One Identity Manager Reviews

We have this process of provisioning and non-provisioning users, depending on our SAP HR database.

The most important thing is that we don't have bad users in our systems anymore.

We no longer keep users who shouldn't exist.

It is flexible with APIs and the customizing of a portal.

I would like to have more extensive out-of-the-box reports.

The stability is great. We haven't had any problems. It keeps on working.

We can expand as much as possible. It will meet our needs going forward. We have already expanded a lot of times. The only issue with expansion is the cost of licensing.

I have only had one experience with the technical support, and it was okay.

We were not using another solution prior to this one (not in this scope).

The initial setup is mostly straightforward, but you still need to customize some things.

It has helped to reduce the paperwork of the help desk. There is a lot less paperwork, which has increased employee productivity, allowing them to be assigned to additional projects. 

We were also looking at the Microsoft Identity Manager. However, we decided on One Identity Manager because it has a wider coverage of different products.

Implementation and integration with SAP went well from the Identity side, but we have had internal problems with the data. However, we have been solving that for four years now.

We have chosen the product, especially for its governance for all the processes of the company, onboarding of employees, and lifecycle processes.

All our lifecycle processes have been improved. Some processes used to last around five days. Now, there are about one day or a couple of hours. This is very good for the user experience of our workers.

We are very satisfied of the privilege account governance feature, because we implemented a lot of processes around privilege account management that we didn't have before, which is a very good thing.

For the recertification and segregation of duties, it's easier to know all the information about our employees. If we need to delete some information, we can do it from a central point, then it can be deleted on all our searches. This is very good for GDPR.

The most valuable features of the product are the recertification, segregation of duties, and user experience.

The simplicity of the policy and role management features make it easy to use for implementing policies and configuring them.

When you see the product for the first time, it seems very complicated, but it's not. To improve the product, it should be made to seem simpler when you see it for the first time.

For the moment, we don't have any problems in production. Therefore, it is a good product.

The product is quite scalable, except for the database which is not highly available. This is where scalability could be improved.

We have the premium support and are very satisfied. They are always answer our questions very quickly. For the moment, we are very satisfied, but I think it's because we are paying for the premium support.

The initial setup is straightforward and easy to install. If it's your first time with the product, it can be very complicated because there are about 40 to 50 executables. However, when you know the product, it's simple.

The product is quite flexible. In the beginning, the product is an enormous solution. Then, after some training and experience, it becomes easier to implement.

It has helped to increase employee productivity.

We are satisfied with the product.

We want to bring our on-premise systems under our control, then our cloud solutions under our control.

With this product, we been able to bring together HR, IT, and lifecycle management. It is very helpful for managing the Joiner/Mover/Leaver process. We also use it for compliance on all the audits which are around.

We have integrated the solution with SAP, which has governance. We need to manage the Visual Administrator and One Identity Manager. The integration is pretty straightforward. There were some bugs with version 6 which are being removed with version 8, which is good. The platform is progressing. Though, some parts of SAP are not covered yet, like GRC.

The tool is like a big Lego in which you can use the parts that make sense for your organization.

It has several components out-of-the-box.

The solution is flexible, in general. You can define the parts of the solution that you want to use, and it won't affect the price. 

I would like the sync editor to be able to change labels because currently our concurrent development cannot work on this.

Self-service is important for our end users. However, after three years, people continue calling the help desk, and the help desk is using this solution to make its requests.

The web front-end definitely needs improvement.

Once the solution is configured, the stability is good.

We are an organization with 10,000 employees. This means 100,000 accounts or an account in group tables or approximately one million. We are not really big. It works okay for us as long as we fine tune some parts in the web design. 

The technical support is non-existent. It is not worth talking about.

We used a homemade solution, which was AD-based. It was a layer on top of AD with Java and Oracle Database in the background, but we had to move to something that can also manage could cloud, which was why we switched.

If you have consultants who do not know the solution nor the target systems, the initial setup is hard. It is my impression that if you are some very huge organization. One Identity will send the best people. If you are unimportant, then you get people who are seeing this application for the first time. This is the only way that I can explain what happen to us in the past.

We used someone at first, who was definitely not good. Then, we used Deloitte France, who was also not good. Then, we use Deloitte Germany, and the solution finally worked. That was three attempts. It was really hard to find good people.

On deprovisioning, when somebody leaves the organization, it allows us to better cut access to everything that they had.

The finalists were SailPoint IdentityIQ and One Identity. The reason that we chose One Identity was due to the logic of the connectors that they have. From those, we understood that this solution contained expertise on target systems.

If you want real-time management, it can be done within three to five working days with this product. That is how we do things today, so we have a process in place and do it with internal resources.

Bring your processors in under your control. Define what you want and when it works in Excel, then you are ready to buy the solution. It doesn't really matter which solution you would buy, as long as you have things under control.

The policy and role management features are very powerful, but it is hard to make the organization use them in the proper way.

We have not implemented the privileged account governance features.

From the back-end perspective (provisioning engine), I would give it a nine out of ten. However, from the web front-end, I would give it a five out of ten.

As consultants, we use it for provisioning, for access management in SAP, for AD access management. In the future, we may use it for many other applications like SafePoint and Office 365.

It improves organizations because role requests are automated, as are provisioning and deprovisioning; all of that is automated. 

It saves time and improves productivity because otherwise, people would be calling the helpdesk. Productivity is improved because everything is automated. A user makes a request and a workflow is triggered. It sends mails to your manager or to the product owners for approval. If everything is working properly, productivity increases.

Even without any customization, if you install it, configure it, it's ready. We may do some small customizations afterward, but the product is really good as is. It's very powerful. Without any customization, it starts working.

There is also a new feature, the Sync Engine, which is very good. Before, without it, the initial onboarding of HR systems was very difficult.

The policy and role management features are good, but not well-implemented in many companies because it's not that easy. It takes time. We are starting to use attestation in our current project and to follow the company policies. It takes time, but the feature is good. The company policies feature is really good because in workflows you can check whether the policies are all working. It's a good feature, but I don't think it is very common in many companies.

In terms of privileged account governance, in all of our previous projects we created privileged accounts and, again, with the new projects, we are going to start managing privileged accounts through One Identity. This feature is good. The new features are really good.

Finally, the product is flexible. We can easily customize almost any part of the system, such as having logic code inside the templates, inside the tables. And we can create processes as well. The customization makes it really flexible.

One Identity has a self-service portal but many customers need a helpdesk where they can go in and request. To make that happen we need to do a lot of customization. Maybe that could be improved, but it can be implemented.

The current version we have is stable but there are bugs, of course. There are many bugs. Many customers may wait for somebody else to move their systems and after they get the feedback, only then will they move. Each time there is a new release, it takes time to become stable.

It's scalable.

Technical support depends on the level. Level-one is not as knowledgeable as level-two. But, overall, their level of knowledge is good.

For me, the setup is easy, because I have a background in Microsoft technologies. That makes it really easy.

We are currently working on integrating it with SAP, but we are customizing a lot of things to fit with the current company's requirements. Their requirements are quite different from the out-of-the-box settings. Next month is the first SAP system go-live.

After the SAP onboarding, we will look at the cloud. I have fixed some bugs in the code for the Office 365 onboarding earlier. That was a very early version with custom connectors to Office 365, version 6. But in terms of a cloud connector, we have not started to work on it yet, in the latest versions.

This was for customers identity management, where there were a huge number of domains and the customer had unnecessarily complicated the system with a lot of parameters and attributes. 

Larger customization has made the system complex and confusing. The people who deployed it initially did little to document it. This has had a negative, delayed impact on the overall project and solution. 

The good part is Quest One IDM allows for large customization.

• Separated modules and integration allow for more capabilities 
• Graphical and tabular interfaces
• VB and SQL front-end and back-end

A detailed solution document to registered aspirants and interested people would help them achieve what they require before its tested and pushed to production. Quest Software should provide notes and documents to customers before they buy the product and license.

Everything (location, cost center, department, business role, etc.) is a role.

The Data Importer is a great tool to create an ETL. It generates code which is easy to maintain later without the tool.

The Attestation function lets you easily define grant/deny workflows based on constellations in the database.

We were able to connect 300+ SAP clients who were requesting access to SAP roles with the software. We also established an offboarding/onboarding process for SAP clients, as well as other target systems.

Some internal structures are in place because of already depreciated functions back from the time when the solution was used for software deployment and as a help desk.

Four years.

Versioning requires a lot of customizing effort.

No issues.

Web Designer consumes a lot of memory based on certain queries that could let the IIS run short on memory. This could be mitigated with more memory.

Very good.

Very good.

No.

No, it is wizard driven. If something went wrong we had to restart from the beginning.

The vendor team had a mixed level of experience, but there were enough excellent engineers.

Unmeasured.

Start with an operations team that is motivated to learn a lot in a short period of time. The longer you wait, the more expensive it will be to get the right level of expertise in this area.

I was not involved.

Great product, which I would recommend. It has a huge learning curve, but could solve all your IAM challenges. Make sure to have a good team and support from the vendor.

The data is easy to manipulate using SQL queries and commands.

The product was initially brought in to replace an unsupported solution. Later on, it became a partner self-service portal, reducing service desk calls to create accounts for business partners.

There are too many configuration interfaces. They could simplify the design to not require VB/PS coding to draw the workflows.

I have used this solution for three years.

The initial connection to the domain and LDAP trees was painful. However, once configured, it was stable.

The product scaled well. We had approximately 8000 users at the time of implementation.

There is great technical support. No issues there.

We used Novell's DirXML 1.1a. The client opted to migrate instead of upgrading.

The initial setup was complex due to the customer’s complex environment. A third-party service provider was required for deployment.

Licensing can be high. Quest usually bundles with other products, so you can get a better deal.

We only upgraded from the same vendor, Novell at the time.

The product has its challenges, but when well configured, it can provide good results.

In Q1IM, at least the version I worked with, it wasn't very intuitive to create processes and you need to actually add code to the boxes in order to customize. I always compare with NetIQ/Microfocus as they have the designer which is easier to elaborate rules.

About the interface, they have multiple applications, such as report designer, webdesigner, designer, object browser, import tool, manager, identity manager, jobqueue info. Its a suit of apps. It takes time to get familiar with them and know which does what.

The out-of-the-box connectors (SAP, LDAP, MS Active Directory, CSVs, etc.), and the one-stop-shop portal for user requests and authorizations which can be customized to display corporate logos and color schemes.

Additionally, certain “out-of-the-box” features can be configured to not be displayed or affect specific behaviors through the Project Configurator.

Additional customization requiring coding is possible, but requires additional planning, coding, and testing and is out of scope for this project.

In D1IM there are different ways of connecting with targeted systems. Out-of-the-box Connectors could be with:

• Connected system modules which allow interaction between D1IM and third party systems, with their specific schema extensions, dedicated synchronization templates and business logic. They allow deeper out-of-the-box target system management.
• Connectors which are predefined synchronization interfaces, developed by Dell, and are highly configurable but cannot be customized!

Interfaces are developed during IdM projects as an additional, customer specific feature of D1IM. This enables the connection of more proprietary or less common systems. Interfaces are easily changed in their functional behavior and implementation.

With this tool, you can easily orchestrate automation user access provisioning and implement multiple layers of authorizations (4 eyes or 6 eyes principles).

• Implementation of skip logic in user access request forms - this topic cannot been explained easily because it requires a deep dive within the functionality of the Web Portal.
• Lack of integration with RestAPI - the lack of out-of-the-box RestApi connectors creates some difficulties in integration running infrastructure as code, with DevOps operation (CI, CD, VCS etc.) and managing On Premise and external clouds.

We have been using this solution since 2006.

We have not encountered any stability issues. The system is rock solid.

We have not encountered any scalability issues.

The Dell technical support is good enough.

The D1IM gives a rare opportunity to integrate multiple authorizations and authentication platforms into a single portal.

The configuration is complex and requires a good understanding of your existing infrastructure and related protocols for communications.

We have no specific advice about licensing issues.

We evaluated Ping One Identity, SAP IDM, Oracle Access Manager, Net IQ Identity Manager, and RSA Access Manager.

Clarify what level of automation is needed in a user access request. Authorization and provisioning is achievable while comparing company needs and objectives.