One Identity Manager Reviews

One Identity Manager is our primary tool for managing identities and access, encompassing the entire employee lifecycle from onboarding to offboarding. This includes managing entitlements, requests, and approvals, enforcing segregation of duties, and conducting regular access recertification.

We are currently utilizing a hybrid model, where our primary SQL Server remains on-premises while some web servers have already been migrated to the cloud, with further cloud migration in progress.

We have integrated all our SAP systems with One Identity Manager, centralizing the management of accounts, entitlements, assignments, profile assignments, and other SAP-specific objects within the Identity Manager. This means we now handle all SAP identity and user management exclusively through One Identity.

One Identity Manager provides Identity Governance and Administration solutions. As an SAP company, our decision to use this product was primarily driven by its ability to manage SAP systems fully. The seamless integration with our existing SAP infrastructure is a crucial factor for us.

One Identity offers a centralized platform for managing and governing users, data, privileged accounts, and other critical enterprise assets. It serves as the authoritative source for identity and access information.

We realized the immediate benefits of One Identity Manager because it successfully reduced the manual workload as intended by the implementation project. By 2010, after approximately eight or nine months of work, we had integrated the system with SAP and had activated the portal. This eliminated the need for six to eight people previously dedicated to manual user management, resulting in significant financial gains.

We used One Identity Manager to extend governance to cloud applications, utilizing the SCIM interface for this purpose. While I believe this interface holds significant promise, it also requires further development. Overall, however, the support provided by One Identity was quite good from my perspective.

It helps us close governance gaps in server coverage across development, testing, and production environments. By demonstrating our adherence to regulatory requirements and identifying users with excessive entitlements, this tool enhances our compliance efforts and allows us to easily pinpoint potential security risks.

It partially helps us establish stronger privileged governance controls to mitigate security risks for standard users. We've also implemented a separate product account management tool. By combining these tools, One Identity now manages and approves permissions for the privileged access management tool, which in turn handles the technical release of access.

One Identity Manager assists with application compliance by enabling us to adhere to both regulatory requirements and internal guidelines. This is crucial because it provides central tools and a database for easily monitoring and understanding system activity.

One Identity Manager helps streamline application compliance by providing more transparency.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. We've streamlined entitlement requests by defining an approval process that leverages the organization chart within One Identity. This ensures that requests are initially routed to the appropriate line manager, who can then make informed decisions about approving or denying entitlements based on the employee's role and organizational structure.

It's difficult to identify the tool's core value because, initially, it seems to do nothing out of the box. Essentially, it's a framework that requires customization to align with specific processes. Nevertheless, its greatest strength lies in its ability to serve as a foundation for identity and access management processes. Standard functions like initiating workflows or requesting approvals are essential but expected. The tool's true advantage is its flexibility; it provides building blocks that can be easily assembled to create custom processes, much like constructing something with Lego bricks.

I would rate the user experience a six out of ten. While we have extensively customized the system, it's unclear whether these modifications directly relate to the One Identity implementation. Regardless, we continue to receive numerous complaints from users who struggle to understand how to request or perform actions within the One Identity Manager portal.

The ease of customizing One Identity Manager depends heavily on the user's knowledge of the tool. While customization is straightforward for experienced users, the tool is complex and requires significant expertise. Finding skilled individuals capable of maintaining or developing the system is challenging, particularly in Germany, especially with less than two years of relevant experience.

Implementing the business role functionality has proven challenging. While One Identity Manager offers potential solutions, effectively implementing business roles from the company's perspective is incredibly difficult. Unfortunately, One Identity does not provide tools or support to aid in identifying and designing appropriate roles, hindering the process.

The usability of the web shop is definitely an issue and could be improved.

One Identity Manager could be improved by enhancing connectivity to various cloud platforms, such as GCP, AWS, and Azure, as well as to cloud-based SaaS applications.

Upgrading to a new version is consistently challenging and time-consuming. This has been an ongoing issue for years. While necessary to access new features, upgrading requires complete system updates rather than individual modules. Subsequently, identifying and verifying changes in the new version is incredibly difficult. Our customization process mandates comprehensive testing of all functionalities after each upgrade, resulting in significant labor and time costs, making the overall experience highly burdensome.

I have been using One Identity Manager for around 14 years.

I would rate the stability of One Identity Manager a six out of ten, but this is somewhat unfair as our tool is highly customized. Some of the issues we encounter might be due to our own customizations rather than inherent product flaws. While we do experience challenges with the tool, it's essential to remember that it's a framework requiring customization by most customers.

The last time I used technical support was a few years ago; they resolved my issue quickly. We also have a strong relationship with the One Identity Manager team in Germany. As one of their earliest customers in the country, we know them well and may have received preferential treatment in the past. I hope this special consideration continues.

Neutral

Our organization employs several identity management solutions, including One Identity Manager, SailPoint, Omada, and NetIQ. While these systems have their strengths and weaknesses, they are largely comparable in terms of overall capabilities. Given that we implemented One Identity Manager 15 years ago, and considering the substantial effort required to migrate to a new system, we've decided to continue using it. Although each solution can be effectively configured to meet our identity management needs, I haven't identified any unique, compelling advantages of One Identity Manager over its competitors.

It is straightforward to set up for an experienced person who follows the documentation. Deploying one instance of One Identity Manager from scratch takes a couple of days. A team of two to three people is needed to set up a new environment.

I would rate One Identity Manager eight out of ten.

Maintaining a single Identity Manager is complex, requiring a dedicated ten-person team to service the tool, resolve end-user issues, and ensure ongoing system operation.

Hybrid Cloud

We use One Identity Manager for user lifecycle management and access management.

Since I am placed in the business organization, I see smooth processes for joiner, mover, and leaver, and a compliance perspective. We are getting cost savings by automating system integrations. Previously, people handled access rights manually for each system. Now, after integrating about half of our systems, we are saving approximately three FTEs, and expect it to double. Line managers can see team members' access rights and do attestations in one view. We have integrated requesting of access rights also to external systems via the web portal to remind leaders about access rights management also for leavers and movers. Automation of these processes improves security and compliance by meeting auditor requirements.

There are functionalities we needed to build ourselves, such as cleaning the direct entitlement assignments if inderect exists. The user interface can sometimes be a bit confusing for end users, for example during attestations, as completed tasks simply disappear without indicating that there are no pending requests left any more and therefore end-user is unsure if they have completed all theirs tasks.

We have had it in production since autumn 2023, approximately one and a half years.

I rate stability around nine out of ten.

We have around 8,200 employees using the system to request access rights. Scalability is not an issue, so I rate it a nine out of ten.

I rate customer support at eight out of ten. The response time has room for improvement as it can take quite a long time in some cases.

Positive

Previously, we used an old Microsoft MIM solution. We transitioned to One Identity Manager for improved functionalities like handling mover situations and integrating external systems for better security compliance.

We implemented it through Tietoevry, a partner. Initially, we had an unsatisfactory experience with a different partner, which delayed our project by a year. After switching to Tietoevry, the project improved significantly.

Annually, we have saved three full-time employees as a result of deploying One Identity Manager. We anticipate doubling this saving once all current integrations are completed and even more when we add Segregation of Duties rules.

I would recommend One Identity Manager due to the improved security and compliance it offers. We have achieved considerable productivity gains through automated processes. I rate One Identity Manager a nine out of ten.

Public Cloud

Other

We use One Identity Manager for workforce identity and access management. We have implemented basic controls like joiner, mover, and leaver processes for our employees. 

We are integrating our most critical and important business systems and applications into it, handling the access management to those systems using One Identity Manager. 

I like the solution since it is very flexible, and I can basically do everything that I like and need with it. 

I appreciate its automation capabilities a lot. Through automation, we have been able to reduce the number of service requests and tickets to our vendor. We have also managed to reduce the cost quite drastically in that sense. 

Additionally, by automating the access reviews, we have saved considerable time for our business leaders, even talking about several full-time equivalent savings concerning access review automation.

It works well at an enterprise level. We use it as a centralized platform for the whole identity.

It is a flexible system and we can customize it the way we want.

We use the business roles to map company structure for dynamic application provisioning. This is a very important aspect of the solution. 

We use the solution to extend governance to cloud apps and this is very useful for us.

Through automation, we have been able to reduce the number of service requests and service tickets towards our vendor, and we have been able to reduce the cost quite drastically. By automating access reviews, we've been able to save quite a lot of time - up to several FTEs. When we launched the system, we had quite a wide scope and saw results immediately. 

The solution helps us achieve an identity-centric zero-trust model. As you are getting your identity only through a centralized system and also getting all the accesses attached to that identity and all the accounts attached to that identity through one system, then it is possible. We also handle access to any system through that one solution. When we do that, we have a full picture of the identities and what kind of accounts and entitlements they have. Having the full picture and having the governance of the whole entity when it comes to access management allows security to be tight. Also, the controls that we have in place then, for example, joiner, mover, leaver, that helps in maintaining that zero trust principle.

In regards to the front end, the portal that is offered to our users needs improvement. There is room for improvement on that side, particularly in user experience. It is not as intuitive as I would like. If there is something to improve in One Identity Manager, it is the end-user experience. 

The database structure is quite complicated. I don't know if it can be improved or if it can. It will probably be a long journey. The most important thing is to think of our customers, and then the user interface is the part of the system that needs some improvement.

We can customize it, however, we need skilled resources to do so. There aren't as many skilled people in the market.

We launched it in October 2023. However, we started implementing it in 2021.

We rely on vendor support, and I would rate it as ten. We mainly receive support through their partner. 

Positive

We did quite a large comparison when we chose this system, and I see that there are systems in the market which offer the same functionality. However, there are also a lot of systems that are more restricted in the functionality they offer. There are maybe a couple as large and with as many capabilities as One Identity Manager. One Identity Manager is one of the top systems in terms of capability offering. That's the reason why we chose it for our company's purpose.

Our experience was complex, however, it was not due to the system. It was due to the wrongly chosen partner who didn't have the needed skills to implement it properly. 

It also depends on the scope of what needs or is wanted to be implemented as the minimum viable product. I wouldn't say that it's complex, however, maybe not easy either, so maybe something in between.

We implemented via a partner. They are the ones doing the customization if we do any currently. Our partner organized the training, however, the training was given by One Identity itself.

We have been reducing costs and saving several full-time equivalents by using automation.

I would rate the solution overall as eight out of ten based on the bad user interface.

On-premises

I work as a tester and qualitative analyst for a German client. They use One Identity Manager for identity management, which connects to various downstream applications such as SAP, DLCM, and RSA Archer. This requires numerous connectors, including Azure Active Directory and Microsoft Active Directory. Additionally, we create custom records from SuccessFactors using its integration with One Identity Manager. We sync data from SuccessFactors to create personal accounts and provision user accounts. We also create external identities for all vendors. Furthermore, we use One Identity Manager for reporting and auditing purposes.

We deployed One Identity Manager using a hybrid model through a CI/CD pipeline.

We can create, modify, use, and delete business roles directly from the web shop. Users can request and manage their business roles and entitlements, and we utilize them for our purposes.

We have recently migrated several applications, including RSA, DLCM, Majesco, and ServiceNow, from their native apps to the end-user environment. Previously, these applications were connected to LDAP, and before that, VLCM. We have now transitioned them to cloud-based Starling and CSM connectors, which are currently being used. In total, we have approximately four to five applications running on the One Identity Manager cloud service, utilizing these Starling connectors. It is helpful to have this extension of governance in the cloud.

We recently onboarded a new company using our Angular Web Shop. This is a new Angular-based Web Shop released by One Identity Manager. We've begun implementing Angular for this new company as a pilot application, and the front end has been very intuitive. We've tested the Manager, designer, and object browser for back-end operations, finding them easy to use. The object browser allows direct querying of results, and the designer is efficient in modifying configuration schedules. I've exclusively used One Identity Manager for the past five years and found it to be a good fit for our needs.

For privileged user requests, we require dual approval, with both the manager and application owner sign-off. Also, we conduct attestation reviews every six months to make sure that we have continued authorization. We implement two-factor authentication to enhance security using tools like MF Authenticator for all privilege access management. This requires users to provide an OTP upon login. For password storage and management, we utilize CyberArk's GPAM solution. Access to sensitive information is restricted to authorized users and is regularly reviewed to maintain security.

One Identity Manager assists in streamlining application access decisions, compliance, and auditing. As a financial organization, we have been leveraging One Identity Manager to audit various aspects of our operations. We use Power BI as a reporting tool to monitor current user access, access levels, testing dates, role assignments, and other relevant information. One Identity Manager effectively supports both access governance and reporting.

The automated provisioning feature streamlines user access by dynamically assigning roles and privileges based on user attributes like location and role. For example, a user with a manager role or from a specific location will automatically gain access to the system, eliminating the need for manual requests. This dynamic role conditioning runs daily, ensuring users receive appropriate access based on their current attributes. However, users or their managers must still submit requests through the web shop for additional privileges. If a manager requests on behalf of a user, the request is typically auto-approved within a few minutes due to the manager's authority. The system verifies that the requester is the recipient's manager before granting automatic approval, further streamlining the process.

The One Identity Manager's user-friendly interface allows for easy external identities and user account creation. To request a new account, we can just navigate to the appropriate section and provide the necessary information. Existing identities can also be managed through this platform by requesting entitlements. This streamlined process eliminates manual intervention and ensures efficient account management.

One Identity Manager's slow loading speed has been a recurring issue for users. This is likely due to the overwhelming number of entitlements, nearly 100,000 associated with the products. The high load is further exacerbated by the simultaneous access of thousands of users during peak times. To address this, we have implemented measures such as increasing server RAM, but the underlying issue of product-related entitlements remains a contributing factor.

While out-of-the-box features are typically user-friendly, our clients' customized user account creation and the added complexities of sub-entities and account sub-entities have made it challenging to leverage these features effectively. We plan to phase out these customizations and revert to a more standard configuration to streamline our processes and reduce long-term maintenance costs. Unfortunately, this transition has temporarily limited the availability of certain out-of-the-box functionalities. Furthermore, the extensive testing for our customized system is time-consuming and resource-intensive, as numerous scenarios must be evaluated to identify potential bugs.

The user interface of our web shop, which customers interact with directly, needs improvement. The front end's speed could also be enhanced. This might be related to the infrastructure of our client systems, but I need clarification. Regardless, the front end, which is the customers' primary point of contact, should be redesigned and optimized for a better user experience.

I have been using One Identity Manager for five years.

The backend tool occasionally experienced slowness due to the servers we used. Since 2012, we have been using outdated Microsoft SQL servers. However, last month, we upgraded these servers to the 2022 version. As a result, the tool's performance has significantly improved. Our client has used One Identity Manager for 14 years with no significant stability issues.

I would rate the stability nine out of ten.

One Identity Manager has demonstrated exceptional scalability in our organization. Despite initially lacking applications for DLC and relying on LDAP, our seamless migration to the cloud was a testament to its adaptability. We've successfully integrated over 200 SAP applications into Identity Manager, ensuring smooth operation without significant issues. This ongoing scalability, evident from day one, has allowed us to manage and secure our growing identity infrastructure effectively.

I would rate the scalability nine out of ten.

The deployment is straightforward. Our team consists of eight developers, including leads and team leads. We are organized into two separate development teams. One team focuses on developing new features and connectors, while the other enhances existing connectors and addresses product bugs. Each team has core developers and two leads. Additionally, we have an architect, a solution architect, and a business architect. For operations, we have a team of 12, and our testing team has eight members. Our IT department includes approximately 30 people, encompassing development, operations, and testing.

I would rate One Identity Manager nine out of ten.

We have 33,000 users for our clients.

One Identity Manager requires minimal maintenance. We upgrade it from the previous version when a major update is released every two years, and minor updates are released annually. To ensure continued support, we must upgrade our client's installation every two years to the latest version. This aligns with the manufacturer's support policy, which is limited to the current and previous major releases.

I recommend One Identity Manager to others due to its user-friendly interface. Although it may occasionally experience loading delays, its underlying infrastructure ultimately determines its performance. We have significantly improved its speed and reliability by upgrading from 2012 to 2022 servers. Additionally, the tick lines we use for operations, governance, subject matter experts, and backend operators are invaluable for managing the system efficiently. With them, managing One Identity Manager would be considerably more manageable. We utilize tick lines and desktop applications for operations and development, while front-end users benefit from the intuitive UI. Both interfaces are highly effective for their respective purposes.

Hybrid Cloud

Microsoft Azure

Our company uses it internally to request access to different customer environments. We use it as a centralized RGA for distributing different kinds of VR-managed service providers.

When you first deploy One Identity Manager, it feels a bit overwhelming because there are many features, but you quickly get accustomed to the tool and what it does. You start realizing how much automation and the ease of use simplifies your daily work. 

It depends on your starting level. If you know how to script a bit and how the target systems work, it's quite easy. I've worked with many tools I didn't understand, but One Identity was clear from the start. It has a good graphical interface and the ability to code XML files. 

One Identity helps us to minimize governance coverage gaps between test, dev, and production servers. It provides a holistic overview of everything connected to the system. You can apply for any access you need. It requires approval, but everything else is automated on the back end. A lot is happening that the end users don't see. 

It provides privileged identity governance, but when combined with a PAM solution, we get high-level privilege access governance. It helps streamline application procurement and licensing. It also enables us to streamline application-access decisions. The graphical interface lets you draw the process rather than code it. We have multiple approval processes implemented. Once the line of business managers becomes accustomed to it, they like it. It brings accountability. There is no single email here and there, but you can see the implications. No more Excel spreadsheets. You have a portal where you can decide, and it goes forward from there.

One Identity is one of the most feature-rich platforms on the market. It covers every use case. The user interface has been improved, making it easier to make it look like what customers want. It's easier to customize than a lot of competition solutions. There are nearly a thousand built-in processes that you can edit and customize according to your needs. 

The solution has a graphical synchronization engine program to generate synchronization and provisioning for you. If those aren't enough, you can create your own, which we often do. Our developers can handle that kind of integration quickly. If we have the definitions ready, it usually takes only a day or two.

The ability to extend governance to cloud applications is critical. The Microsoft 365 integrations are particularly important. All the cloud applications are crucial, especially in the Nordic countries, where we have a lot of SaaS applications.

I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer. 

I have used One Identity Manager for 10 years.

One Identity is highly stable. It's rare for Identity Manager to crash. It happens periodically, but usually, the problem is in the infrastructure or the network. 

One Identity is highly scalable. We have deployed it for environments with 2,000 to 140,000 users. It's capable of scaling for organizations with  500,000 to 1 million users. a

I rate One Identity support nine out of 10. It's good most of the time. As a long-term partner, we don't create tickets that are easy to resolve. We typically go through three support layers before creating a ticket. Those take longer to resolve, but they have resolved everything so far. 

Positive

SailPoint is One Indentity's top competitor. I have not used it, but many of my colleagues work on it. It's the only solution that has comparable features. 

All the deployment options are available, and partners can create our own deployment through the container. It's easy to deploy. A wizard guides you through the initial installation. The full deployment takes four months to a year, depending on the scope. 

You can do it yourself if it's a small environment, but we primarily work in a regulated environment, so we need a team of people for example, testing, approvals, etc. 

After deployment, One Identity requires little maintenance, depending on how it's deployed. If it's a cloud-based deployment, everything happens automatically. For an on-prem deployment, someone from the database team has to back up the databases.

You get a lot of bang for your buck with One Identity. It has many features that are included in the standard IGA license. Most people who are considering buying One Identity don't understand how much power is behind it in engines.

I rate One Identity Manager nine out of 10. Before implementing One Identity, you should test it and do a proof of concept. Look at your application portfolio. If you have a lot of Microsoft applications and SaaS, One Identity will be a good fit for your environment. 

Public Cloud

I am certified as both Technical Specialist and Implementation Professional on the product.

I assist various clients in diverse sectors, mostly finance, industry companies and municipalities. I have quite a broad background in implementing it in different scenarios.

When it comes to ease of customization, the product is outstanding. I can extend the schema with new tables, columns, etc. Usually, we use OOTB tables to keep it simple, same goes for processes. There are a lot of blocks or components that can be used and I do not need to code everything on my own to make JML possible. I have not seen something that we could not do. 

In terms of business roles, there are numerous possibilities with assignments and  inheritance like top-down or bottom-up. It works very well because you can also break the inheritance if you want at a certain level. Soft transition is a great feature where you can move to a new role (primary) but also keep the other one (secondary).

I have mostly implemented the product on-prem. Integrations has been both on-prem systems and cloud like Azure AD or Entra. To make use of Saas applications it is possible using the Starling Connect connector.

One Identity Manager helps streamline application access decisions. If you set it up, you can do some kind of campaigns or attestations to check the correctness of permissions. You can then take appropriate action. For instance, if you see that there are ten people who have never used this application, you can deny it. There is also something called Recommendations that will make use of risk and previous decisions (like peer-group) to determine if to approve or not.

The application governance module enables application owners or line-of-business managers to make application governance decisions without IT. Application governance is possible within the web portal. You can set up ownerships. You can assign permissions depending on how you set up your permissions in the product. With appropriate permissions, you can assign an owner for a specific application and you can also set the owner or responsible person on each access so that they can decide. This means if you have set up a pilot project and are starting with one unit, they can grow from there and help each other. This is quite a new feature from the 9.2 version.

I have been in several projects with primary focus on implementing SAP. Usually a simple SAP implementation is to integrate one dev-instance, one ref/test-instance and one production instance. However, for one customer, a public-listed company in Sweden, we had to develop some kind of SAP fabric to onboard a lot of SAP clients and transaction objects. During the project they also migrated from SAP R/3 to S4HANA. It was a journey to make this happen, but the SAP-connector worked quite well and the technical team was very happy about it. We synchronized SAP roles and profiles and assigned those to business roles to use automation. We also set up some kind of identity audit for the SAP roles. At that time (v8.x), we could not have inheritance of SAP profiles through System Roles. That was a drawback, but in a later version, that was resolved.

It has a full feature set with certain tools for certain things.

I use the Designer a lot because I do a lot of customization (processes, scripts etc) and I would say it is pretty comprehensive. I am a Microsoft Identity Manager (MIM) veteran, which is an old product that still has end-of-life support. One Identity Manager is the next generation of IGA platforms because almost everything can be customized and extended and still keep a solid metacatalogue. I can test and evaluate the data, even at a property level, and be sure that it is going to work before pushing my changes into production.

The next one would be the Manager because that is where we review the data and orchestrate things like approval workflows and attestations. We can use different models for entitlements such as system roles and business roles. Then we can assign these to an IT shop for the end user.

Then, of course, none of these tools would be useful if we do not have any data coming from a target system such as HR. Here we use the powerful Synchronization Editor that comes with a lot of OOTB-connectors, also called sync projects. Within a sync project, mapping and workflow is set up to synchronize the data and provision changes to, for instance, an Active Directory target system. It is also possible to develop custom connectors.

We are also using the Job Queue which is a tool that displays ongoing processes (Jobs) and possible errors. We can look at history jobs and also get a health check of our Job Servers and Web Servers.

I also use the Object Browser which is an abstraction of the SQL tables. This tool is more technical than Manager but powerful in its own way with possibilities to trigger events, filter data and even more.

Finally, the Database Transporter that is used to transfer objects or custom changes between One Identity Manager databases. These changes are mostly something called "change labels" that could be work I have done in the Designer, objects created in the Manager or other information I want push to a specific environment using a transport package.

One Identity Manager needs better documentation and more examples, especially for beginners, as it has a steep learning curve. They have rich forum but it often contain outdated information that could be improved for better guidance. If something is not working, we need to easily find out if it is a product defect.

I have been using One Identity Manager for more than five years. 

The support is good but could be better. It could take a day or some hours depending on the case or the customer.

Neutral

The initial deployment is easy, a huge benefit compared to different solutions. It takes about one day to set up a development environment. Great UI-wizards with multiple verification steps.

With the acquisition of OneLogin, they are now the leader when it comes to a unified identity platform. Every product in their portfolio serves a purpose.

One Identity Manager streamlines our entire identity lifecycle management. It handles onboarding new joiners, assigning and controlling roles with role-based access control, and automates user access reviews twice a year. Additionally, the system facilitates reporting for audits, providing auditors with necessary information on demand. This centralized system acts as a one-stop shop, managing everything from onboarding and role assignment to offboarding and emergency access control.

With centralized user management, data is effortlessly pulled from various systems like SOAR and HR, simplifying user creation and data maintenance. This allows for easy user editing, role assignment based on HR attributes or department affiliation, and streamlined account allocation based on review levels, departments, or the entire organizational structure.

Our Access Control in One Identity Manager is 99 percent automated saving us nearly 100 percent of our time.

One Identity Manager simplifies SAP administration by providing a centralized view of even logically disconnected SAP accounts. It offers a flexible helpdesk approach. We can either leverage its built-in model or create our own UI accessible to specific teams based on their applications. This ensures each team sees only relevant tickets for their area, streamlining access management for disconnected applications.

One Identity Manager can connect SAP accounts to employee identities under governance.

One Identity Manager simplifies Identity Governance and Administration for SAP, a complex system to manage in this regard. It empowers us to effectively manage SAP profiles, roles, and groups, ensuring their proper assignment to corresponding SAP accounts.

The solution delivers SAP-specialized workflows and business logic.

One Identity Manager integrates with its Privilege Access Management solution to provide more granular control. This means we can define different account types within One Identity Manager, such as normal, admin, and privileged accounts. By assigning privileged access only to designated accounts, we can restrict access and permissions and enhance overall security control.

One Identity Manager offers a user-friendly experience with an intuitive interface. It even provides a webshop for end users, allowing them to easily request new roles or accounts in various systems with a simple two-click process.

Having the right resources makes customization a breeze. While understanding customer needs and translating them into technical specifications requires some processing upfront, One Identity's suite of tools simplifies the actual back-end work. From drag-and-drop interfaces for workflows and reports to scripting and C# coding supported by existing SDKs, customization options cater to all users.

This dynamic application provisioning solution uses business roles to map our company's organizational structure. In other words, access to applications is determined solely by our assigned role within the company hierarchy. This role-based approach ensures users only receive the permissions they need based on their specific function, preventing unnecessary access.

One Identity Manager streamlines our cloud governance by providing a centralized platform to manage user access permissions across all connected cloud applications. This eliminates the need for individual provisioning for each app, ensuring efficient authorization control.

We have significantly improved our compliance posture with One Identity Manager. Previously, auditors identified numerous findings during manual audits, requiring extensive time and resources to address. With One Identity Manager, we've automated the onboarding, offboarding, and joiner processes, achieving a 95 percent closure rate on audit points. This centralized solution streamlines the auditor experience, allowing them to efficiently obtain information from the IAM team, saving both the organization and auditors valuable time.

We have minimized inconsistencies in how our governance policies are applied across test, development, and production environments.

One Identity Manager helps us create a privileged governance stance to close the security gap between privileged users and standard users by managing those accounts separately. This segregation prevents unauthorized access, as standard accounts cannot hold privileged rights and vice versa. This clear separation helps to close the security gap between these user types.

One Identity Manager streamlines our procurement and licensing processes, allowing our initially large operations team to focus on more strategic tasks. By automating license management for connected applications like SAP and Azure Active Directory, the solution eliminates the risk of human error – forgotten access removals for unused licenses are a thing of the past. Now, licenses are automatically assigned and reclaimed based on user activity, ensuring efficient resource allocation. This means new hires receive immediate access, and vacated licenses become readily available, freeing the operations team from manual license management headaches.

One Identity Manager streamlines application access decisions by automating the provisioning and de-provisioning of user access based on HR data. This eliminates manual intervention and delays for both HR and department personnel. When an employee changes departments, their access permissions are automatically updated in the identity management system, granting them the necessary tools to perform their new duties immediately.

It also streamlines the automation of identity and access controls, making it easier to implement a zero-trust security model where every user and device is verified before granting access.

While our audit processes were once cumbersome, requiring auditors to chase down reports from individual SAP administrators, everything is now centralized. One Identity Manager stores all application and database information in a single location, streamlining reconciliation efforts.

One Identity Manager stands out for its extensive functionality. It allows us to perform nearly any customization a customer might require, unlike other products with limited customization options. One Identity Manager's wide scope for tailoring configurations makes it a versatile tool. It can connect to various target systems, including Active Directory and schema-based systems like REST APIs. This makes One Identity Manager a great fit for our organization's end-to-end needs, from user provisioning and auditing to onboarding new joiners. It seamlessly fits all our requirements.

Transitioning from legacy technologies, like for a seasoned web designer moving to Angular, can be challenging and requires dedicated learning. To ease this shift, One Identity Manager could provide reusable components, similar to other systems, which would streamline the learning process and allow for greater customization.

I have been using One Identity Manager for almost ten years.

Offers a user-friendly experience with an intuitive interface and makes customization a breeze

I would rate the stability of One Identity Manager ten out of ten.

One Identity Manager is highly stable when used with its built-in features, but customized scripting introduces an element of user responsibility - any instability caused by custom code would be due to how it's written, not the software itself.

I would rate the scalability of One Identity Manager ten out of ten.

You only need premium support if your One Identity software is outdated. Standard technical support, which comes with your license, covers the current version and usually the one before it.

The technical support offers a good experience. They provide a portal to submit issues, collect all necessary information, and have an L1 team address them. If the L1 team can't resolve the problem, they typically escalate it to the L2 or L3 teams for further assistance, demonstrating a commitment to finding a solution.

Positive

We migrated from Oracle Identity Governance to One Identity Manager due to licensing costs, limited functionality, and Oracle's decision to retire the product.

The deployment took one week and required five people.

VMDH assisted us with the initial setup, and for any future support, we can contact One Identity directly or reach out through their authorized partner.

One Identity Manager has positively influenced our ROI in terms of security and compliance. 

One Identity Manager is cost-efficient. The license is based on the number of identities we have.

We use a One Identity partner, VMDH for our licensing.

I would rate One Identity Manager nine out of ten.

We have 3,000 front-end users in our organization. While we only have a single instance of One Identity Manager, for redundancy purposes our servers are spread across different data centers. This means if one data center experiences an outage, the application can fail over to the remaining servers in another location, ensuring continued functionality.

One Identity's partner, VMDH did a good job training our staff on the solution.

Six years ago, VMDH provided us with initial assistance customizing One Identity Manager. We have since developed our expert team and now primarily rely on them for our One Identity needs. We only contact VMDH in critical situations when we require immediate help from One Identity experts. In such cases, we typically reach out to One Identity directly, but if there are delays, we will then connect with them through VMDH.

One Identity's partner was on standby in case we required any post-implementation support.

The customer service we received from the One Identity partner was good.

I found the One Identity partner to be valuable, rating them a nine out of ten.

One Identity Manager is designed for low maintenance, requiring infrequent patches and updates to keep it running smoothly.

One Identity Manager offers a unified approach to identity and access management. It eliminates the need to cobble together multiple products from different vendors for functionalities like Identity Access Management or Privileged Access Management. This saves your organization's time and resources.

Hybrid Cloud

Our primary use case for One Identity Manager is focused on automatization and digitalization, specifically in introducing identities with appropriate permissions across various IT systems.

One of the most valuable features of One Identity Manager is its availability as an on-premises solution and as infrastructure-as-a-service in the cloud. Additionally, the reporting capabilities, powerful synchronization engines, and workflows, including the SAP connector, are highly beneficial. The solution provides an identity-centric approach which supports achieving a Zero Trust model, and it significantly reduces operational costs by allowing the same number of support team members to manage a greater number of systems.

The user experience has been a concern in the past, particularly with the web interface, but improvements are expected with the transition to Angular. The support from One Identity is very poor. The response is often delayed and lacks actionable advice, such as suggesting updates without confidence in their effectiveness. It is crucial for them to expand their support team to match their product's success. More comprehensive testing and detailed best practices in handbooks could enhance problem resolution.

We have been using One Identity Manager for quite some time, starting with their former product, ActiveEntry, since 2007.

Deployment is complex due to numerous prerequisites that must be met. Installation takes longer than expected, but after a solid design and documentation, it works well.

Customer service and support for One Identity Manager are poor. Despite thorough pre-case activities, responses are often delayed, inadequate, and lack confidence in solving issues. The current support team is overwhelmed by the product's success, and more personnel are needed to improve service.

Negative

The initial setup of One Identity Manager requires a solid design and documentation. It is not a tool to be used without thorough planning. The primary installation is complex, with many prerequisites and conditions that must be addressed. Successful deployment requires careful consideration of all design and documentation steps.

It is difficult to quantify the exact return on investment, but we have observed significant benefits in terms of operational efficiency. The same team can now manage many more systems than before, which is a remarkable advantage.

One Identity Manager is positioned as a premium product. It falls between middle and high in terms of cost, approximately a six to seven if ten is expensive.

More tests incorporating different use cases and scenarios would be beneficial. It would be advisable for One Identity's testing processes to include real-world feedback and use cases, allowing for more thorough and robust product improvements. I rate the overall solution at least eight out of ten.

On-premises