One Identity Manager Reviews

We use the solution for managing identity access in a production company with nearly 6,000 users and more than 10,000 employees.

The main benefit is that it makes it easier to comply with GDPR. It makes it much, much easier. Also, it helps with data privacy and everything. It reduced the workload on the help desk and other departments that deal with user access and provisioning providers for users.

The solution offers good integration with other environments such as SAP and Active Directory, et cetera. We are managing access and managing all the provisioning of user access and accounts.

We manage the product to help manage SAP. The solution is okay for providing an enterprise view for the management of logically disconnected SAP accounts. It is quite complicated since SAP has quite a structure for these roles and accesses, however, it is quite manageable in One Identity and it is well supported with proper support from our external provider. We finally managed to make it perform. It is now working well.

One Identity Manager connects SAP accounts to employ identities under governance. This is important. We had it implemented before only based on requests without active-active connection. There were quite a lot of non-matched users, and what happened a lot was that we would have users who had left the company and were still active in SAP. So now when a user leaves the company it’s not an issue. Also, the SAP account is already provisioned. This ensures data protection and the privacy of users and everything.

If I were to assess One Identity Manager for providing us with a single platform for enterprise-level administration and governance of users, data, and privileged accounts, I’d rate it highly. From a rating of five, I’d rate it 4.9.

The solution's user experience and intuitiveness are good. It’s extensive. 

How easy it is to customize really depends on the level of desired customizations. There are some customizations out of the box while others require quite a lot of coding. In that case, I’d suggest a person uses support or gets external support.

You do need to learn it. It’s not something you get from the beginning. It’s not like Windows. It is more complicated. You need to know a few things from the back end, however, as you learn it, it becomes easy.

I've used the solution for four or more years. 

I'd rate the solution nine out of ten. 

Our company hosts our on-premises application with this solution. It is not a complete SaaS product but rather a hosted environment in their tenancy. 

We have an internal team of four administrators and site developers who manage the solution and provide support to 2,000 employees. Our operational model includes contracting with professional services for new development, managing releases, and deployment. 

The solution is a typical, conventional IGA but the tool itself offers many options for customization. Some other products are easier to implement but don't have the same customization capabilities. 

The product must include SaaS in the future. 

The use of the administrative tools is cumbersome because too many are required for configurations. For example, the solution requires master usage of eight different client tools so it is excessive to manage the product. A small fix or deployment requires opening three or four different client tools that are not intuitive or easy to use.

The user experience and interface need additional improvements. Version 8.2 included improvements to the GUI and the inclusion of Angular JS which is better. However, the interface for 8.5 is a bit basic. 

Mastery of VB.NET is required to develop using the solution. Most developers use Java or .Net and VB.NET kills the vibe. We have to use VB.NET internally when working within the solution and that really needs to be modernized. To be honest, no developer is interested in learning VB.NET because it is a substandard language compared to newer options. 

I have been using the solution for six years. 

The solution is very stable and we rate it a twelve out of ten. However, reaching that stability is torture. 

We had issues and bugs because of customization requirements and it took us a year to go live. Too many custom processes cause issues even though the end result is stable. Gathering things to implement and install takes time. In our case, the implementation document for us to go live was 500 pages and that was a bit terrifying. 

The solution is scalable and the database is the key element in integrations. Everything connects to the central database which is a benefit because then the database becomes the central configuration management tool. If you upload DLL code to the database, it pushes it to other components. It is a well-designed central configuration approach. 

This approach can be a bit of a drain on performance because everything is connected to the central database. It is important to keep on top of database health with the solution.

Support needs to be better because this is a framework-style product and your own developer needs to be able to work efficiently with theirs. Sometimes a problem is in the development code, not the core product functionality. It takes too much time, as operational support to investigate and find the root cause. The solution offers amazing functionality for the framework, but if you didn't write the code yourself you are in trouble. 

For example, if a third party writes code and then their involvement ends, an issue in production that needs support won't get it because the third party's code error is an unsupported area. 

If your company's active management processes are not aligned with ISO or NIST standards, a lot of customization is required and this is the best solution. For ITSM, this is also the solution to use. 

If your processes are aligned then other solutions are appropriate. For a product like SalesPoint, the solution might be ServiceNow. 

The initial setup is very complex and I rate it a four out of ten. 

Deployment depends on the project scope. If the project is smaller, you can connect with Active Directory and auto RMS on the same day. However, if you want joiners, movers, or leaders to go live, it becomes more complex. 

The pricing is good and I think more money is made out of selling professional services than the product itself. 

Developers who have worked with the product won't need the assistance of professional services. It is easy to implement once you are accustomed to the product. 

Someone new to the product would need 20-30 days of services a year and in that scenario, it is expensive to develop and maintain. 

I rate this solution a six out of ten. 

We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.

We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.

One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.

One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.

I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.

As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.

In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.

One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.

If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.

It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.

I have used it for five and a half years.

We haven't had any stability issues.

So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.

We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role. 

We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues. 

Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.

Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.

Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.

The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.

The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.

We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.

Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.

It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.

We have had pretty good people on our team so far:

• For deployment, one or two people were needed. 
• For maintenance, our team is very small. We have two or two and a half people at all times. 

Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.

We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.

Unless you are buying a new connector, you won't need to shell out more money for the solution.

My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.

The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.

There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.

This solution should be considered by companies (based on their needs).

The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.

The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.

We connected SAP through a database.

We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.

I would rate this solution as eight out of 10.

I install it for other companies, and one of them uses it for custom processes.

Previously, one of our customers didn't have a way to manage their cases, so we created a custom solution for everything. And the best thing is that it's totally secure since it's based on the roles in the customer's Active Directory. It's based on the kinds of roles or groups they assign. It's about what kind of permissions a user has in the IT shop. For example, there are two big groups. One of them has access to critical information, and the other only has permission to read some information. With One Identity Manager, we were able to separate these roles and what each role can do.

And the fact that One Identity Manager helps consolidate procurement and licensing makes things easy.

In addition, it has definitely helped achieve an identity-centric Zero Trust model. If someone is entering the company, we need to make sure that they have the correct permissions, the exact information, and access to that information. It's a must.

The best feature is that it's customizable. For example, we can create any kind of product or custom service within an IT shop and customize it the way our customers need it. For the customers, it's the best. They are happy with it.

We can create a custom policy for a company. We can use a business role for access to a given product and determine what the next process is. For example, if someone requests access to something, the custom policy will show it to the supervisors at each location or redirect it to the user who is responsible.

Also, we use the solution's business roles to map company structure a lot. That's one of the parts that the customer really needed. They wanted a custom role for each of the cases they were creating. They wanted to assign users directly to a business role, and these roles can be assigned to other users in the directory. The business roles feature is critical.

One Identity has another model called Data Governance Edition. It's a very good solution for controlling and applying the concept of CIA (confidentiality, integrity, and availability). It's the best solution for that. We use One Identity Manager with Data Governance. There are shared folders, and a lot of people have access to them. With Data Governance, if someone requests access, based on the kind of permissions they have, Data Governance helps us make this kind of decision.

The user experience is good, but it can be improved. There are a lot of features in the administration part, and they need better documentation. For example, they need to explain the main reason for a feature, and what the tables are in the database. It needs better documentation about all the features that are in the solution.

They have a lot of documentation, not only about the installation processes, but also for the development side. For example, in the new IT shop that is using Angular, there are a lot of functions—more than 1,000—that don't have any information about what they do. The documentation is really important. 

Also, the documentation for the Data Governance Edition must be improved. 

In addition, when tasks are running in a tree, there should be an order. For example, if we have five tasks in a tree, we should be able to say this one is first, and the next is number two, then three, four, five. 

And it's important to have compatibility to use gMSA, group Managed Service Accounts.

I have been working on One Identity Manager for seven months.

It's stable.

It is scalable, for sure.

We use their standard support. They are nice and they are always on the edge, helping us. It's great support.

Positive

We did not have a previous solution.

The main solution takes about six months to deploy. When there are customizations, it takes more time. The amount of time depends on the kind of customization. I don't have an exact number, but we have a sprint every two weeks, and we do our best to deploy what the customers request. Our clients are enterprises.

For deployment, on our end, we require five people.

In terms of maintenance, the main solution is standalone, and there is no maintenance. Once it's running, there is no problem. But maintenance is necessary when a customer wants something else, a customization or a new product.

Our clients have definitely seen a return on investment.

The pricing is okay.

I totally recommend it. If you want to implement life cycle and governance, for sure, it's the best solution.

We use it to manage the roles that everybody receives for our network. We use it to create an overarching business role and then we have individual, direct assignments to provide extra permissions where needed.

It definitely makes the overall structure extremely organized. It doesn't help to minimize gaps in governance, but it definitely helps the administrator see exactly where the gaps are so that issues can be resolved.

It also helps streamline aspects of application governance including application access decisions and application auditing. In terms of auditing, for every application we use, we undergo an audit, mainly for the number of roles we are allowed to give out and the access that everybody is allowed to have. With One Identity, we are easily able to pull up the individual roles and it tells us exactly who has a given role.

One of the valuable features is that it is relatively organized. I definitely appreciate that aspect. It is also relatively simple to use with a very easy flow to the GUI. The user interface is really top-notch. Whatever we need to do with it, we are able to see just how to do it right away.

Customization is also fairly easy. There really isn't a whole lot to it.

And one of the main things that we use it for is the creation and modification of business roles. That way, we can assign just one role to a user and they have all the permissions that they would need. We also use the solution to extend the governance to cloud apps. For users who need to work with the cloud on a daily basis, it makes assigning their privileges a lot easier.

There is a small area inside the administrator's GUI that could be a little bit more organized.

I have used One Identity Manager for about three years.

It seems pretty stable. I haven't seen it go down.

The scalability seems to be on par with what we need. We're able to add and remove exactly as needed.

The other solution that I used was Active Directory.

I was not involved in the deployment. But in terms of maintenance on our side, it is just the typical configuration of business roles and direct assignments.

One of the variables it really depends on is the replication time that is set for it to replicate and pull all of the new changes that have been made from the user GUIs. But I work with a relatively large network, so our replication time is different from that of an average company or user.

I have a very positive opinion of One Identity Manager. In all honesty, it's the best application that I've used. I give it my 100 percent recommendation.

We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.

In terms of what I found most valuable in  One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.

A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.

I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.

Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.

I've been using One Identity Manager since 2008.

One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.

Scaling up One Identity Manager is extremely easy.

I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.

We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.

In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.

How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.

I've seen ROI from One Identity Manager.

The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.

We evaluated SailPoint and Saviynt apart from One Identity Manager.

I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.

Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.

My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.

I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool,  the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.

My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.

One of the key use cases is certifications for SOX applications. Another is centralized onboarding and offboarding. Another use case is the Self Service using the IT Shop, which gives us a repository of entitlements that people can request and then have the approval workflows, and document the approvals for SOX and other regulatory requirements.

The appliances we use for this solution are VMs. We went with that version because we're forced to. We're not allowed to use physical hardware. Our infrastructure group requires us to use VMs.

The process prior to One Identity was very manual for certification for SOX applications, using Excel spreadsheets etc. We were able to automate that process. Right now we're doing approximately 250,000 automated attestations every quarter. The time it takes to do those is greatly reduced. For example, with our financial system, reviews used to take two-and-a-half months to complete and now we have 90 percent compliance within two days. 

When it comes to onboarding and offboarding, prior to our launching of One Identity Manager, users were provisioned disparately across the globe in all of our offices. There was no consistency or structure. We have centralized that and it's based on the HR data for new hires. And more importantly for "leavers" — and that was always an audit point, for not catching the leavers — we have a feed from Oracle as well that promptly disables access on the user's last day of work. That is a key use case.

In terms of integrations, we have a custom connector with our ERP system, JD Edwards. The process to build the connector was lengthy. It took us about six months. It was not easy. But with it in place, we improved the time for doing the recertifications. Once they saw the efficiency of the attestations for that, everyone was wanting to get on board with other apps as well.

The most valuable features include the 

• automated attestations or recertification
• IT Shop, which reduced calls to the help desk by 60 percent from users not having to contact someone to request access to something. Now, they go to the Self Service portal. 

Those two are the biggest wins.

In addition, when it comes to usability and functionality, users are always the most difficult to please. But when we went to version 8, we actually had zero negative feedback. We had people who were praising the UI of the new version. It was very well received. We had no pushback or anything negative that we had to address.

Another huge win is that a lot of our producers and salespeople are constantly on the road, and making them log into a portal for approval was very difficult. Once we implemented the approval feature, those users were extremely happy with it. It saves time and helps the end-users to become productive sooner because they can do the approvals.

There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking. 

Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.

We've been using One Identity Manager since 2013.

Once we went to version 8 it became very stable. Version 6 had a lot of issues with performance. But all of those were resolved with the new infrastructure and table structures. We are never down. We are 99.999 up.

One of the reasons we bought One Identity was for scalability because we grow through acquisitions. We have about 40,000 internal users currently, but two years ago we only had 20,000. We knew that we would grow and would have to have something that would grow with us.

We have really good support. We tend to deal with one support person in particular, so he knows our environment well. We have a great relationship with their support in general.

Avatier was our previous solution. It couldn't scale with us. It was for a company with one domain, but we have about 12 domains and one forest. Even though it sat on a .NET framework, we could not do our own development so we were constantly going back to the vendor for enhancements.

The initial setup was straightforward. It's really easy to install. The out-of-the-box functions really are out-of-the-box. You're not having to do a lot of custom development. 

This is our second-generation tool, our first generation being Avatier. With our use cases already defined in that — and that's probably the longest thing that it will take to get done to get across the finish line — we had One Identity up and running within less than three months.

Because we have multiple divisions around the world, we broke up our implementation by region and then by division within those regions. We would launch a division and then leave a week between and then launch the next one so that we always had time in between. That's one of the things that I tell people: Do not do a big-bang launch because it will not be successful. You have to do a rolling launch, in my opinion.

When it came to training, we broke it up into the various populations. We did end-users, we did managers, and we did requesters. We developed that training internally. We did on-demand training modules as well as live training. From an engineering perspective, I did send engineers to One Identity. However, out-of-the-box, it was pretty straightforward. Based on the knowledge transfer from Professional Services, they were able to adequately manage the tool.

For our initial implementation, we used One Identity's Professional Services. Our experience with them was good. They knew the system and they were able to deploy our use cases.

Our migration project with iC Consult happened about two years ago. We were on version 6 and we had just started to undertake a move to version 7 but 8 had come out. We decided to go ahead and jump from 6 to 8. The reason we decided to do so was that that migration took nine months and, while version 7 did not have a UI change, 8 was going to have a UI change and we could not put our users through two upgrades. We had to think about our end-users and jumped straight to 8.

But iC Consult is phenomenal. I recommend them a lot. Many of their consultants and engineers came from the original Volcker Informatiks, which created the tool that we see today. Their employees have fundamental, foundational knowledge of the tool inside and out. They had the scripts, they knew the tables that needed to be restructured, inside and out. It was just an amazing, smooth process. I have colleagues who have fired up to three partners, in trying to get themselves migrated off of 6 to 7, because they were not successful. They are still on 6 and are trying to get funding — because they've thrown away so much money — so they can get iC Consult to come in because iC Consult just knows its stuff around the tool so well.

Our experience with iC Consult was outstanding. They were very involved. During our go-live weekend, Ulli, who is CEO of the Americas now, was pulled onto another project. They felt confident we would get through it without him, but at their own cost they sent another engineer to the US to be here during the migration. They were always very thoughtful around making sure that it would be successful and that we felt confident that the right resources were available.

Because of their knowledge, the iC Consult consultants were able to hit the ground running. So many consulting companies will come in and it takes them a while to get the lay of the land. They've got junior people on the account. We did not have that experience, thank goodness. I had come from a consulting company that was renowned for just not putting the best resources on projects and thus it stumbled and failed. The iC Consult consultants' maturity levels and their knowledge around the tools allowed them to hit the ground running with no issues.

We were completely satisfied. We have used them continuously since then. I have a very lean team — I only have three engineers to handle the global program. So iC Consult will do special projects that we just don't have the time to focus on. They can go off, uninterrupted, and handle those for us.

We have seen return on our investment with this solution, especially, as I mentioned, regarding the attestation recertification. The time that people have to focus on their real jobs and not spend it doing recertifications is huge.

We had gone into PoC, originally, with Avatier, CA, and Quest. But Volcker had been purchased by Quest soon after. We liked Quest, we liked our salesperson and when the tool began to grow and when we re-org'd and I was allowed to choose a different tool, we decided to do a PoC.

From a cost perspective, One Identity has the biggest bang for the buck. We do not have a large team and I cannot spend a lot on services. I wouldn't even look at the likes of IBM and Oracle because I know how expensive they would be.

It isn't just this product. IAM projects never come in on time or on budget. It's just the nature of the beast. But definitely have your use cases thoroughly defined. If you have those, the configuration will come rather easily.

Even though customization is available, you need to be aware of the dependencies and the other features that may be negatively impacted if you don't do best practices. You want to make sure that you're using best practices and not just configuring something because that's the way it's done in your company. That could negatively impact the other features that do adhere to best practices.

We are tech consultants who deploy One Identity for our clients. Our clients use One Identity for provisioning and deep provisioning users. It is also used for the recertification process and access review. We have integrated One Identity for 15 to 20 clients. Soon, we expect to deploy it for another five to 10. 

The performance could be better. I also think One Identity could improve its documentation for developers. Many of One Identity's features aren't fully documented. We don't have enough information on how to use them.

I have used One Identity Manager for the past six years.

I rate One Identity nine out of 10 for stability.  We haven't seen any downtime. It has worked smoothly since it went into production. 

Deploying One Identity can be straightforward or complex depending on the environment. The time needed to deploy varies with the scope of the project.

We typically have some meetings with the client to understand what they need to integrate with One Identity. We develop custom connectors and move to the production stage if everything is working. 

I rate One Identity Manager eight out of 10. My recommendation to new users is to be patient because it's hard to understand without adequate documentation. It gets easier with time and practice.