One Identity Manager Reviews

Our company hosts our on-premises application with this solution. It is not a complete SaaS product but rather a hosted environment in their tenancy. 

We have an internal team of four administrators and site developers who manage the solution and provide support to 2,000 employees. Our operational model includes contracting with professional services for new development, managing releases, and deployment. 

The solution is a typical, conventional IGA but the tool itself offers many options for customization. Some other products are easier to implement but don't have the same customization capabilities. 

The product must include SaaS in the future. 

The use of the administrative tools is cumbersome because too many are required for configurations. For example, the solution requires master usage of eight different client tools so it is excessive to manage the product. A small fix or deployment requires opening three or four different client tools that are not intuitive or easy to use.

The user experience and interface need additional improvements. Version 8.2 included improvements to the GUI and the inclusion of Angular JS which is better. However, the interface for 8.5 is a bit basic. 

Mastery of VB.NET is required to develop using the solution. Most developers use Java or .Net and VB.NET kills the vibe. We have to use VB.NET internally when working within the solution and that really needs to be modernized. To be honest, no developer is interested in learning VB.NET because it is a substandard language compared to newer options. 

I have been using the solution for six years. 

The solution is very stable and we rate it a twelve out of ten. However, reaching that stability is torture. 

We had issues and bugs because of customization requirements and it took us a year to go live. Too many custom processes cause issues even though the end result is stable. Gathering things to implement and install takes time. In our case, the implementation document for us to go live was 500 pages and that was a bit terrifying. 

The solution is scalable and the database is the key element in integrations. Everything connects to the central database which is a benefit because then the database becomes the central configuration management tool. If you upload DLL code to the database, it pushes it to other components. It is a well-designed central configuration approach. 

This approach can be a bit of a drain on performance because everything is connected to the central database. It is important to keep on top of database health with the solution.

Support needs to be better because this is a framework-style product and your own developer needs to be able to work efficiently with theirs. Sometimes a problem is in the development code, not the core product functionality. It takes too much time, as operational support to investigate and find the root cause. The solution offers amazing functionality for the framework, but if you didn't write the code yourself you are in trouble. 

For example, if a third party writes code and then their involvement ends, an issue in production that needs support won't get it because the third party's code error is an unsupported area. 

If your company's active management processes are not aligned with ISO or NIST standards, a lot of customization is required and this is the best solution. For ITSM, this is also the solution to use. 

If your processes are aligned then other solutions are appropriate. For a product like SalesPoint, the solution might be ServiceNow. 

The initial setup is very complex and I rate it a four out of ten. 

Deployment depends on the project scope. If the project is smaller, you can connect with Active Directory and auto RMS on the same day. However, if you want joiners, movers, or leaders to go live, it becomes more complex. 

The pricing is good and I think more money is made out of selling professional services than the product itself. 

Developers who have worked with the product won't need the assistance of professional services. It is easy to implement once you are accustomed to the product. 

Someone new to the product would need 20-30 days of services a year and in that scenario, it is expensive to develop and maintain. 

I rate this solution a six out of ten. 

We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.

In terms of what I found most valuable in  One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.

A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.

I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.

Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.

I've been using One Identity Manager since 2008.

One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.

Scaling up One Identity Manager is extremely easy.

I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.

We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.

In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.

How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.

I've seen ROI from One Identity Manager.

The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.

We evaluated SailPoint and Saviynt apart from One Identity Manager.

I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.

Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.

My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.

I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool,  the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.

My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.

My clients use One Identity Manager to streamline and enhance their identity and access management processes. Whether it is a university simplifying student onboarding, or a global corporation managing employees across multiple branches worldwide, One Identity Manager helps them efficiently onboard, move within the organization, and offboard individuals. 

One Identity has transformed our organization, particularly in streamlining the join, move, and leave processes. It has shifted these from being manual or non-existent to around 80% automation, making a significant and beneficial impact. Clients, especially in large enterprises, have experienced drastic improvements with One Identity.

One Identity Manager has helped minimize governance gaps, particularly in the transition from test to development and production servers. This has significantly streamlined our operations and simplified the delivery of functionality for our customers who utilize One Identity Manager.

One Identity Manager has helped establish a privileged user governance stance, particularly in recommending regular reviews or rotations of privileged accounts. This approach is not only for privileged accounts but also for general usage analysis, ensuring unused accounts are closed, and optimizing licensing. Overall, it contributes to a more robust IT governance framework.

One Identity Manager helps consolidate procurement and licensing processes effectively.

The most valuable features are centralized Identity Management, robust Access Governance, and One Identity Manager workflow automation, simplifying user management and compliance.

In terms of improvement, the web portal for end-users in One Identity Manager has improved but could still see enhancements. The training for admins is crucial, and once you gather the knowledge, it becomes fairly easy. However, documentation could be better, especially for new features. It currently doesn't cover everything comprehensively, making it challenging to navigate some aspects. Improvements in documentation would be beneficial.

I have been working with One Identity Manager for four years.

It is quite a stable product. I would rate the stability as a nine out of ten.

I would rate the scalability of the product as an eight out of ten.

As a partner, we have access to a higher level of support, either gold or platinum. The support experience is generally good, and I would rate it around an eight out of ten.

Positive

Compared to Microsoft, One Identity Manager provides more granular and customizable solutions,  and although it can be used for managing cloud applications and user directories, it's primarily made for managing on premise tenents. The downside of OneIM is the documentation and training. 

The initial deployment of One Identity Manager can be straightforward with the right tools and knowledge, especially if using specific deployment tools. It typically takes around two working days for a basic installation. The solution requires maintenance mainly in the form of periodic upgrades to stay current. Other than upgrades, regular day-to-day maintenance is minimal, focusing on ensuring the application is up and running.

We are consultancy specialising on OneIM implementation. We are experts.

When properly planned and executed,  it should be pretty decent ROI

One Identity Manager is fairly priced, especially for large corporations or enterprises.

We use One Identity Manager for SAP integration, but it has some limitations. Managing logically disconnected SAP accounts can be challenging, and the solution feels somewhat incomplete. As a consultant, there is often a need for additional customization to address the intricacies of SAP integration within the broader One Identity Manager framework.

One Identity Manager connects to SAP accounts for identity governance. However, it is not the primary feature our clients emphasize. While useful, it is not the main driver for most organizations adopting One Identity Manager.

One Identity Manager provides Identity Governance and Administration for challenging aspects of SAP, including key codes, profiles, and rules. In a broader sense, it addresses these complexities within the SAP environment.

One Identity Manager is a solid choice for enterprise-level administration and governance. It effectively handles users, data, and accounts. While not perfect for privileged accounts, its integration with a complementary solution makes it a sophisticated option in the on-premise IGA landscape.

The user experience of One Identity Manager is unique, but it is not straightforward for an outsider. It requires some learning, and the navigation can be challenging without guidance. Overall, it is a complex system that benefits from the expertise of consultancies like ours.

Customizing One Identity Manager depends on your expertise. For experienced users, it is straightforward, but for beginners, especially in the first year, it often requires consulting with senior experts. Customization can be simplified with the right knowledge.

I use the solution's business roles to map the company structure for dynamic application provisioning. The business role functionality is crucial for us and our clients.

We use One Identity Manager to extend governance to cloud apps. It is essential, and I would rate its importance around seven on a scale of one to ten. Many customers, including us, find it valuable even if they don't plan to move entirely to cloud servers.

One Identity Manager helps streamline aspects of application governance, particularly in making application access decisions. The effectiveness largely depends on the implementation by the consultancy. If done correctly, it can greatly enhance application governance.

One Identity Manager has enabled application owners and business managers to make governance decisions without involving IT. If implemented correctly, there is minimal to zero IT involvement, allowing them to approve applications, manage access, and handle licenses directly through the One Identity Manager web UI. This aligns well with achieving an identity-centric zero-trust model.

I would recommend One Identity Manager, especially for large enterprises. However, it is crucial to consult with the customer first to ensure it aligns with their specific needs and requirements. Performing a proof of concept could be beneficial to validate its suitability for their environment. Overall, I would rate the product as an eight out of ten.

One of the key use cases is certifications for SOX applications. Another is centralized onboarding and offboarding. Another use case is the Self Service using the IT Shop, which gives us a repository of entitlements that people can request and then have the approval workflows, and document the approvals for SOX and other regulatory requirements.

The appliances we use for this solution are VMs. We went with that version because we're forced to. We're not allowed to use physical hardware. Our infrastructure group requires us to use VMs.

The process prior to One Identity was very manual for certification for SOX applications, using Excel spreadsheets etc. We were able to automate that process. Right now we're doing approximately 250,000 automated attestations every quarter. The time it takes to do those is greatly reduced. For example, with our financial system, reviews used to take two-and-a-half months to complete and now we have 90 percent compliance within two days. 

When it comes to onboarding and offboarding, prior to our launching of One Identity Manager, users were provisioned disparately across the globe in all of our offices. There was no consistency or structure. We have centralized that and it's based on the HR data for new hires. And more importantly for "leavers" — and that was always an audit point, for not catching the leavers — we have a feed from Oracle as well that promptly disables access on the user's last day of work. That is a key use case.

In terms of integrations, we have a custom connector with our ERP system, JD Edwards. The process to build the connector was lengthy. It took us about six months. It was not easy. But with it in place, we improved the time for doing the recertifications. Once they saw the efficiency of the attestations for that, everyone was wanting to get on board with other apps as well.

The most valuable features include the 

• automated attestations or recertification
• IT Shop, which reduced calls to the help desk by 60 percent from users not having to contact someone to request access to something. Now, they go to the Self Service portal. 

Those two are the biggest wins.

In addition, when it comes to usability and functionality, users are always the most difficult to please. But when we went to version 8, we actually had zero negative feedback. We had people who were praising the UI of the new version. It was very well received. We had no pushback or anything negative that we had to address.

Another huge win is that a lot of our producers and salespeople are constantly on the road, and making them log into a portal for approval was very difficult. Once we implemented the approval feature, those users were extremely happy with it. It saves time and helps the end-users to become productive sooner because they can do the approvals.

There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking. 

Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.

We've been using One Identity Manager since 2013.

Once we went to version 8 it became very stable. Version 6 had a lot of issues with performance. But all of those were resolved with the new infrastructure and table structures. We are never down. We are 99.999 up.

One of the reasons we bought One Identity was for scalability because we grow through acquisitions. We have about 40,000 internal users currently, but two years ago we only had 20,000. We knew that we would grow and would have to have something that would grow with us.

We have really good support. We tend to deal with one support person in particular, so he knows our environment well. We have a great relationship with their support in general.

Avatier was our previous solution. It couldn't scale with us. It was for a company with one domain, but we have about 12 domains and one forest. Even though it sat on a .NET framework, we could not do our own development so we were constantly going back to the vendor for enhancements.

The initial setup was straightforward. It's really easy to install. The out-of-the-box functions really are out-of-the-box. You're not having to do a lot of custom development. 

This is our second-generation tool, our first generation being Avatier. With our use cases already defined in that — and that's probably the longest thing that it will take to get done to get across the finish line — we had One Identity up and running within less than three months.

Because we have multiple divisions around the world, we broke up our implementation by region and then by division within those regions. We would launch a division and then leave a week between and then launch the next one so that we always had time in between. That's one of the things that I tell people: Do not do a big-bang launch because it will not be successful. You have to do a rolling launch, in my opinion.

When it came to training, we broke it up into the various populations. We did end-users, we did managers, and we did requesters. We developed that training internally. We did on-demand training modules as well as live training. From an engineering perspective, I did send engineers to One Identity. However, out-of-the-box, it was pretty straightforward. Based on the knowledge transfer from Professional Services, they were able to adequately manage the tool.

For our initial implementation, we used One Identity's Professional Services. Our experience with them was good. They knew the system and they were able to deploy our use cases.

Our migration project with iC Consult happened about two years ago. We were on version 6 and we had just started to undertake a move to version 7 but 8 had come out. We decided to go ahead and jump from 6 to 8. The reason we decided to do so was that that migration took nine months and, while version 7 did not have a UI change, 8 was going to have a UI change and we could not put our users through two upgrades. We had to think about our end-users and jumped straight to 8.

But iC Consult is phenomenal. I recommend them a lot. Many of their consultants and engineers came from the original Volcker Informatiks, which created the tool that we see today. Their employees have fundamental, foundational knowledge of the tool inside and out. They had the scripts, they knew the tables that needed to be restructured, inside and out. It was just an amazing, smooth process. I have colleagues who have fired up to three partners, in trying to get themselves migrated off of 6 to 7, because they were not successful. They are still on 6 and are trying to get funding — because they've thrown away so much money — so they can get iC Consult to come in because iC Consult just knows its stuff around the tool so well.

Our experience with iC Consult was outstanding. They were very involved. During our go-live weekend, Ulli, who is CEO of the Americas now, was pulled onto another project. They felt confident we would get through it without him, but at their own cost they sent another engineer to the US to be here during the migration. They were always very thoughtful around making sure that it would be successful and that we felt confident that the right resources were available.

Because of their knowledge, the iC Consult consultants were able to hit the ground running. So many consulting companies will come in and it takes them a while to get the lay of the land. They've got junior people on the account. We did not have that experience, thank goodness. I had come from a consulting company that was renowned for just not putting the best resources on projects and thus it stumbled and failed. The iC Consult consultants' maturity levels and their knowledge around the tools allowed them to hit the ground running with no issues.

We were completely satisfied. We have used them continuously since then. I have a very lean team — I only have three engineers to handle the global program. So iC Consult will do special projects that we just don't have the time to focus on. They can go off, uninterrupted, and handle those for us.

We have seen return on our investment with this solution, especially, as I mentioned, regarding the attestation recertification. The time that people have to focus on their real jobs and not spend it doing recertifications is huge.

We had gone into PoC, originally, with Avatier, CA, and Quest. But Volcker had been purchased by Quest soon after. We liked Quest, we liked our salesperson and when the tool began to grow and when we re-org'd and I was allowed to choose a different tool, we decided to do a PoC.

From a cost perspective, One Identity has the biggest bang for the buck. We do not have a large team and I cannot spend a lot on services. I wouldn't even look at the likes of IBM and Oracle because I know how expensive they would be.

It isn't just this product. IAM projects never come in on time or on budget. It's just the nature of the beast. But definitely have your use cases thoroughly defined. If you have those, the configuration will come rather easily.

Even though customization is available, you need to be aware of the dependencies and the other features that may be negatively impacted if you don't do best practices. You want to make sure that you're using best practices and not just configuring something because that's the way it's done in your company. That could negatively impact the other features that do adhere to best practices.

We use it to manage all identities within the company. We use it to monitor users when onboarding and offboarding. We also use it for all the related accounts, such as SAP accounts and AD, to give permissions to our employees within these systems.

We do all the privileged management as well within One Identity Manager, which mainly consists of monitoring and control of users, especially who's changing what.

There are users within SAP, the so-called "firefighters," who need to have a little bit more access to SAP. They are the ones who are allowed to switch down modules, put down the systems, and so on. They require high-privilege access. One Identity helps us to monitor those activities and ensure that we make the changes that are required so the users will have those permissions.

When we have a request from HR for onboarding a new employee, before having One Identity, we had all manual processes. If the user was going to be assigned to a specific application, we needed to contact the responsible person on that team to open multiple tickets, multiple requests. Today, those activities, are completely managed by the Service Desk. That means we have reduced the time it takes for the onboarding process enormously. It used to take two or three weeks to do a full onboarding, but today we can do it in two or three days, providing access to the systems.

The solution has reduced Service Desk calls by 75 to 85 percent. In terms of automation with this system, we now have 94 percent coverage of our users and systems. That means we increase security as well, and not only reduce calls to the Service Desk.

In addition, when it comes to compliance, One Identity is used to cross-reference between the identities and accesses. This has improved the detection time of security events and has helped us with both data protection and compliance. One Identity is a main driver and helper in improving this area.

It's the automation. With One Identity you can have multiple accounts and everything is managed in the same system. You don't need to manage different systems at different times. With just one, you can do everything. It saves a lot of time for us and simplifies things.

In terms of the policy and role management features, through the automation that we have within the system, we are able to simplify those processes. The role management is really a great solution because we assign and define roles within the system and then apply them to the identities that we create for our employees.

It is definitely a flexible solution. The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc.

We are currently on an old system, an old version. We're working on upgrading to the latest version. So when it comes to cloud-IT strategy, for example, at the time we implemented this version it was not yet a consideration. We are now starting to develop this area, and One Identity will play a key role in our cloud strategy.

Most of the issues that we are suffering from today will be fixed with the new version.

The more we have integrations with other systems, for creation of user accounts for different applications, the simpler the scalability and the usability of the system will be. That's what will make our lives easier.

I've seen that in the new version we're going to have connectors related to ServiceNow. That's a huge feature that will be important for us because we're using that system. Salesforce integration, more integration with SAP and with the internet of things would be good.

We also have system devices that we could manage as identities, so that would be a feature to add.

Three to five years.

The system we are using is five years old and we have had no issues at all. It is fully stable.

It's scalable. We grew over the last year. We integrated companies within the group, which included creating more and more users in the system. Scaling is pretty simple. We didn't have to make major changes to the system itself. It was something that the system could support easily, especially from a functional point of view. 

It can scale vertically and horizontally without any problems. With the upgrade, we are scaling up technically, adding more servers, and it's pretty easy as well.

We are working with a One Identity partner. This is really important. One of the most important things to do when going with One Identity is to choose a partner wisely. We are currently working with a partner and we're still evaluating that. It needs to be assessed a little bit better and to ensure that they can support us. It has nothing to do with One Identity support itself. The important thing is ensuring that the partner is able to support requests. That's what we are currently assessing and evaluating.

We are working with IPG because our headquarters are based in Germany. We have a history with them. We are currently ensuring that they are capable of providing the support that we require, and especially provide us the agility and flexibility we need.

The partner is important because the implementation of the systems and the configuration of the systems are done by the partner. It is key for One Identity to ensure that the partners can do the work properly.

We had nothing before using One Identity.

We implemented One Identity in 2015 with the main goal of controlling SAP access and users, especially the privileged access in SAP and the segregation of duties. That's what we wanted to control. One Identity was the best system at the time, with really exceptional out-of-the-box functionality. It was mainly done, at that time, for SAP. It was a risk and compliance issue that was fixed with One Identity.

We are seeing return on investment although I can't quantify it. If we just think about the reduction in the onboarding time which is impacting other teams, that is an area of ROI. And especially with the Service Desk, there has already been a benefit and a return of investment in terms of resources.

The tool is one of the best tools, out-of-the-box. It has great integration, especially for companies using SAP. On the other side, choose the right partner and don't look at only one system, but other systems as well. If a company is looking for a system to control SAP, don't focus on your SAP. Look at one system which is able to manage in general, and with good integrations. One identity is one of those systems.

It is also important to have a defined process. We establish it and then, with the use of the tool, we apply it.

I would rate the solution at nine out of ten. I like the out-of-the-box functionality. You don't need to do specific customizations; you can quickly use the system as it comes. And the solution has flexibility.

We started using the solution for the supply chain. We are a retail organization (FMCG) and we use it in the distribution center, at the head office, and for all of our employees in the stores, even the stock clerks.

The solution has made it possible for us to give everyone in the store a personal account for application access. That was not possible without One Identity. In the past, only management had a personal account in Active Directory and could use the computer and applications. It allows everyone to reach whoever they need in the store. It's also allowed us to move to the cloud and keep security. It helps us monitor users as well.  

The solution helps us to efficiently manage lots of authorizations automatically. We started initially using One Identity as a tool for security reasons. But then we noticed that management in the supply chain embraced One Identity for operational efficiency reasons. Today It allows all 100,000 employees to automatically access all kinds of applications.

We use it for SAP. We have multiple SAP systems. We use it for HANA and the cloud environment, for example.

One Identity Manager provides an enterprise view of management for logically disconnected SAP accounts. It's very good yet also difficult. Technically, it's a good solution, however, you need to have people who understand it and can use it the correct way. Being just a One Identity developer is not enough. You need to be specialized in this kind of module to use it to be efficient and effective. We are not there yet to use all this additional functionality.

One Identity Manager connects SAP accounts to employee identities under governance. It is important to see who has which SAP role, and if it's assigned based on the HR function, or assigned after an additional request.

There is a special SAP connector. There is reporting. You can build reports yourself. There are lots of possibilities, however, you need to know how to use it.

The solution is good for providing a single platform for enterprise-level administration and governance of users, and access to applications and data. We use it only for personal accounts. We have a separate PAM solution to manage privileged accounts. But to request access to PAM-tooling initially, needs to be done in One Identity. It's a two-step approach.

What I noticed, is that the user experience in version nine is good. We’re using an older version. The user experience is not very good in version eight. It’s a bit old-fashioned as it appears now. The latest version is much more modern.

We make use of the solution's business roles to map our company structure for Dynamic Application Provisioning. We are giving people the right authorizations based on the job and function. We use it a lot, especially in the stores and distribution centers where there is a high frequency in the joiner, mover, and leaver process, but the organizational structure is quite solid and doesn't change a lot.

We use One Identity also to give access to test environments, as self-service.

It has positively affected operations. There are a lot of things that are possible. It does what you want. 

It provides more insights because HR data and access to all systems are in one system. This information can help us to review who needs more access, or revoke access if it's necessary.  

One Identity Manager helps streamline application access decisions. There's an approval flow for additional access requests. For every application, you can have a different flow, in case you need extra security approvals or from a data-owner. 

It helps streamline application compliance and auditing. We can do a re-certification process and someone can give approval if it is needed or not. It's helped us improve governance. The re-certification process is very good. 

The solution helped enable application owners or line of business managers to make application governance decisions without IT. All employees and managers can request access as a self service in One Identity instead of going through IT.  The request for access is easier, and faster, because after approval the access is automatically granted.

It's customizable. However, that's also the downside. It's a bit complex and there are so many possibilities. You need to have good developers who know what is standard and how it's meant to be used before they adjust all kinds of stuff. It is possible to configure and change a lot of things and if it's not good enough, you can use custom code.

They should offer more best practices and documentation for every functionality. It would be helpful if there was a demo environment to show the possibilities and how they can be used. That would help with the learning curve. 

I've used the solution for quite a long time. It's likely been about seven years. 

The stability is very good. 

We have 100,000 users on the solution currently.

The solution is scalable. 

I'm satisfied with the level of support we receive. 

We use regular support. I was not aware premier support was an option.

Positive

I did not previously use a different solution.

The initial setup was complex. The start of the project took a bit more time than we expected.

We're still busy with the solution. We have a DevOps team, and every week we have things to do and improve. It's not a project you start and finish. It's a continuous process. 

We currently have a team of six people working with it. 

The solution requires a lot of maintenance. That includes updating, patching, and monitoring all kinds of processes that are running. On top of that, there are incidents that you want to improve and make better. 

It's important to have a good partner, a good process, and good people involved for the initial setup. We started the project with another team and moved to another partner. The partner was involved with training staff on the solution. 

The first partner we started with didn't understand what we really wanted and we went our separate ways. Our second partner understood our business much better and we have had a more successful partnership. They've been involved with post-implementation support. 

I cannot speak to the pricing. I don't deal with the licensing. 

We are a customer and end-user. 

It is hard to pinpoint when we noticed a benefit with this solution. It was step-by-step. We didn't dive in all at once. It might have taken two years of working with it and implementing small steps before all stores and franchises were under the solution. 

I'd advise others to start with the solution as a managed service so that you don't have all of the technical hassles. 

I'd rate the solution eight out of ten. 

The primary use case involves overseeing comprehensive identity and access provisioning, along with managing the onboarding and de-provisioning processes for users. This includes orchestrating the creation of new projects, conducting simulations, and ensuring synchronization between a core solution and other target systems.

We utilize One Identity Manager to assist in SAP management. When connecting to an SAP target system, the synchronization of data is facilitated. Following the data sync process, all users can be reviewed within One Identity Manager under the SAP user tab. Furthermore, this tool allows us to publish data seamlessly from One Identity to various target systems.

Identity Governance and Administration is particularly beneficial for addressing the complexities associated with managing SAP, especially when dealing with aspects like transaction code (t-code) profiles and rules. It's important to note that while One Identity Manager doesn't specifically handle t-codes, it does provide functionality through the manager for managing files, rules, and other relevant features associated with transaction codes.

I haven't observed specialized workflows or specific business logic for SAP in One Identity Manager.

One Identity Manager serves as a consolidated platform for enterprise-level administration, offering governance over user data, privileged accounts, and related aspects. It's particularly effective in managing privileged accounts. By incorporating the manager, administrators can easily assign resources, facilitating the seamless management of admin accounts. The available features within the manager enable the creation of special identities, such as admin accounts.

The user experience with One Identity Manager is excellent. It's highly user-friendly, with well-organized features that make exploration intuitive. Everything, including account definitions, is easily accessible in the manager module. You can efficiently check the status and associations of objects, such as which projects or other objects are linked to a specific one.

Customizing the manager to meet our specific needs is crucial, as there are some limitations tied to factors like database performance. These limitations are often dependent on the volume of data being imported or synchronized. It's important to note that the platform's performance can be impacted when dealing with a high volume of data, potentially leading to degradation in performance.

I've utilized the Business Roles feature to map company structures, and it's a highly valuable tool as it allows you to define a set of rules for various markets. This feature facilitates logic and rule sets associated with market specifications. Under the business roles section, you can easily identify how markets can request access through IT software products and sales tools. Each business role is linked to specific SAP roles, creating a layered structure. This functionality simplifies understanding of the connection between SAP roles and business roles. If you're searching for a particular SAP role, you can efficiently locate it within the corresponding business role and vice versa. The platform also makes it easy to check mappings, and if new business roles need to be created, the process is streamlined within the Manager.

The Manager aids in reducing governance gaps among Test, Dev, and Production Servers. By synchronizing data monthly from the production system to the development and sandbox environments, this approach effectively minimizes any potential gaps in governance coverage.

It assists in streamlining decisions related to application access.

It does not include features for application compliance and auditing. Application auditing is not a capability provided. We do have Application rules in place, and for auditing, we utilize the attestation feature available in the Manager. However, it's important to note that managing the entire application is not within the scope of the tool.

In the Manager tools, my favorite feature is the ability to obtain a comprehensive overview of any user efficiently. The portfolio view simplifies this process, eliminating the need to check through Tableau or other tools. Another significant advantage is the quick and easy creation of mappings, roles, and IT configurations for various products within One Identity Manager. This feature stands out as a valuable and time-saving capability in the manager tools.

In our Governance and management tool, One Identity Manager plays a crucial role in connecting SAP accounts to employee identities. This integration ensures that all identities are linked to their respective employee profiles. This connection is of utmost importance because if, for instance, a login is enabled for a specific user, maintaining a consistent ID becomes essential. With One Identity, this process becomes seamless, allowing the replication of related attributes across all relevant systems and ensuring a cohesive identity management approach.

I would like them to enhance the search functionality to enable faster processing when looking for objects. Ideally, the system should automatically identify relevant entries and promptly present the results, eliminating the need for users to input search criteria each time they look for specific objects.

I have been using it for the last six years.

I would rate its stability capabilities eight out of ten.

I would rate the scalability abilities nine out of ten.

Whenever we require support from One Identity, we initiate a service request, and the support team is readily accessible. They typically respond within twenty-four hours and effectively assist us with any issues we encounter. The support from One Identity has been reliable and responsive. I would rate it eight out of ten.

Positive

The initial deployment was straightforward and smooth, mainly due to the clarity provided in the installation guide. Following the step-by-step instructions outlined in the documentation from the One Identity solution made the deployment and setup process very simple.

With the assistance of an architect, I managed the deployment process by completing just the configurations for the initial installation of One Identity. Maintenance during deployment is essential, especially when there are significant changes and script modifications aimed at improving performance. System maintenance is a necessary step in ensuring optimal functionality, and we routinely undertake these tasks.

The system lacks the capability to empower application orders in the line of Business Management to independently make governance decisions for applications without requiring IT involvement.

It did not assist us in realizing an Identity-centric Zero Trust model.

I recommend that individuals working with this system should possess some knowledge of Microsoft SQL and be familiar with server configurations. A good understanding of SQL servers can simplify the process of comprehending and managing cloud repairs. I would rate it nine out of ten.

We operate in three regions and use One Identity Manager for identity governance.

One Identity Manager enables us to manage SAP systems efficiently. We can configure user settings and assign global and business roles, adding them to the directory regardless of their account activation status.

One Identity Manager integrates SAP accounts with employee identities. We can create accounts by importing job data into the server. However, if an employee's data is missing, we must input it first to create their profile.

One Identity Manager provides a single platform for enterprise-level administration and governance of users' data and privileged accounts.

The interface is intuitive, displaying all employee details and allowing for direct edits after account creation.

Customizing One Identity Manager is easy to do.

One Identity Manager allows us to manage business roles, including adding and removing them through the deployment flow sheet.

One Identity Manager is user-friendly, offering both ease of understanding and management. From a central console, we can apply both business and referral roles.

One Identity Manager helps to make procurement and licensing easier.

One Identity Manager helps us achieve an identity-centric zero-trust model. 

One Identity Manager's account creation feature stands out as its most valuable functionality.

I would like One Identity Manager to offer an easier way for users to learn to use their new features.

I have been using One Identity Manager for two years.

One Identity Manager is stable.

The initial deployment of One Identity Manager was straightforward. We have three environments where we deploy the load sheets to servers in a top-down approach. For removal, we follow the same procedure in reverse order.

I would rate One Identity Manager nine out of ten.