as well, so we had new consultants for version 8. They knew the code better and they told us we had a lot of faults in in version 6 that we needed to fix before version 8 because they wouldn't work in version 8 anymore. We cleaned up a lot of systems and users so that we wouldn't take a lot of garbage with us to the new version.

There were two people who did the migration and they had to learn a lot about how to do it. Then we did testing in version 8 to see how everything was working. In the future, the work involved in upgrading will probably be much less because there won't be that big of a gap. In this case we had to first migrate from 6 to 7 and then 7 to 8. It was a very long process, a big project. I don't think we will do that again. I think we will upgrade with smaller gaps in the future, to make it easier.

We looked at one other vendor, but it was some time ago. It might have been something from Microsoft. I don't think we looked at it that seriously because, as I remember, we decided on One Identity quite fast.

It's very good to have a system that handles access rights and a system that you can automate with a lot of other systems like with LDAP and Active Directory. You can probably integrate it with other things as well. For us, it has been a very nice product and we are very happy with it.

The advantages come with many other things that need to be done to use Identity Manager. It takes time to create things and get new systems and features running and to teach people how to use it.

We've heard about the privileged account governance features. We haven't yet started using them but I think we will soon.

Overall, I would rate it at nine out of ten. There are always things to improve on, nothing is ever perfect. I like the product and I think it's nice to work with, but I don't do that too much technical stuff. For everything I do with it, I think it works fine.

We use it to make requests and show the information that the users have, as well as for attestation.

It saves us time and has increased employee productivity when it comes to provisioning users or systems. It has changed the way things are done, and people who had been doing manual work are doing something else at the moment.

We now have standard processes, the whole flow when a new user comes in; what happens and when. It's always done in exactly the same way. We know that it goes from start to finish in a certain way and we can be sure that it's done in the correct way when it's automated. The master data is always used in the same way.

It has also impacted our cloud IT strategy because we have to be there to manage the user accounts and all, in that environment. That's on-going work at the moment. We haven't implemented or started any processes in production yet.

In addition, it has helped to reduce helpdesk calls, according to the information that we have seen.

For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems.

We are familiar with the policy and role management features and we are using some of them. They are very hard to define, but they are also very powerful in a way. You have to define them clearly before you start using them.

One Identity Manager is also flexible. If it doesn't have a feature that you want, out-of-the-box, you can customize it by creating scripts or modifying the schema. But you usually need consultants to do the job.

This is getting at really detailed functionality, but the system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people. That's an issue for us at the moment.

I would like the ability to have different user accounts and to have a flexible way to order things. For example, if you have a domain with a lot of sub-domains, for the end-user it should be easy to order to these other environments. But you would have to have sub-identities. We have tried to create different kinds of solutions for this.

This version, version 8 has been working fine. Version 6 was horrible for us. The performance wasn't good at all, but our experience now with performance and stability is good. We are happy now.

When it comes to adding other users or a growing environment we haven't had any issues. At the moment, at least, we have been able to add features and functionality, and everything has worked fine.

We have only used technical support through our partner/consultant company. We haven't been in direct contact with One Identity. Everything has been okay. 

We had a solution that was built in-house before we migrated to One Identity. The old solution didn't have the automation features and provisioning features the way that this product does. The old solution was more manual with a lot of built-in scripts. It was hard to maintain or to create extra features.

Our initial setup was about three years ago, but we did the migration from version 6 to 8. That was almost the same. It was a really big project, or it felt like it.

The initial go-live for the product overall was over one weekend, but the work before that took a year. There were ten people involved during that weekend. We had some time-outs during that year though, because there were some other big projects.

The setup was complex because we did a lot of things. It wasn't only our project, because it was HR and the organization. It was not only the technical part, "next, next, next." It included changing the processes and standards in the company overall.

In terms of our implementation strategy, we added a totally new HR program, to get the master data up and running and correct. And then, of course, we had to work on how the organization is defined and have master data for that, and the roles to be used and the master data for that. And we had to get overall processes standardized.

There are two-and-a-half people working on the solution now, doing daily maintenance.

We had a partner, Infragen, do the integration. Our experience with them was good. They did good work and we had good cooperation, overall.

The managers are satisfied when things are automated, when people are coming in or going out, because they don't have to do the work. They just contact HR and it's automated from there. People know that it's one place where you can do everything: make the request, the attestation side, and compliance is also automated and in one place. That's what people want.

Microsoft was one of the solutions we looked at, as well as some small Finnish companies. We went with One Identity because of the features. Somebody had already made the stuff that we needed, the functionality that we needed was there and didn't require so much customization. And the partner that was able to give us the solution was also a factor in our decision to go with One Identity.

Keep the scope small in the beginning, so you don't do too much. Go live and then add more features on the way because, otherwise, it can go on for years, and you never get anything done. Also, don't start to customize features too much. Try to use what comes out-of-the-box and try to implement it that way. Somebody has thought of these things already. In most companies, a lot of these things are probably done in the same way.

I would rate One Identity Manager at eight out of ten. There's always room for improvement, but I'm pretty satisfied.