One Identity Manager Reviews

We utilize One Identity Manager for several key processes. Primarily, it manages the entire employee lifecycle, including joiners, movers, and leavers, for identity management. Additionally, we use its attestation module to conduct bi-annual recertification campaigns, validating existing access rights. Recently, we expanded its use to manage cloud entitlements, including EntraID.

We manage user and access management  for over 20 SAP systems using One Identity Manager and do not handle any disconnected SAP accounts.

One Identity Manager governs SAP accounts by linking them to employee identities, ensuring access is managed throughout the identity life cycle. This direct link enables automated processes, such as terminating SAP accounts and associated assignments when an employee is terminated.

One Identity Manager, certified by SAP, delivers specialized workflows and business logic through a dedicated connector for SAP R3 and native support for HANA systems, enabling direct connection to HANA databases. It offers numerous out-of-the-box templates for SAP, automatically loading schemas for users, roles, and assignments upon SAP module activation. While most use cases are covered by these templates, customization is possible for specific needs.

With a tool like One Identity, our organization can manage accounts across multiple target systems from a central identity management solution. This centralized data allows for flexible governance reporting, including custom SQL queries and pre-built reports, to validate information. Governance practices vary between companies but often involve specific access controls, timely re-certifications, and validations by data owners. For example, some companies implement frameworks with defined views, access levels, and re-certification processes to ensure data integrity and security.

The ease of customizing One Identity Manager depends on the user's skill set. Compared to three similar products, One Identity Manager is more straightforward to customize, particularly when modifying VB.NET code or writing SQL statements for reports. While some coding knowledge is necessary, the tool's predefined templates and SDK samples offer helpful references and starting points.

The user experience of the legacy web portal is unsatisfactory due to limited customization options and occasional slowness, especially during backend processes like attestation. However, One Identity is moving towards an Angular-based portal in version eight dot two and newer, which offers greater flexibility, customizability, and improved performance. This new portal may provide a more satisfactory user experience overall.

One Identity Manager helps manage the company structure for dynamic application provisioning. Our IAM system reads the company and department structures to automatically assign entitlements. Based on this structure, users are created, and permissions are assigned.

The business role functionality of One Identity Manager is crucial for businesses, especially from an audit and SOC perspective. Whether utilizing One Identity, SailPoint, or another tool, a solid IAM solution should include comprehensive audit trails, streamlined request processes, detailed approval workflow history, and other essential functionalities to ensure compliance and security.

We have begun extending governance with EntraID and are evaluating the Starling connector which provides access to many other SaaS-based applications.

Over the time we've used One Identity Manager since 2017, it has significantly improved our organization by automating the joiner, mover, and leaver process across all target systems. No more manual account management tasks are needed, which include account creation, updates, or termination when a user leaves the company. It has substantially reduced manual role assignments and made processes fully automated. The major benefit is the attestation process, conducted once or twice a year based on requirements, which ensures no unauthorized or unwanted accesses are left unchecked. It also provides clear reports on user statistics, such as active users, new joiners, and leavers.

We initially started with a small scope but have since expanded to connect numerous systems, automating the mobile egress process. Tasks like account creation, updates, and termination are now fully automated through IAM solutions, eliminating manual intervention. This automation also removes the need for teams to assign roles manually. A significant benefit is the ability to conduct periodic access attestation campaigns, ensuring only authorized users have access. One Identity Manager facilitates this process and provides comprehensive reporting, giving management clear visibility into user activity, including the number of active and inactive users, new hires, and departures.

One Identity Manager helps minimize governance gaps across our testing, development, and production environments. We utilize a three-tiered setup with a transport mechanism to move changes from the development environment to the quality assurance environment and finally to the production environment.

One Identity Manager enhances privileged governance to mitigate security risks associated with privileged users. A custom solution within the One Identity framework allows users to link multiple secondary identities to their primary identity for tasks requiring elevated privileges. This framework provides a robust privilege access management system within the One Identity environment.

One Identity Manager streamlines application access, compliance and auditing. It supports the SOX audit process conducted twice or thrice yearly. For applications connected to the One Identity Manager, governance is managed through the IAM solution itself. Instead of checking the target system, administrators use the One Identity Manager to validate requests, approvals, denials and assignment periods for connected applications.

One Identity Manager empowers application owners and business managers to make independent application governance decisions, eliminating the need for IT involvement and siloed teams. Once applications are onboarded to One Identity self-service model allows users to request roles and the defined approvers to approve them, streamlining the process and removing complexity for application owners. They no longer need dedicated teams for identity and access management or manual user access reviews for compliance requirements as One Identity Manager automates these functions. This simplifies operations and centralizes control, improving efficiency and reducing administrative burden.

Zero Trust is a broad security framework with varied implementations. Currently, our Zero Trust implementation focuses on identity and access management, specifically for privileged roles. To prevent unauthorized or accidental access, a three-stage approval process is required for privileged role requests. This ensures that multiple stakeholders validate the access, embodying the Zero Trust principle of never trust, always verify. While this is just one aspect of Zero Trust, it significantly enhances our security posture by preventing unauthorized access to sensitive systems and data.

Having worked with SailPoint and other identity management tools, I've found One Identity Manager to be quite handy, especially after seven years of experience with it. The framework is robust and flexible, allowing companies to easily adopt and extend the schema as needed. Unlike other tools I've used, One Identity Manager offers a high degree of customization. Even if the out-of-the-box templates or processes don't meet our company's specific requirements, we can readily adapt them, modify them, and build our own processes and templates.

The One Identity Manager web portal needs simplification. While a new Angular portal was introduced with version 8.2, the knowledge base lacks sufficient information and resources. Even with an Angular developer or a One Identity specialist, a knowledge gap exists due to the combination of AngularJS and One Identity schema expertise required. This makes it difficult to find resources that can effectively utilize the portal, highlighting the need for a more user-friendly interface.

One Identity Manager currently offers Long Term Support only for version 9.0. All other versions have a two-year lifecycle with extended support. For organizations managing a complex environment with numerous connected systems, users, and assignments, upgrading every two years is impractical. Extending support for regular versions by one or two years would benefit clients in this situation.

I have been using One Identity Manager for almost seven years.

One Identity Manager is stable, although there have been bugs. Sometimes product versions are released with many bugs, which affects stability. There is a need for extended support for regular versions, especially in large-scale environments where upgrades every two years are not feasible.

I would rate the stability of One Identity Manager eight out of ten.

I would rate the scalability of One Identity Manager nine out of ten.

We sometimes face delays in response from the technical support of One Identity. While we use premier support, the experience can be inconsistent, prompting us to sometimes engage technical and success managers for faster resolutions.

Neutral

We used SAP IDM before switching to One Identity Manager. The scope with SAP IDM was limited due to its inability to connect multiple systems except Active Directory and SAP system. We looked for a solution that provided greater flexibility in terms of cloud adoption and custom connectors, which SAP IDM did not offer at that time.

While the technical deployment of One Identity Manager can be completed in approximately one month, the true challenge lies in its organizational integration. Developing and connecting the system to existing infrastructure is a complex process that can take several months. Furthermore, ongoing maintenance and onboarding of new applications require continuous effort, making it an ongoing project rather than a one-time deployment.

We worked with a partner for customization but not for training. The partnership was effective, and we continue to engage with them for custom developments that are not handled in-house.

The return on investment was evident in the company's decision to automate processes using the One Identity Manager solution. Previously, separate application teams with dedicated personnel performed specific tasks, leading to higher costs and inefficiencies. With the implementation of the One Identity Manager tasks became automated, resulting in significant cost savings and streamlined processes.

One Identity Manager is fairly priced.

While we evaluated several solutions, we ultimately decided on One Identity Manager for its long-term benefits and flexibility compared to other tools.

I would rate One Identity Manager eight out of ten.

I would recommend One Identity Manager to companies, especially those that might lack prior expertise in identity management. Its predefined framework and comprehensive set of templates make it adaptable and easy to implement.

Our system is distributed across multiple locations globally, with various components and load balancers deployed in each location, including our disaster recovery sites. We have over 50,000 users.

One Identity Manager requires maintenance across its various components, including the tool itself, the database, the job server, and the web component. This maintenance ensures the environment remains operational and efficient. Maintenance requirements vary by component. For instance, web nodes undergo weekly restarts and cache clearing, job servers require service restarts, and other servers need periodic cache cleaning. Different elements have different maintenance schedules: weekly for some monthly for others, and weekly for the database. Overall, maintenance plans are tailored to the specific needs of each component.

On-premises

We use One Identity Manager for classic identity management tasks like provisioning and de-provisioning. It is employed for user requests and identity governance. It supports a comprehensive setup that includes user access, requesting functionalities, and identity governance measures.

One Identity Manager has improved our organization by providing a centralized identity management solution. It allows us to connect various systems like Active Directory, SAP, and cloud applications, offering a more comprehensive and streamlined view of user identities and access. 

As an administrator, I can see the benefits immediately on deployment because now I have a visualization. Compliance officers also see the benefits quickly. However, for the people I supervise, it's hard to adjust to the idea that everything you do is exposed. Application administrators aren't happy because I can see what they're doing. 

The stakeholders and senior leadership will see the impact only if the people below them can produce good reports. Many reports are out of the box, but you have to deploy them, and people must subscribe. The benefits are immediate for people who deal with the product daily. 

One Identity Manager helps minimize coverage gaps among test, dev, and production servers. The transport feature lets you move whatever you did in development into the test and production. Let's say you need to develop a new workflow in a developer environment. You can move every object related to that workflow to the test and, ultimately, to production. All of that is smooth and clean. 

One Identity helps you streamline application access if there is a policy. A policy can be implemented through the policy engine if a company has a policy. How can they do this without a policy? I won't decide who's supposed to access what for the company. Anything related to access controls starts with the policy and ends with the implementation. It's easy if the company has a policy. 

Application compliance is the same story. Someone has to define what it is. One Identity does not provide tons of compliance already implemented in the workflow. There's no preset for SaaS or HIPAA compliance. 

It can tell you who is a member of an AD group, but it doesn't tell you what application this AD group controls. This information is supposed to come from an application owner, who can say you need to be a member of a specific group to access this application. We can see what happens inside the application if it allows us to do that, but we cannot audit if that person has any business in the application.

One Identity Manager helps us achieve an identity-centric zero-trust model in conjunction with a combination of something like OneLogin or any other access management product. We can control what's happening, but we cannot apply it to the application layer until we have an access control product. 

One of the most valuable features is the ability for business people to input their knowledge about business processes directly into the product. It's a good tool for anyone familiar with business or technical administration. The shopping cart capability for requests and the catalog features were also initially valuable.

It's the best product for providing an enterprise view of logically disconnected SAP accounts. Sometimes, it's doing better than the SAP IG, which probably got discontinued or will be. One Identity Manager helps us connect SAP accounts to employee identities under governance. It is critical because there's no such thing as just SAP, and you want to centralize. You have Active Directory, SAP, and all the cloud applications. Every product has its user accounts, and One Identity allows you to connect them all in one place.

One Identity Manager provides IGA for the more difficult-to-manage aspects of SAP. It lets you do many different things and go as deep as you want. The solution has a whole library of specialized SAP workflows for provisioning. 

You can build a customized web interface that you can do whatever you want with. The out-of-the-box interface for administrators or anybody else can take a little time to understand. It depends on the user's maturity. You must understand what's happening before touching the product. If you have experience using Identity Manager or similar tools, it's highly intuitive. It has so many features that it takes time to adopt, but that's not because it's difficult. 

The business roles are fundamental to role-based access controls. If you don't know how to build roles, it's very hard to do. One of the advantages of this particular product is that you don't have to be a technical person to build the role. You can log in as a business owner with a newly created project and add entitlements, users, or criteria. You can do it manually or using a formula. It's easy to do without any code. 

The client application should transition to a web-based interface to improve administration flexibility. Improvements are also needed in the analytics, peer comparison, and recommendation features, as these areas were added later and require more development. More flexibility in the portal is needed for multi-tenant environments.

I have been using One Identity Manager since 2009, back when it had a different name, Active Entry. I've seen the product evolve over time.

One Identity Manager is a very stable product. The only potential issue could arise from database management, particularly with MS SQL clustering, but with competent support and management, this is not a problem.

One Identity Manager is highly scalable. Its ability to deploy agents across various locations and integrate seamlessly into multi-country operations ensures it can grow alongside business needs without issues.

I rate One Identity support nine out of 10. Premier support offers fast responses, which is critical for banking operations to minimize downtime. The professional and quick handling of issues adds significant value to the investment.

Positive

I have used Oracle, Fischer, SailPoint, Saviynt, and Omada. Omada is particularly notable for its governance capabilities, while Saviynt offers speed in implementation and support. SailPoint is dominant in the market, particularly for compliance capabilities.

If there is no existing database, you must install and configure SQL, which can be time-consuming. However, with a database, the installation is fast, taking about half an hour.

One Identity Manager is priced in the middle range but offers good value due to lower implementation time compared to competitors. Total cost of ownership is crucial where the main expense is in implementation, not licensing.

Other solutions considered were Oracle, Fischer, SailPoint, Saviynt, and Omada. IBM was not used.

One Identity Manager is not for beginners due to its extensive functionality, so it requires prior experience or maturity in identity management to fully utilize its capabilities.

On-premises

One Identity Manager simplifies user operations and provides security features, including automatic blocking of inactive accounts and timely access revocation.

My user experience with One Identity Manager involves using Identity Access Management to provide security, compliance, and visibility. We have implemented RBAC, where we define roles and responsibilities based on job functions or permissions. We have SoD (segregation of duties), ensuring that no single user has permissions that could lead to conflicts or fraud. The benefits include reduced security risks, lower costs with SSO solutions, enhanced user experience compared to other solutions, and improved compliance with regulations.

Customization for One Identity Manager is based on client inputs. We can detail and break down the inputs for customization, including user interface customization, where we include manager and launch pad features. For example, we implemented the Genesys application for the service desk, where we can monitor daily calls, frequency, and agent performance. This implementation helps showcase to customers our multiple checks and background processes internally. We provide recording sessions to users for review and daily improvement. Configuration parameters come under several aspects based on system behavior. One Identity Manager provides default parameters for particular solutions, allowing an overview of the tool.

In my experience, the best features in One Identity Manager are under SSO (single sign-on), where we can save passwords and don't need to authenticate each time when accessing applications. This extends to the creation of privileged IDs and account creation in AD. 

Perhaps support could be improved. The knowledge base articles and wiki resources we currently use may not be applicable in every situation, as they often depend on the specific inputs or problems presented by users.

I have been using One Identity Manager for six years.

It is stable. 

We provide solutions for enhancing access governance with One Identity Manager, including identity verification and improving system security procedures. This includes designing and implementing IAM solutions for legacy systems, cloud migrations, and multifactor authentications. We implement MFA solutions for applications with larger audiences. We manage roles and responsibilities in IAM technology and conduct risk assessments to identify potential vulnerabilities. The identity verification process comes as an automatic solution, streamlining user onboarding and offboarding in the organization.

Our clients are enterprises. We have more than 50 specialists.

We use their regular support. I would rate their support an eight out of ten.

Positive

For identity access management, we have used multiple tools. When I was working on a banking project, we used a right modeling tool and Sphere and AD to create users in AD and Nsphere, which is an internal tool of a particular project. Whatever we handle in AD and the right modeling tool reflects in Nsphere, which serves as a portal where all users are displayed, and we can see which level of access is required for a particular application. Being in the banking sector, we have an N-3 approval format. Based on approvals, such as line manager approval, we make changes accordingly. We worked with privileged IDs where particular users want different sets of privileges for their accounts. For example, with my particular account in the banking sector, I can give third-party users access to my entire bank for read, write, and edit capabilities. For some users, I can give only read access, allowing me to segregate the privileged IDs and privileges for users who can access my application or banking portal.

In another project for insurance, we used applications in SAML and OIDC. For OIDC applications, we asked the end user to provide the client ID and based on that, we shared the configuration directly to their email IDs. They could copy-paste the same configuration to make the portal easily accessible. With SSO and One Identity Manager implementing that configuration for OIDC applications, they can easily access their portal without multiple authentications. Through single sign-on, users can sign in once and access the portal without passwords.

From my knowledge, One Identity Manager makes customer operations easier compared to other solutions. When customers have different applications or solutions but want to migrate to One Identity Manager, it's because of enhanced security and the convenience of the SSO process.

The setup is somewhat tricky because providing on-premises ID access requires following specific justifications and naming conventions, with different sets of servers to be added for users. We must be conscious while providing access to servers. For instance, if a user requests access to 10 servers, we need to evaluate whether they truly need all server access and can segregate permissions for cost and security reasons after consulting with line managers.

The cost is handled by customers, but it doesn't seem to be very expensive. It seems fairly priced.

We use One Identity Manager for business roles, implementation capabilities, SSO bypass, and automation deployment with guidelines. The licensing helps consolidate procurement when generating audit reports. We follow basic steps such as end-user satisfaction and improvement in regulatory functions to reduce business risk. We implement changes according to the system lifecycle and role-based access control. 

Privileged users receive separate access, enabling them to access cloud applications. With a privileged ID account, users can access CyberArk, Entra, and Office 365 to manage licenses. One Identity Manager provides good security through SSO and MFA implementations. While there can be dependencies during new configuration creation, we work to provide better user satisfaction and support. 

I would rate One Identity Manager a ten out of ten.

On-premises

We use this solution to enable a lifecycle for all the accounts we have in our Active Directory. One Identity Manager helps us enforce rules and renewal periods. It assists in tracking useless accounts to ensure that we do not retain people's accounts once they leave the company. We are extending the solution, highly customizing it to associate almost every object in our Active Directory with an identity. Every identity has a lifecycle and specific rules enforced by One Identity Manager.

The benefits are significant for us. We had no real central governance before implementing One Identity Manager. Being a large organization operating in 60 countries, it has helped us regain control over Active Directory. By enforcing rules, processes, workflows, and account lifecycles, it aids in cleaning our Active Directory and enforces strong workflows in user management.

One of the best features of One Identity Manager is its high level of customization. Since deployment, the solution has been tailored extensively to fit our specific needs. Its out-of-the-box capabilities are commendable, allowing for evolution and integration within an on-premise environment. For us, being able to customize the product to our requirements has been incredibly valuable, turning it almost into an in-house solution.

The new portal is in a specific technology that is more difficult to program. While it is a specific decision, the customization will become harder. A real SaaS solution could be provided rather than an on-premise product deployed on One Identity Cloud. Although we are not the target for this kind of improvement, a pure web-based SaaS solution could be beneficial for smaller companies.

The solution started deployment in 2018. My personal experience as a Functional Analyst with the solution is approximately two and a half years.

I was not part of the company during the initial deployment. However, it was relatively easy because it came out of the box. Upgrading is more challenging due to the extensive customizations we have, but this difficulty is more related to our use of the solution rather than the solution itself.

We have not experienced many issues with the tool itself. The problems we face are more related to our database consumption due to the high number of users. In terms of stability, I would rate it highly.

We have not needed to increase scalability much, and One Identity Manager supports a large number of users effectively. I would rate its scalability as strong since we have not experienced any significant challenges.

The technical support could be improved, particularly for architects with advanced knowledge. I have heard that the forums, moderated by One Identity experts, are helpful. Although sometimes support can take time, we have not raised any serious alerts about the quality of support from One Identity.

Neutral

We had no Identity Management solution before One Identity Manager. Compared to our previous situation, the solution provides significant benefits in terms of automation.

The initial setup was straightforward as the solution came out of the box.

We are working with a consulting company that provides specific support and resources for us, but they are not direct partners of One Identity.

One Identity Manager saved us approximately thirty to forty percent in terms of time, money, and resources compared to our pre-deployment setup. It significantly improved our control and management efficiency.

We have a global ELA, which means we do not have licensing issues. The price is correct and the relationship with the sales team is excellent. They are open to discussions whenever savings are needed.

I have no other experience besides Okta. Okta is more of an out-of-the-box solution with less customization opportunity, while One Identity Manager is a full product.

I would recommend One Identity Manager due to its customization capabilities. It allows you to adapt the solution to your specific needs. However, for smaller companies without high-level expertise, a pure SaaS solution may be less intimidating. I would rate One Identity Manager at a seven out of ten overall.

On-premises

We are currently using One Identity Manager for identity management, but not for access management. I have extensive experience with One Identity through previous work with large insurance and utility clients, both of which heavily utilized the platform for identity and governance.

One Identity Manager connects SAP accounts to employee identities under a governance framework. Many companies utilize SAP SuccessFactors for HR and customer management, including onboarding contractors. Since the HR data originates from SAP, seamless integration with the chosen product is crucial for efficient operations.

One Identity Manager delivers the subspecialized workflows and business logic.

In both of my organizations, One Identity Manager was not the primary interface for users. ServiceNow typically served as the front-end portal, while One Identity Manager functioned as the backend engine to fulfill requests. Consequently, primarily managers and administrators interacted with One Identity Manager for testing purposes, and their satisfaction with it was generally positive. Our current organization uses a request-based portal. In contrast, my previous organization employed six versions of One Identity Manager, which has since evolved to nine, indicating significant progress. While earlier versions required extensive customization, the current iteration is more functional.

Our SAP Security team manages several internal roles, each requiring specific access controls. To determine user access based on their position or SAP role, we need a mapping system, which is why we implemented business roles. We also utilize business roles for user onboarding lifecycle management. However, some applications remain disconnected and reliant on AD groups, necessitating additional rules for access control. The functionality of the business role is crucial for effectively managing these access requirements.

We use One Identity Manager to extend governance to cloud applications like ServiceNow. This is achieved through Starling Connect, a One Identity product that allows us to deploy connectors. While we can use generic connectors and APIs for connectivity, Starling offers pre-built connectors for specific platforms, such as SuccessFactors and ServiceNow, simplifying the onboarding process for these cloud applications. We leverage this capability to streamline our governance efforts.

Some of the benefits we have seen from One Identity Manager include its ability to streamline user lifecycle management and the use of attestation for verification. Additionally, request-based calls from ServiceNow have been significantly improved, providing a seamless user experience.

One Identity Manager helps minimize governance gaps across test, development, and production servers, particularly for Active Directory and SAP. We've developed attestation policies that enable regular verification of all accesses, effectively bridging these gaps.

Creating and managing admin accounts, including managing inactive users and potentially disabling their access, has significantly reduced the AD team's operational workload. Similarly, onboarding applications onto the SAP system has streamlined operations and minimized administrative effort.

One Identity Manager's structure is much cheaper than any other product in the market.

One Identity Manager helps streamline application access decisions, compliance, and auditing.

One Identity Manager helps application owners or line-of-business Managers make application governance decisions without IT. Many reports can be used daily, weekly, and quarterly to manage and validate user access.

Being able to manage access without the need for IT has helped reduce the workload of the Operations team.

The SAP integration is One Identity Manager's most valuable feature. It offers a strong, out-of-the-box integration that is easy to implement, a significant advantage over many other products that often lack this integration component.

While we are not currently using privileged accounts, data governance is a concern. Reports and customization are expensive, and the user interface reflects this complexity. We've encountered issues with the cumbersome user interface and slow performance. Unlike products like SailPoint, we have limited control over customizing performance and the user interface. The tools provided for UI customization are not user-friendly.

The UI customization is tricky. The web interface product that One Identity Manager offers is a bit tricky to use, and no extensive documentation is available on how to do the customization.

Their support is inadequate. Raising a query often results in days-long waits for responses. Even when tickets are acknowledged, cases progress slowly toward resolution. Overall, the product lacks sufficient support.

While generic connectors exist, some specialized connectors require additional capabilities. Simplifying the connector process would be a valuable improvement.

I have been using One Identity Manager for five years.

One Identity Manager remains stable as long as the environment doesn't change.

One Identity Manager is scalable by increasing the capacity of the servers. 

The technical support response time is lacking. It can take days to hear back from them.

Neutral

I've worked with IBM Tivoli, SailPoint, and RSA Aveksa.

The optimal identity manager depends entirely on a company's specific requirements. If a company primarily utilizes SAP and Active Directory, One Identity is suitable and easy to implement. However, for extensive customization, a product like IBM or SailPoint might be preferable due to their flexibility and ability to create a completely custom user interface. These platforms also excel in complex workflows, such as those found in banking, and offer robust CI/CD integration through Java scripting. In contrast, One Identity's change label system falls short of modern development practices, making it less appealing for organizations that prioritize agile methodologies.

The initial deployment is straightforward.

One Identity Manager requires a primary database to store all information. A secondary, optional history database can be used for archiving data to manage database size. We can combine the web server and job server functions on a single server, or use separate servers for each.

Provided all necessary requirements are met, a deployment can be completed within two days. While one person suffices for moderate deployments, larger or more complex projects necessitate a team of two or three individuals.

We have seen a return on investment.

One Identity Manager's pricing is reasonable.

I would rate One Identity Manager seven out of ten.

When we upgrade to the latest version, it includes three years of support.

We currently have 4,000 users and 20 applications that utilize One Identity Manager. We also have one team that manages it.

One Identity Manager is a suitable choice for simple implementations, but if your customizations are extensive, consider other solutions. Additionally, if your environment is not heavily reliant on SAP or Active Directory, or if you have Linux-based servers, carefully evaluate the feasibility of implementing One Identity Manager.

On-premises

We use One Identity Manager for workforce identity and access management. We have implemented basic controls like joiner, mover, and leaver processes for our employees. 

We are integrating our most critical and important business systems and applications into it, handling the access management to those systems using One Identity Manager. 

I like the solution since it is very flexible, and I can basically do everything that I like and need with it. 

I appreciate its automation capabilities a lot. Through automation, we have been able to reduce the number of service requests and tickets to our vendor. We have also managed to reduce the cost quite drastically in that sense. 

Additionally, by automating the access reviews, we have saved considerable time for our business leaders, even talking about several full-time equivalent savings concerning access review automation.

It works well at an enterprise level. We use it as a centralized platform for the whole identity.

It is a flexible system and we can customize it the way we want.

We use the business roles to map company structure for dynamic application provisioning. This is a very important aspect of the solution. 

We use the solution to extend governance to cloud apps and this is very useful for us.

Through automation, we have been able to reduce the number of service requests and service tickets towards our vendor, and we have been able to reduce the cost quite drastically. By automating access reviews, we've been able to save quite a lot of time - up to several FTEs. When we launched the system, we had quite a wide scope and saw results immediately. 

The solution helps us achieve an identity-centric zero-trust model. As you are getting your identity only through a centralized system and also getting all the accesses attached to that identity and all the accounts attached to that identity through one system, then it is possible. We also handle access to any system through that one solution. When we do that, we have a full picture of the identities and what kind of accounts and entitlements they have. Having the full picture and having the governance of the whole entity when it comes to access management allows security to be tight. Also, the controls that we have in place then, for example, joiner, mover, leaver, that helps in maintaining that zero trust principle.

In regards to the front end, the portal that is offered to our users needs improvement. There is room for improvement on that side, particularly in user experience. It is not as intuitive as I would like. If there is something to improve in One Identity Manager, it is the end-user experience. 

The database structure is quite complicated. I don't know if it can be improved or if it can. It will probably be a long journey. The most important thing is to think of our customers, and then the user interface is the part of the system that needs some improvement.

We can customize it, however, we need skilled resources to do so. There aren't as many skilled people in the market.

We launched it in October 2023. However, we started implementing it in 2021.

We rely on vendor support, and I would rate it as ten. We mainly receive support through their partner. 

Positive

We did quite a large comparison when we chose this system, and I see that there are systems in the market which offer the same functionality. However, there are also a lot of systems that are more restricted in the functionality they offer. There are maybe a couple as large and with as many capabilities as One Identity Manager. One Identity Manager is one of the top systems in terms of capability offering. That's the reason why we chose it for our company's purpose.

Our experience was complex, however, it was not due to the system. It was due to the wrongly chosen partner who didn't have the needed skills to implement it properly. 

It also depends on the scope of what needs or is wanted to be implemented as the minimum viable product. I wouldn't say that it's complex, however, maybe not easy either, so maybe something in between.

We implemented via a partner. They are the ones doing the customization if we do any currently. Our partner organized the training, however, the training was given by One Identity itself.

We have been reducing costs and saving several full-time equivalents by using automation.

I would rate the solution overall as eight out of ten based on the bad user interface.

On-premises

I use One Identity Manager for RBAC in my current project. We do provisioning and de-provisioning. After running certification campaigns, it automatically aggregates. I also onboard several applications in One Identity Manager. We also use it for audits, recordings, and activities like entitlements or policies with segregation of duties.

We use out-of-the-box connectors for SAP to automate account provisioning and de-provisioning and ensure the right access based on roles and responsibilities. For access governance, we also handle detecting and resolving conflicts. It reduces administrative overhead related to provisioning, de-provisioning, and role authorizations. When it comes to password synchronization with SAP systems, it ensures a smooth user experience. For disconnected SAP accounts, it helps to align the business processes and data flows. We have centralized dashboards providing a holistic view of identities, roles, and privileged access.

We also have Active Directory, Azure AD, and other enterprise applications. It serves as a single source of truth to ensure roles and privileges align with organizational policies. We can view policies and conflicts and also have custom rules.

It provides centralized administration through a single pane of glass. We can manage users' roles and entitlements, identity lifecycle management, and access review management. We can connect both on-premises and cloud systems, ensuring centralized provisioning. With automation for tasks like provisioning and password resets, we can efficiently manage a large user base in complex organization structures.

The analytics provide real-time insights into access, policy violations, and system health. We can also identify potential risks or inefficiencies.

One Identity Manager provides pre-built connectors, requiring minimal effort for standard user cases and workflows. All the common attributes are preconfigured. However, for customized and more complex use cases involving dynamic rules or unique compliance requirements, we need to use PowerShell scripts or APIs.

Business roles help map company structures for dynamic application provisioning. There are predefined templates for common business roles. It supports hierarchical roles and dynamic assignments. The drop-and-drag interface simplifies role creation and assignments and policy integrations. For example, when a new employee joins the finance department, the system dynamically assigns the required role containing the required access and privileges.

It has pre-built connectors for popular cloud apps such as Azure AD. It helps with policy enforcement for implementing RBAC and ABAC for governance across cloud and on-premises systems. We can automate access reviews and certifications for cloud applications ensuring ongoing compliance. We can also dynamically assign and revoke access to cloud apps based on the lifecycle events, such as onboarding, promotion, or termination. It supports monitoring user activities within the cloud apps, providing detailed audit logs and reports for compliance. It also helps with user access requests via self-service portals with automated approval workflows for cloud apps like Salesforce.

It helps with better license management and reduces over-provisioning. We can also track user licenses for cost-saving opportunities, audit reports for compliance, and vendor agreements. We can also create business rules to automatically revoke licenses with a role change. When it comes to the cloud application platform, it synchronizes license date and usage.

Its benefits were seen immediately after the deployment.

One Identity Manager offers identity-centric security, acting as a single source of truth by centralizing identity data for users, devices, and applications. It supports role-based access control and automatically assigns and reworks roles to minimize privileges. 

The solution integrates multi-factor authentication, enforcing stronger measures and requiring identity verification for accessing critical resources. It continuously monitors user behavior in real-time, triggering automated responses, and manages secure access for both on-premises and cloud applications using protocols such as SAML.

Additionally, it facilitates RBAC, provisioning and de-provisioning, certification campaigns, onboarding various applications, audits, and reporting with segregation of duties.

It can have a clearer navigation map of the user interface and user provisioning. The documentation lacks step-by-step details on common tasks like creating roles, running action reviews, and version control. Enhancements could also be made to feedback mechanisms. In development, understanding workflows and integrating ORDM skills with SAP could be improved.

I have been using One Identity Manager for approximately two to three years. I previously worked with an organization in India, where I utilized One Identity Manager. Currently, in my project in the US, I am working in the retail domain, and I am using One Identity Manager here as well.

I have worked a lot with SailPoint, so its deployment was easy for me. The deployment duration varies from project to project.

In terms of maintenance, it sometimes requires updates.

Pricing depends on licensing models, such as per-user licensing and feature-based pricing. Additional models like governance, provisioning, and reporting increase costs. Cloud or on-premises models follow different pricing approaches. On-premises might incur higher costs.

The cost also depends on integration systems like Active Directory, SAP, and custom connector requirements. Scalability influences costs, with larger organizations potentially benefiting from cloud setups. Cloud setups might be more cost-efficient compared to on-premises solutions.

I would rate One Identity Manager a seven out of ten.

We are a system integrator and used One Identity Manager for our client.

One Identity has many built-in features. It's a highly suitable platform for enterprise-level organizations to integrate with existing systems for complete account management and other related functions.

Although someone new to One Identity may initially find it a little difficult, the intuitive interface is easy to navigate for experienced users.

Due to its many built-in features, customizing the solution to meet our customers' specific needs is straightforward. With sufficient knowledge of the platform and tool, we can easily tailor the solution according to our customers' preferences. Simply exploring the available features will help us uncover the possibilities.

Without One Identity Manager, we would need multiple platforms to connect our source and target identity systems. However, One Identity allowed us to consolidate role management, access management, identity management, and other functions into a single platform, significantly streamlining our processes.

One Identity Manager simplifies application governance by streamlining access decisions, ensuring compliance, and facilitating auditing. Previously, users required individual interactions with application teams to gain access. However, with One Identity integrated into multiple applications, users can now submit access requests through a dedicated portal. This initiates an automated workflow that grants access directly through One Identity, significantly reducing users' and administrators' time and effort.

We successfully implemented an identity-centric zero-trust model, but its effectiveness depends on the people and the architecture used to implement the solution. The platform provides the necessary tools, but the success of its application hinges on the users' ability to leverage its features effectively within their specific use cases. If users can successfully implement these features, One Identity proves to be a valuable platform. However, the underlying architecture within the platform and our processes also play a crucial role in overall success.

One Identity Manager provides a wide range of features that enable connection to numerous target systems. It also includes built-in capabilities to automate user onboarding and offboarding processes.

One Identity Manager offers numerous features, including role management. We can create custom bot-specific roles, integrate with external systems, and grant users access upon onboarding within our system. The tool's automation capabilities are particularly valuable. They allow us to schedule tasks for execution at specific times, eliminating the need for manual intervention.

The platform's user experience presents several challenges. Its complex features and numerous tools make it difficult to understand without significant effort. The web portals and documentation are also not user-friendly, hindering knowledge acquisition.

We must create business roles specifically for the platform rather than due to architectural requirements. While this is unnecessary additional work, it is mandated by the platform. We believe utilizing system roles to grant application access would be more efficient. However, the platform necessitates the creation of business roles on top of system roles for access control, which we find challenging.

The documentation I found in their repository is neither interactive nor engaging. They should include simple examples or sample use cases demonstrating how to use the product for specific features.

For most applications, we must configure connections. One Identity Manager lacks a robust built-in connection system or connectors for diverse target systems. This area could be improved. Consequently, for built-in applications, we must define connections ourselves.

We are using an on-demand version for our client and have encountered some database agent issues. Therefore, the number of database agent issues needs to be reduced.

I have been using One Identity Manager for one and a half years.

The stability of One Identity Manager hinges on the project's specific implementation or architecture. We must analyze project requirements to select the appropriate One Identity version; in this case, the on-demand version is necessary due to our high user count. This choice will help maintain platform stability. While One Identity itself is not inherently flawed, its success relies heavily on the architecture team's design.

One Identity Manager's scalability depends on the specific implementation or architecture.

SailPoint is a platform similar to One Identity Manager that we also use, both offering identity management solutions. While One Identity Manager offers more features, making it a strong choice for us given our expertise, it has limitations regarding target system integration and user interface. One Identity should expand its default integration options to include popular systems and enhance the user interface with a more intuitive and visually appealing design to maximize its potential, improving the overall user experience for extended work sessions.

We engaged our One Identity Partner, Quest Global, to provide post-implementation support, and we are pleased with their responsiveness. The issue's priority level determines their response time. High-priority issues receive immediate attention with a scheduled troubleshooting call, while medium-priority issues are addressed within hours. Lower-priority issues will also be resolved promptly. Overall, we are satisfied with their support.

I would rate One Identity Manager eight out of ten.

I participated in a one-week training session provided by the partner, and it was exhausting because we had to listen to the trainer for eight hours each day and then work.

The support that our One Identity partner provides is valuable.

Due to our implemented automation, One Identity Manager requires ongoing maintenance. Constant monitoring is necessary to ensure the workflow operates as intended. This monitoring demands individuals with expertise in the tool to comprehend the process and identify potential issues.

Our One Identity partner helped us implement the customized features that our client required.

We currently have 100,000 users and have connected with around 15 target systems.

I recommend One Identity Manager to others. I suggest the on-demand version for organizations with a high user count.

Public Cloud

Microsoft Azure