One Identity Manager Reviews

We use One Identity Manager as our primary solution for identity and access management. We use it for multiple functions including identity lifecycle, access management, provisioning, segregation of duties (SODs), and attestations. It is being used for the core IM functions.

We are a large insurance company based in Germany. We are compliance-driven. We have to fulfill BaFin requirements. BaFin is a governmental body that oversees banks and insurance. They have a big list of requirements that each financial institution needs to fulfill to stay on the market as a bank or as an insurance provider. One Identity Manager helps us to meet those requirements.

We differentiate between two types of accounts, personal and non-personal accounts. Personal accounts are accounts or usernames assigned to people, and then we have non-personal accounts, which are technical or service accounts used by software or machines. One of the BaFin requirements is that we have control of each and every account within the system. The sync editor is able to read each and every account into IAM. It discovers every account if you have given it the right to see everything in the SAP or any other system. The tool fulfills the base needs so that we can traverse every account available in the system and then match it to digital identities there, meaning that we get a linkage between each account and each digital identity that we get from the HR system. So, we do not have orphaned accounts or the ones that we are not able to match. It is up to each customer to utilize this. They can develop their own processes to handle this. They need to have their own processes to connect them, identify them, or report on them. There is not much that the vendor does there. It discovers them, and that is it. I am satisfied with what it offers. It fulfills our needs.

When it comes to core IGA, the functionality that we use is the life cycle of accounts. We use the life cycle of membership of these accounts into SAP roles, the membership of these SAP users, and the membership life cycle of SAP users in the SAP structural profile. These three are what we cover. There are also SAP groups and SAP profiles, but we do not actively manage them. From the access control structures, we use only this subset. That is all that we need. It is currently sufficient for our needs.

We use several objects to represent company structures. We use the department object and the location object, and we also use business roles pretty extensively. We have thousands of business roles in the system. If I traverse the table org, which is the technical name of the table, I will find thousands of entries there.

Compliance and automation are two reasons for implementing an IM solution. Automation helps save money. For compliance, even if we do not like it, we must install such a solution because we have to fulfill law obligations. We work actively on that and have a big team covering it. It will keep us busy over the next few years. The second one is automation. We have automated the whole onboarding process of employees within this company. Instead of having 50 different administrators, we have less than 10 administrators. It saves us money. We definitely save lots of effort for administrators of different systems. We save people and resources by automating and not having several dozen administrators for different systems. That saves us lots of money.

Another advantage is that it saves us time. We can onboard the person within a day in our company. As soon as the HR types in a new employee there and pushes it to us, we can provision the employee to all necessary systems roughly within a day. Without such a solution, it will probably take weeks.

It helps streamline application access governance. When you have different applications, such as Active Directory-based ones, SAP-based ones, and cloud-based ones, they all have different GUIs. They all have different approval processes. Once you connect them to a solution like One Identity, you have to order all of their entitlements through the IM WebShop, which is a web interface. There is a very homogeneous look and feel to how you order access to these applications. Otherwise, from the administration point of view as well as from the approval point of view, it is a very heterogeneous experience. Once you integrate applications with One Identity Manager, you get the same experience for your AD-based and SAP-based tools. Other competing products like SailPoint and Verix also provide a uniform experience.

It also helps with application auditing. That is one of the core features of the tool. We use it to audit the access to different applications and impose governance on these applications. The application life cycle is also one of the core features that we use. There is one package called the application onboarding package (AOB). We developed our own mechanism there about 15 years ago, so the tool does offer steps, and we utilize it.

I like the provisioning feature of One Identity Manager. It is very powerful and flexible. It works at a very high level, but it can also be tailored as per needs. They have something called Sync Editor. I personally like that one because I have a developer background. Currently, I have more responsibility within the company for this feature. I am one of the six subject matter experts (SMEs). My area is the reconciliation part. 

Compliance with BaFin requirements is very important for us. If we do not fulfill them, our license can be retracted. If we do not fulfill these requirements, it is not good for the company. We use the identity life cycle. We use provisioning extensively. We use attestations, recertifications, and SODs. We need all these equally to fulfill the BaFin requirements.

In terms of user experience or intuitiveness, it is in the middle. I personally find it good. Based on the complexity, the vendor seems to have done a good job of providing a web shop kind of experience, similar to eBay or Amazon. You order something in the shopping cart and submit it. Another one approves it and it gets provisioned. It is in the middle because I have seen better and more lightweight interfaces. They are now introducing the Angular portal. There is a new design. It is better, but certain things are still a little bit hidden. It is not yet ideal. Things like attestations or segregation of duties are not that intuitive. People take time to learn. We need to train them on what they need to do. When we generate attestations, the guy who needs to attest does not intuitively know what to do. When it comes to SODs, it is even harder. People are unsure what exactly things mean there. We need to train these people. For core processes like ordering entitlements, they know what to do without any training or reading materials from us. For example, you order a group, somebody approves it, and then you get it provisioned. For such simple scenarios, we do not need to support them, but for the other cases, such as attestations and SODs, we need to write articles on the Internet. We need to do training. We need to actively support them and hold their hands.

The biggest complaint we get from the end users is the performance. When they click or submit something in the shopping cart, all the compliance checks for SOD rules are run. Sometimes, it takes two to three minutes for something to be submitted. It is slow. It has a bit of a bad reputation within the company because it is a slow product. That is the biggest drawback in terms of user experience. Performance has been a problem in the last 10 to 15 years. It is sometimes good and sometimes bad. Every now and there, you hear that performance is an issue.

The user interface could be more streamlined. The overlapping functionality among tools like the Sync Editor, Designer, Object Browser, and Manager needs better delineation. Currently, you have Sync Editor for synchronization. You have the Designer for scripts, procedures, and SQL development, and then you have the Object Browser for raw or low-level data adjustment there. You also have the Manager which is a user or operations management tool. These four tools overlap in their functionality. For example, you can administer schedules in Manager, Object Browser, and Designer. I see a little bit of overlapping there. You also have the Transporter that transports the code. If you open the binaries folder for tool installation, you will see 20,30, or even 40 files there. There are so many small tools for different things. They might have grown over time. They should differentiate a little bit between operations, development teams, and test teams. For operations, they have done a good job of centralizing things in the Manager tool, but for developers and testers, there is a little bit of overlap between Designer and Object Browser. There is one other tool called Web Designer. That one will become obsolete soon with Angular. Currently, some things can be customized by the operations teams in prod and some of the things need to come from the developers. The borderline is not very clear. There are gray areas. They might have fixed these things in the Angular portal.

Another thing that I do not like is that they are mixing useful data and code data in the same data model. Other tools such as SailPoint or Verix Identity are stronger in terms of the separation of useful data and code data, although they have worse data models than One Identity. There should be a cleaner separation between the actual usage data and code data.

I have been using One Identity Manager since 2009, although back then it was known as Active Entry. I have been using it actively since 2011.

I would rate it a five out of ten for stability. As with all other products, it has bugs. It is buggy. When a new version comes out, there are issues with it. It then takes them some months or patches to make the version stable. If you take 8.0 or 9.0, those versions are usually buggy. I have spent 15 years with this product. There were always issues after they made some major release. It then gets stabilized. The product is buggy, but they work on it. After six to twelve months, they sort out everything, and then you get a more robust version.

It has its advantages and disadvantages, but it is definitely scalable.

It is a good tool for enterprise-level management. It fulfills its role. In the Gartner Magic Quadrant, this tool has gone from the lower left corner to the upper right corner in the last ten or so years. It is definitely an enterprise-level tool. It is powerful, but it is slow. As soon as the company becomes very big and different scenarios need to be managed, it tends to be slow. Two years ago, there was a conference in Hagen, Germany. The vendor asked everyone about their thoughts about the product. They asked us the good or bad things about the product, and every second customer said that they had performance issues with the product. The product is very powerful. It is an enterprise-level software, but it is slow. As soon as you have a larger number of users or a larger number of systems connected to it or you have heavyweight scenarios, it becomes slow. Of course, it depends on how each customer customizes it and implements the features in it, but every second customer complained about the performance.

We have about 30,000 users. We have only one centralized instance for the whole company. We have four environments, and there are several different teams here. We have testing, development, and operations teams. We also have the requirements scoping team where the SMEs are. It has grown pretty big. In the beginning, there were just two to four of us doing everything, but now there are quite a lot of people. Different departments are doing different aspects of it.

Their technical support is pretty good. We use standard customer support, which allows us to open tickets and receive fixes for bugs. While it is not state-of-the-art, I would rate their service as being in the better half, providing positive support experiences.

Neutral

I have worked with two other competing products. One is SailPoint, and another one is DirX Identity. All of these products have their advantages and disadvantages. There is no perfect product, but I find One Identity Manager to be the most powerful and flexible of the three.

I have a developer and IM architect background. When it comes to customization, One Identity Manager is very powerful and very flexible. It is not very easy, but it is definitely better than DirX Identity or SailPoint. The amount of energy that you need to invest is less compared to the other two products.

We have a separate solution for PAM or privileged account management, and that is CyberArk. I know that One Identity has its own safeguard solution, but I am not sure if that one is used in our company. Another team might be using it but not us. We are a big company. I know that this was one of the solutions that they were evaluating, but in the end, they decided to use CyberArk. 

Back in 2010, we had six months of evaluation. We did evaluate Tivoli and other products. We had a prototype. It took about six months before we went to production. We first started only with Active Directory and SAP, and then we kept growing it with additional target systems and additional features. It is comparable to other products in terms of ease of deployment. It is not simple. All these products are complex. It takes time to understand what they do. As compared to others, there is a middle complexity level to bring it live. Overall, it took about six to nine months.

We have the operations team to maintain it. There are several people in that team.

During the evaluation phase, we considered other solutions like Tivoli.

I would definitely recommend this solution. I have influenced two companies in the direction of adopting it in Germany. They were evaluating this, which takes lots of money and time. One company even booked me and a colleague of mine and asked which one to go for between this solution and SailPoint. I definitely recommend this one.

I would rate One Identity Manager an eight out of ten.

One of our largest clients in the food and beverage industry uses One Identity Manager to manage its user identities and access controls. They have several applications that require user accounts, and for this purpose, we implemented One Identity Manager. This system effectively manages over 200,000 user accounts and provides access to these applications. Additionally, some applications are integrated with One Identity Manager to streamline account creation, such as setting up Exchange mailboxes.

One Identity Manager offers a variety of products in addition to Safeguard. These include Active Roles and tools for SaaS migration, all seamlessly integrated within the platform for a user-friendly experience.

One Identity Manager has been a fantastic tool for providing a single platform to manage user data and privileged accounts at an enterprise level. I was involved in its setup, particularly for privileged account management. With One Identity Manager, I've developed timed automations for tasks like account and group creation. This replaced the previous manual process, which was much less efficient. I've tailored workflows for five to six high-privilege accounts, including approval processes. Users now simply select the necessary group, submit their request, and the account is automatically created. One Identity Manager's customization options offer a great deal of flexibility.

We use One Identity Manager's business roles to map our company structure for Dynamic Application Provisioning. This involves creating business roles and assigning them to service items, which then establishes a connection. We increasingly leverage this method for dynamic role assignments as well. This approach is valuable because it allows us to achieve several objectives. Additionally, it enables the implementation of specific conditions or business logic, which is essential in situations where segregation is necessary. This flexibility allows us to create dynamic roles based solely on business needs and assign them to resources. As a result, resources can be automatically assigned roles at the time of request creation based on the training tool associated with the business role, streamlining the provisioning process.

In some cases, we have observed improvements. For instance, we are receiving a fewer number of tickets related to identity management. Additionally, by customizing features through One Identity Manager, we have achieved positive outcomes for our business.

One Identity Manager assists us in establishing a robust privileged access governance strategy to address security discrepancies between privileged and standard users. We've successfully automated provisioning and other processes for standard users through PAM integration within One Identity. However, for privileged users, we maintain separate accounts and policies. I'd like to explore whether there are additional features within One Identity that would allow us to streamline governance for both privileged and standard users within a unified policy framework.

One Identity Manager facilitates the consolidation of procurement and licensing processes. This translates to positive outcomes for our well-structured data and the license signing process. Consequently, Windows privileges have been elevated, and we can now easily manage multiple licenses within the system.

One Identity Manager helps to streamline application access decisions, application compliance, and application auditing. By integrating applications, we can define rules based on needs and apply them logically, achieving the desired outcome. Additionally, separate tables linked to the solution allow for easy management of certain properties.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. While we haven't fully utilized its potential, the software offers options for application and product owners to participate in the decision-making process. For example, we can configure notifications to be sent before assigning roles, allowing these stakeholders to provide input.

One Identity Manager helps us achieve an identity-centric zero-trust model. Since implementing One Identity Manager we have not had any security breaches.

One Identity Manager offers several features that I found advantageous compared to other tools. For instance, imagine two distinct teams: one responsible for administrative documentation and the other for development. With One Identity Manager, the administrative team wouldn't need to learn a separate design tool, as the platform offers dedicated features for both administrative and development tasks. This segregation of functionalities is helpful because it streamlines workflows and reduces complexity. For example, if we need to monitor backend processes, One Identity Manager provides a dedicated job queue with a visual representation, allowing us to easily identify any stuck jobs. Additionally, the platform is database-oriented, offering built-in filtering and browsing functionalities within the object browser, further simplifying data management.

One area where One Identity Manager could be improved is in database performance. When handling a large number of users, I believe that built-in indexing or other optimizations would be beneficial. This would reduce performance-related resource needs in a production environment. Additionally, it would be helpful to have more visibility into job aspects within the tool itself. Information like the number of jobs in the Data Designer, along with date logs, would allow us to directly manage and terminate jobs as needed. This would lessen our dependence on the database team. I believe that these improvements would streamline operations.

There are a few aspects of One Identity Manager's user experience that could be improved. Users sometimes find it confusing to navigate and understand how to use the tool effectively. As a result, customizing the front-end interface could be beneficial. For example, currently, users need to check multiple reports to gather complete information, which can be time-consuming and frustrating. Implementing a way to streamline this process, such as displaying relevant details directly within the application, could enhance user experience. Additionally, the current system requires manual creation of service catalogs for each application. It would be beneficial to implement pre-configured, out-of-the-box options for common applications like ServiceNow. This would save time and effort for administrators and improve the overall user experience.

While I'm comfortable making back-end customizations, I find front-end customization to be challenging.

It would be convenient if One Identity Manager offered a feature that allows bulk deployment and monitoring with a single click.

I have been using One Identity Manager for eight years.

One Identity Manager is a stable product, but its frequent version updates can be challenging. If users choose not to upgrade, they only receive one year of support.

For example, we recently transitioned from version eight to nine, only to discover later that support for version eight would end after just one year. This cycle of upgrading every year is disruptive.

Ideally, One Identity would offer at least two to three years of support for each version. This would alleviate the pressure to upgrade annually and allow users to focus on core business activities.

Currently, we are using the vendor's premium support due to a post-upgrade challenge. During this upgrade, our Active Directory experienced prolonged completion times, taking up to 30 hours for a single cycle. Fortunately, the One Identity support team was instrumental in resolving this issue.

Positive

Our organization previously used Microsoft Identity Manager, but we transitioned to One Identity Manager due to its greater functionality in access management and governance, coupled with a more user-friendly interface.

The initial deployment process is simple; we have a transporter tool for that. However, for bulk deployments, we also use a custom tool. For instance, when deploying ten or twenty transport packages, deploying them individually and monitoring each one is time-consuming. Our IT consultant developed a tool that automates this process. We simply store the transport packages and provide a list, and the tool deploys them sequentially, even handling small compilations between deployments.

One Identity Manager has a reasonable price point. Given the features and functionality it provides, the cost is justified.

I would rate One Identity Manager eight out of ten. It is user-friendly and the out of the box connectors make it easy to integrate with any system.

Premier Support has significantly enhanced the value of our overall investment in One Identity Manager. There are several ways in which it has been beneficial. For instance, our developers appreciate the immediate support available for troubleshooting production issues. Without the expedited response times and dedicated resources offered by Premier Support, our business operations could be significantly impacted. We are confident that the standard support level would not be sufficient to address our needs on time.

We have over 30 people that utilize One Identity Manager.

I recommend One Identity Manager.

Learning One Identity Manager can be time-consuming due to the limited availability of online resources. While other products offer abundant tutorials and guides on platforms like Google and YouTube, information for One Identity Manager is scarce and often outdated. Additionally, readily available training materials are rare. As a result, self-learning without additional support or formal training can be challenging.

One Identity Manager is our primary tool for managing identities and access, encompassing the entire employee lifecycle from onboarding to offboarding. This includes managing entitlements, requests, and approvals, enforcing segregation of duties, and conducting regular access recertification.

We are currently utilizing a hybrid model, where our primary SQL Server remains on-premises while some web servers have already been migrated to the cloud, with further cloud migration in progress.

We have integrated all our SAP systems with One Identity Manager, centralizing the management of accounts, entitlements, assignments, profile assignments, and other SAP-specific objects within the Identity Manager. This means we now handle all SAP identity and user management exclusively through One Identity.

One Identity Manager provides Identity Governance and Administration solutions. As an SAP company, our decision to use this product was primarily driven by its ability to manage SAP systems fully. The seamless integration with our existing SAP infrastructure is a crucial factor for us.

One Identity offers a centralized platform for managing and governing users, data, privileged accounts, and other critical enterprise assets. It serves as the authoritative source for identity and access information.

We realized the immediate benefits of One Identity Manager because it successfully reduced the manual workload as intended by the implementation project. By 2010, after approximately eight or nine months of work, we had integrated the system with SAP and had activated the portal. This eliminated the need for six to eight people previously dedicated to manual user management, resulting in significant financial gains.

We used One Identity Manager to extend governance to cloud applications, utilizing the SCIM interface for this purpose. While I believe this interface holds significant promise, it also requires further development. Overall, however, the support provided by One Identity was quite good from my perspective.

It helps us close governance gaps in server coverage across development, testing, and production environments. By demonstrating our adherence to regulatory requirements and identifying users with excessive entitlements, this tool enhances our compliance efforts and allows us to easily pinpoint potential security risks.

It partially helps us establish stronger privileged governance controls to mitigate security risks for standard users. We've also implemented a separate product account management tool. By combining these tools, One Identity now manages and approves permissions for the privileged access management tool, which in turn handles the technical release of access.

One Identity Manager assists with application compliance by enabling us to adhere to both regulatory requirements and internal guidelines. This is crucial because it provides central tools and a database for easily monitoring and understanding system activity.

One Identity Manager helps streamline application compliance by providing more transparency.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. We've streamlined entitlement requests by defining an approval process that leverages the organization chart within One Identity. This ensures that requests are initially routed to the appropriate line manager, who can then make informed decisions about approving or denying entitlements based on the employee's role and organizational structure.

It's difficult to identify the tool's core value because, initially, it seems to do nothing out of the box. Essentially, it's a framework that requires customization to align with specific processes. Nevertheless, its greatest strength lies in its ability to serve as a foundation for identity and access management processes. Standard functions like initiating workflows or requesting approvals are essential but expected. The tool's true advantage is its flexibility; it provides building blocks that can be easily assembled to create custom processes, much like constructing something with Lego bricks.

I would rate the user experience a six out of ten. While we have extensively customized the system, it's unclear whether these modifications directly relate to the One Identity implementation. Regardless, we continue to receive numerous complaints from users who struggle to understand how to request or perform actions within the One Identity Manager portal.

The ease of customizing One Identity Manager depends heavily on the user's knowledge of the tool. While customization is straightforward for experienced users, the tool is complex and requires significant expertise. Finding skilled individuals capable of maintaining or developing the system is challenging, particularly in Germany, especially with less than two years of relevant experience.

Implementing the business role functionality has proven challenging. While One Identity Manager offers potential solutions, effectively implementing business roles from the company's perspective is incredibly difficult. Unfortunately, One Identity does not provide tools or support to aid in identifying and designing appropriate roles, hindering the process.

The usability of the web shop is definitely an issue and could be improved.

One Identity Manager could be improved by enhancing connectivity to various cloud platforms, such as GCP, AWS, and Azure, as well as to cloud-based SaaS applications.

Upgrading to a new version is consistently challenging and time-consuming. This has been an ongoing issue for years. While necessary to access new features, upgrading requires complete system updates rather than individual modules. Subsequently, identifying and verifying changes in the new version is incredibly difficult. Our customization process mandates comprehensive testing of all functionalities after each upgrade, resulting in significant labor and time costs, making the overall experience highly burdensome.

I have been using One Identity Manager for around 14 years.

I would rate the stability of One Identity Manager a six out of ten, but this is somewhat unfair as our tool is highly customized. Some of the issues we encounter might be due to our own customizations rather than inherent product flaws. While we do experience challenges with the tool, it's essential to remember that it's a framework requiring customization by most customers.

The last time I used technical support was a few years ago; they resolved my issue quickly. We also have a strong relationship with the One Identity Manager team in Germany. As one of their earliest customers in the country, we know them well and may have received preferential treatment in the past. I hope this special consideration continues.

Neutral

Our organization employs several identity management solutions, including One Identity Manager, SailPoint, Omada, and NetIQ. While these systems have their strengths and weaknesses, they are largely comparable in terms of overall capabilities. Given that we implemented One Identity Manager 15 years ago, and considering the substantial effort required to migrate to a new system, we've decided to continue using it. Although each solution can be effectively configured to meet our identity management needs, I haven't identified any unique, compelling advantages of One Identity Manager over its competitors.

It is straightforward to set up for an experienced person who follows the documentation. Deploying one instance of One Identity Manager from scratch takes a couple of days. A team of two to three people is needed to set up a new environment.

I would rate One Identity Manager eight out of ten.

Maintaining a single Identity Manager is complex, requiring a dedicated ten-person team to service the tool, resolve end-user issues, and ensure ongoing system operation.

The primary use case is the JML role-based access provisioning and access re-certification.

We don't use the solution exactly for SAP, but for provisioning and reconciliation. We manage an integrated environment. We use SAP as one of our information sources. Although SAP is one of our trusted sources, it is not an authorized source.

One Identity Manager connects SAP accounts to employee identities under governance which is important for our organization.

The solution delivers SAP-specialized workflows and business logic. The good part is the customization; whatever way we customize the solution, the product is superb. But at the same time, complexity can be difficult because if we do a lot of customization, it's not easy for the new team to think exactly the same way as someone who has implemented the solution. 

We use the solution's business roles to map company structures for dynamic application provisioning.

We use the solution to extend governance to cloud apps. I don't have real-time experience with One Identity Manager Cloud One. I believe the solution extends governance to cloud apps because some of our cloud-based target systems are currently integrated, including Azure. I don't see any challenges, and One Identity Manager seems to be functioning smoothly.

The solution has improved the way our organization functions. In the latest version, some of the basic challenges and bugs have been improved. One Identity Manager is definitely one of the most robust enterprise identity manager platforms. One of the advantages is the cost-effectiveness of the solution. The solution is also a light-based application, has easy-to-manage infrastructure, and an easy-to-use UI. The reporting features and auditing features are all up to the mark. There are no issues, no security concerns, or risks. The risk handling is up to par, with features like managing privileged systems and accounts. This makes it a safe and reliable choice for businesses.

The solution helps us minimize gaps in governance coverage among testing, development, and production servers. One Identity Manager provides a number of out-of-the-box tools to help migrate the solution from one environment to another. This makes it easy to transport our package from the development environment to the testing environment to the production environment.

It helped us create a privileged governance stance to close the security gap between privileged users and standard users. One Identity Manager is a data-based application that provides a large scope compared to other IGA products such as SailPoint and Saviynt. The solution separates the identifier between the privilege and standard account as well as access certification, auditing, and reporting.

One Identity Manager is compliant with our business requirements regarding procurement and licensing consolidation.

The solution helps streamline application governance and application access decision compliance. One of the benefits of using the solution to certify privileged accounts and users is that it minimizes risk. This is done by applying proper governance, which is something that is needed in any organization.

The solution helps enable application owners or line of business managers to make application governance decisions without IT.

One Identity Manager helped us to achieve an identity-centric zero-trust model through risk minimization and segregation of duties.

We have Premier support services. If there's any product work or product limitation based on the requirements or any new challenges that come up, we can access the Premier support services, but we need to opt in.

Premier support has added value to our overall investment. We have a weekly follow-up call with their support team.

Having Premier support has influenced us to purchase additional licenses and products from the vendor. We also use Password Manager.

The most valuable feature is the JML. Unlike other identity manager tools, the JML is more customizable, making it easier to find.

The solution provides IGA for the difficult-to-manage aspects of SAP such as T-codes profiles.

It provides a single platform for enterprise-level administration and governance of users' data-privileged accounts. We have end-to-end JML features, including role-based access provisioning, access certification, and reporting. One Identity Manager is a very good platform, especially for those who have been working with it for the last two or three years. They are likely to be very happy with it.

Another good feature of One Identity Manager is its multi-language support. I give the solution a seven out of ten for its single platform feature.

One Identity Manager has an intuitive interface that is customizable.

One Identity Manager needs to come up with many more out-of-the-box connectors, similar to Workday and ServiceNow. There's a scope for One Identity Manager to improve itself.

The reporting feature should be improved similarly to other IGA products.

Unlike other solutions, One Identity Manager doesn't have a strong support team.

I consider One Identity Manager as a niche solution because we have a demand for it, but we can't find the proper skill set in the market. That is the highest pain point with this solution. Other vendors, such as SailPoint, Saviynt, and even Oracle and IBM, reach out to people to provide materials and make them aware of their products. This leaves One Identity Manager at a disadvantage.

I have been using the solution for four years.

The solution is stable.

It is scalable.

Technical support needs some improvement.

Neutral

The initial setup is straightforward. There are more than 20 components. It takes almost eight hours to deploy. 

It is deployed in our customer environments. We monitor around 300 thousand identities.

We require over 50 administrators.

The implementation is done in-house with the help of our team.

One Identity Manager's pricing is one of its strong points. It is very reasonable compared to other IGA solutions. The licensing cost is per user.

I give the solution a six out of ten.

I have worked with similar solutions such as Oracle One, CA, RSA, SailPoint, and IBM. Other identity manager platforms mostly use Java J2EE-based frameworks. The challenging part with One Identity Manager is that it uses the .NET Framework, for example, VBScript. It's a struggle to find the properly skilled resources in the market. VBScript is considered a niche skill right now. 

One Identity Manager seems to be lagging behind its competitors in terms of its out-of-the-box connectors. Almost every other identity manager product has connectors for a variety of applications, such as ServiceNow, Workday, and SAP, but One Identity Manager does not. The auditing and reporting modules of the solution definitely need to be improved. It needs to be more intuitive for business people, especially those who don't deal with IT.

Each solution has its own pros and cons. Oracle has a little heavier deployment compared to One Identity Manager. However, when compared to other vendors' solutions - such as Saviynt or SailPoint that can be deployed within two to three hours, One Identity Manager requires a full day. 

The amount of maintenance required for the solution depends on the type of implementation.

One Identity Manager is good for organizations looking for multilingual support, low-cost, and highly customizable solutions.

The underlying technology of the UI is going to change. One Identity Manager is moving from VBScript and HTML to Angular with the latest version.

We are a system integrator and used One Identity Manager for our client.

One Identity has many built-in features. It's a highly suitable platform for enterprise-level organizations to integrate with existing systems for complete account management and other related functions.

Although someone new to One Identity may initially find it a little difficult, the intuitive interface is easy to navigate for experienced users.

Due to its many built-in features, customizing the solution to meet our customers' specific needs is straightforward. With sufficient knowledge of the platform and tool, we can easily tailor the solution according to our customers' preferences. Simply exploring the available features will help us uncover the possibilities.

Without One Identity Manager, we would need multiple platforms to connect our source and target identity systems. However, One Identity allowed us to consolidate role management, access management, identity management, and other functions into a single platform, significantly streamlining our processes.

One Identity Manager simplifies application governance by streamlining access decisions, ensuring compliance, and facilitating auditing. Previously, users required individual interactions with application teams to gain access. However, with One Identity integrated into multiple applications, users can now submit access requests through a dedicated portal. This initiates an automated workflow that grants access directly through One Identity, significantly reducing users' and administrators' time and effort.

We successfully implemented an identity-centric zero-trust model, but its effectiveness depends on the people and the architecture used to implement the solution. The platform provides the necessary tools, but the success of its application hinges on the users' ability to leverage its features effectively within their specific use cases. If users can successfully implement these features, One Identity proves to be a valuable platform. However, the underlying architecture within the platform and our processes also play a crucial role in overall success.

One Identity Manager provides a wide range of features that enable connection to numerous target systems. It also includes built-in capabilities to automate user onboarding and offboarding processes.

One Identity Manager offers numerous features, including role management. We can create custom bot-specific roles, integrate with external systems, and grant users access upon onboarding within our system. The tool's automation capabilities are particularly valuable. They allow us to schedule tasks for execution at specific times, eliminating the need for manual intervention.

The platform's user experience presents several challenges. Its complex features and numerous tools make it difficult to understand without significant effort. The web portals and documentation are also not user-friendly, hindering knowledge acquisition.

We must create business roles specifically for the platform rather than due to architectural requirements. While this is unnecessary additional work, it is mandated by the platform. We believe utilizing system roles to grant application access would be more efficient. However, the platform necessitates the creation of business roles on top of system roles for access control, which we find challenging.

The documentation I found in their repository is neither interactive nor engaging. They should include simple examples or sample use cases demonstrating how to use the product for specific features.

For most applications, we must configure connections. One Identity Manager lacks a robust built-in connection system or connectors for diverse target systems. This area could be improved. Consequently, for built-in applications, we must define connections ourselves.

We are using an on-demand version for our client and have encountered some database agent issues. Therefore, the number of database agent issues needs to be reduced.

I have been using One Identity Manager for one and a half years.

The stability of One Identity Manager hinges on the project's specific implementation or architecture. We must analyze project requirements to select the appropriate One Identity version; in this case, the on-demand version is necessary due to our high user count. This choice will help maintain platform stability. While One Identity itself is not inherently flawed, its success relies heavily on the architecture team's design.

One Identity Manager's scalability depends on the specific implementation or architecture.

SailPoint is a platform similar to One Identity Manager that we also use, both offering identity management solutions. While One Identity Manager offers more features, making it a strong choice for us given our expertise, it has limitations regarding target system integration and user interface. One Identity should expand its default integration options to include popular systems and enhance the user interface with a more intuitive and visually appealing design to maximize its potential, improving the overall user experience for extended work sessions.

We engaged our One Identity Partner, Quest Global, to provide post-implementation support, and we are pleased with their responsiveness. The issue's priority level determines their response time. High-priority issues receive immediate attention with a scheduled troubleshooting call, while medium-priority issues are addressed within hours. Lower-priority issues will also be resolved promptly. Overall, we are satisfied with their support.

I would rate One Identity Manager eight out of ten.

I participated in a one-week training session provided by the partner, and it was exhausting because we had to listen to the trainer for eight hours each day and then work.

The support that our One Identity partner provides is valuable.

Due to our implemented automation, One Identity Manager requires ongoing maintenance. Constant monitoring is necessary to ensure the workflow operates as intended. This monitoring demands individuals with expertise in the tool to comprehend the process and identify potential issues.

Our One Identity partner helped us implement the customized features that our client required.

We currently have 100,000 users and have connected with around 15 target systems.

I recommend One Identity Manager to others. I suggest the on-demand version for organizations with a high user count.

Our company uses it internally to request access to different customer environments. We use it as a centralized RGA for distributing different kinds of VR-managed service providers.

When you first deploy One Identity Manager, it feels a bit overwhelming because there are many features, but you quickly get accustomed to the tool and what it does. You start realizing how much automation and the ease of use simplifies your daily work. 

It depends on your starting level. If you know how to script a bit and how the target systems work, it's quite easy. I've worked with many tools I didn't understand, but One Identity was clear from the start. It has a good graphical interface and the ability to code XML files. 

One Identity helps us to minimize governance coverage gaps between test, dev, and production servers. It provides a holistic overview of everything connected to the system. You can apply for any access you need. It requires approval, but everything else is automated on the back end. A lot is happening that the end users don't see. 

It provides privileged identity governance, but when combined with a PAM solution, we get high-level privilege access governance. It helps streamline application procurement and licensing. It also enables us to streamline application-access decisions. The graphical interface lets you draw the process rather than code it. We have multiple approval processes implemented. Once the line of business managers becomes accustomed to it, they like it. It brings accountability. There is no single email here and there, but you can see the implications. No more Excel spreadsheets. You have a portal where you can decide, and it goes forward from there.

One Identity is one of the most feature-rich platforms on the market. It covers every use case. The user interface has been improved, making it easier to make it look like what customers want. It's easier to customize than a lot of competition solutions. There are nearly a thousand built-in processes that you can edit and customize according to your needs. 

The solution has a graphical synchronization engine program to generate synchronization and provisioning for you. If those aren't enough, you can create your own, which we often do. Our developers can handle that kind of integration quickly. If we have the definitions ready, it usually takes only a day or two.

The ability to extend governance to cloud applications is critical. The Microsoft 365 integrations are particularly important. All the cloud applications are crucial, especially in the Nordic countries, where we have a lot of SaaS applications.

I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer. 

I have used One Identity Manager for 10 years.

One Identity is highly stable. It's rare for Identity Manager to crash. It happens periodically, but usually, the problem is in the infrastructure or the network. 

One Identity is highly scalable. We have deployed it for environments with 2,000 to 140,000 users. It's capable of scaling for organizations with  500,000 to 1 million users. a

I rate One Identity support nine out of 10. It's good most of the time. As a long-term partner, we don't create tickets that are easy to resolve. We typically go through three support layers before creating a ticket. Those take longer to resolve, but they have resolved everything so far. 

Positive

SailPoint is One Indentity's top competitor. I have not used it, but many of my colleagues work on it. It's the only solution that has comparable features. 

All the deployment options are available, and partners can create our own deployment through the container. It's easy to deploy. A wizard guides you through the initial installation. The full deployment takes four months to a year, depending on the scope. 

You can do it yourself if it's a small environment, but we primarily work in a regulated environment, so we need a team of people for example, testing, approvals, etc. 

After deployment, One Identity requires little maintenance, depending on how it's deployed. If it's a cloud-based deployment, everything happens automatically. For an on-prem deployment, someone from the database team has to back up the databases.

You get a lot of bang for your buck with One Identity. It has many features that are included in the standard IGA license. Most people who are considering buying One Identity don't understand how much power is behind it in engines.

I rate One Identity Manager nine out of 10. Before implementing One Identity, you should test it and do a proof of concept. Look at your application portfolio. If you have a lot of Microsoft applications and SaaS, One Identity will be a good fit for your environment. 

I work as a tester and qualitative analyst for a German client. They use One Identity Manager for identity management, which connects to various downstream applications such as SAP, DLCM, and RSA Archer. This requires numerous connectors, including Azure Active Directory and Microsoft Active Directory. Additionally, we create custom records from SuccessFactors using its integration with One Identity Manager. We sync data from SuccessFactors to create personal accounts and provision user accounts. We also create external identities for all vendors. Furthermore, we use One Identity Manager for reporting and auditing purposes.

We deployed One Identity Manager using a hybrid model through a CI/CD pipeline.

We can create, modify, use, and delete business roles directly from the web shop. Users can request and manage their business roles and entitlements, and we utilize them for our purposes.

We have recently migrated several applications, including RSA, DLCM, Majesco, and ServiceNow, from their native apps to the end-user environment. Previously, these applications were connected to LDAP, and before that, VLCM. We have now transitioned them to cloud-based Starling and CSM connectors, which are currently being used. In total, we have approximately four to five applications running on the One Identity Manager cloud service, utilizing these Starling connectors. It is helpful to have this extension of governance in the cloud.

We recently onboarded a new company using our Angular Web Shop. This is a new Angular-based Web Shop released by One Identity Manager. We've begun implementing Angular for this new company as a pilot application, and the front end has been very intuitive. We've tested the Manager, designer, and object browser for back-end operations, finding them easy to use. The object browser allows direct querying of results, and the designer is efficient in modifying configuration schedules. I've exclusively used One Identity Manager for the past five years and found it to be a good fit for our needs.

For privileged user requests, we require dual approval, with both the manager and application owner sign-off. Also, we conduct attestation reviews every six months to make sure that we have continued authorization. We implement two-factor authentication to enhance security using tools like MF Authenticator for all privilege access management. This requires users to provide an OTP upon login. For password storage and management, we utilize CyberArk's GPAM solution. Access to sensitive information is restricted to authorized users and is regularly reviewed to maintain security.

One Identity Manager assists in streamlining application access decisions, compliance, and auditing. As a financial organization, we have been leveraging One Identity Manager to audit various aspects of our operations. We use Power BI as a reporting tool to monitor current user access, access levels, testing dates, role assignments, and other relevant information. One Identity Manager effectively supports both access governance and reporting.

The automated provisioning feature streamlines user access by dynamically assigning roles and privileges based on user attributes like location and role. For example, a user with a manager role or from a specific location will automatically gain access to the system, eliminating the need for manual requests. This dynamic role conditioning runs daily, ensuring users receive appropriate access based on their current attributes. However, users or their managers must still submit requests through the web shop for additional privileges. If a manager requests on behalf of a user, the request is typically auto-approved within a few minutes due to the manager's authority. The system verifies that the requester is the recipient's manager before granting automatic approval, further streamlining the process.

The One Identity Manager's user-friendly interface allows for easy external identities and user account creation. To request a new account, we can just navigate to the appropriate section and provide the necessary information. Existing identities can also be managed through this platform by requesting entitlements. This streamlined process eliminates manual intervention and ensures efficient account management.

One Identity Manager's slow loading speed has been a recurring issue for users. This is likely due to the overwhelming number of entitlements, nearly 100,000 associated with the products. The high load is further exacerbated by the simultaneous access of thousands of users during peak times. To address this, we have implemented measures such as increasing server RAM, but the underlying issue of product-related entitlements remains a contributing factor.

While out-of-the-box features are typically user-friendly, our clients' customized user account creation and the added complexities of sub-entities and account sub-entities have made it challenging to leverage these features effectively. We plan to phase out these customizations and revert to a more standard configuration to streamline our processes and reduce long-term maintenance costs. Unfortunately, this transition has temporarily limited the availability of certain out-of-the-box functionalities. Furthermore, the extensive testing for our customized system is time-consuming and resource-intensive, as numerous scenarios must be evaluated to identify potential bugs.

The user interface of our web shop, which customers interact with directly, needs improvement. The front end's speed could also be enhanced. This might be related to the infrastructure of our client systems, but I need clarification. Regardless, the front end, which is the customers' primary point of contact, should be redesigned and optimized for a better user experience.

I have been using One Identity Manager for five years.

The backend tool occasionally experienced slowness due to the servers we used. Since 2012, we have been using outdated Microsoft SQL servers. However, last month, we upgraded these servers to the 2022 version. As a result, the tool's performance has significantly improved. Our client has used One Identity Manager for 14 years with no significant stability issues.

I would rate the stability nine out of ten.

One Identity Manager has demonstrated exceptional scalability in our organization. Despite initially lacking applications for DLC and relying on LDAP, our seamless migration to the cloud was a testament to its adaptability. We've successfully integrated over 200 SAP applications into Identity Manager, ensuring smooth operation without significant issues. This ongoing scalability, evident from day one, has allowed us to manage and secure our growing identity infrastructure effectively.

I would rate the scalability nine out of ten.

The deployment is straightforward. Our team consists of eight developers, including leads and team leads. We are organized into two separate development teams. One team focuses on developing new features and connectors, while the other enhances existing connectors and addresses product bugs. Each team has core developers and two leads. Additionally, we have an architect, a solution architect, and a business architect. For operations, we have a team of 12, and our testing team has eight members. Our IT department includes approximately 30 people, encompassing development, operations, and testing.

I would rate One Identity Manager nine out of ten.

We have 33,000 users for our clients.

One Identity Manager requires minimal maintenance. We upgrade it from the previous version when a major update is released every two years, and minor updates are released annually. To ensure continued support, we must upgrade our client's installation every two years to the latest version. This aligns with the manufacturer's support policy, which is limited to the current and previous major releases.

I recommend One Identity Manager to others due to its user-friendly interface. Although it may occasionally experience loading delays, its underlying infrastructure ultimately determines its performance. We have significantly improved its speed and reliability by upgrading from 2012 to 2022 servers. Additionally, the tick lines we use for operations, governance, subject matter experts, and backend operators are invaluable for managing the system efficiently. With them, managing One Identity Manager would be considerably more manageable. We utilize tick lines and desktop applications for operations and development, while front-end users benefit from the intuitive UI. Both interfaces are highly effective for their respective purposes.

We have several use cases. I work with the German police, who use it to manage use cases. When the forensic examiner goes to the field to gather evidence, they have to transfer this evidence to investigators. We handle the entire process of data cleaning. When the forensic examiner goes to the field, an identity and governance process takes that data, creates an evidence file for it, and transfers that file to an investigator in that team. We also do email password provisioning.

We improve case processes for the bank we work with. They're also using One Identity for account management and provisioning. I'm working with an architecture firm onboarding new employees. There's a global assignment process where an identity or an employee can be assigned to a different country, and he still has to retain his employment. We map the identities even though he's given employment in another country. 

The main benefit of One Identity is process management. Processes are easier to handle. With the police, if a forensic editor or examiner goes to the field and gets all the data, he would need to go to another office with his flash drive and all of those devices. 

He has to call the investigator and tell them he's coming to their office. If the investigator isn't there, he cannot go in. When the guy has time, he will open the door. He goes in, plugs in the device, and waits for hours because they must upload terabytes of data. It takes a lot of time to transfer data because of the internal processes they use. We streamlined the process so the investigator could upload data from the field. 

We also helped a client who had employees traveling to another country on a global assignment. If you must create a new identity for that user because he needs a new identity to work in that country, he can't because we always have to separate objects from different countries. We can manage one user in two different countries and create a sub-identity for that user. 

One Identity Manager helps us minimize governance coverage gaps among test, dev, and production servers. One thing I love about it is the database transport tool. You can model data from the Dev environment and not necessarily push the data. You can model the processes, projects, scripts, business roles, etc., in the dev environment and move them to the testing environment. Once the testing is finished, you can move the transport file to production. It's powerful because you don't need to manually alter the data. 

With business roles, you can close the gap between privileged users and standard users. You can assign business roles to people based on their position and Active Directory group access. 

It streamlines the audit process. Let's say certain users aren't supposed to have access to application data based on their AD group membership or business roles. We can check this for audits and see which users can access applications based on their identities. You can provision applications to specific users based on their membership and identity.

One Identity Manager is identity-centric. Every object is treated as a different entity. Because of this, you can monitor the life cycle of every identity when it comes into the system and how it behaves in the system. You can monitor every identity's access throughout that identity's life cycle. The zero-trust model says that this identity can't access anything it isn't supposed to access at any point in its life cycle. be able to access anything that this identity is not supposed to access. You can trust that once the configurations are done properly, no identity can access any other property that it doesn't have access to.

The solution streamlines licensing. When a user gets employed, we assign them to the group for new employees. When they belong to that group, a trigger creates licenses for each new user. When the user signs into all those accounts, we have a table that shows Microsoft access. Once they are granted Teams access, all of this information is updated for the users. We use that for licensing, but I've never worked with procurement.

The designer tool is one of the most powerful features because you can manage permissions and permission groups in it. The designer is a tool for adding and removing permission. The manager lets you create IT Shop objects and determine which type of user can access an object.

One Identity is versatile and complex. There are no limits to what you can do with this tool. It integrates well with Active Directory and has a powerful API integration. They also introduced the new Angular platform to replace the old web portal, which was too complex. Angular is a simplified web UI for users to do whatever they want to do.

We can leverage JavaScript and the Angular framework to build interactive UIs with the new Angular portal. Also, the new API server makes a lot of sense because using Angular is the front end, and the API server is on the back end. You can do anything you want. It's limitless at this point.

We use One Identity to manage SAP and logically disconnected SAP accounts. From an architectural point of view, you can create request staging tables to sync to the SAP through API calls to the SAP module. You can link the data source to the One Identity staging table to ensure all data goes into the One Identity testing table. You ensure all the necessary fields are there and create a staging table where you would load all the information from SAP. 

You can sync into the One Identity object. From there, you can do whatever you want to do. You can create Active Directory groups and add permissions. SAP is also robust. For example, let's say you have a department's table in SAP. You can also get the department information from the SAP and tie it to the object depending on how you want to sync and structure your project. My approach would be to create a staging table and make an API call to SAP, filling up and syncing the table to the SAP objects in One Identity, adding all the necessary permissions from SAP to the same user, and creating the AD groups if that's also part of the plan. 

There are many approaches to connecting One Identity Manager to SAP accounts under governance. There is no written-in-stone way to do this. The cleanest approach would be using a staging table where you can add all the permissions. A staging table contains the user information and the groups the user belongs to. All of that information will be in any staging table you want. From that table, you write information into the object. 

It helps manage some of the more difficult aspects of SAP. If you have a staging table with all the information from SAP stored there, you have all the rules, Active Directory group names, and permissions. You have all the information. You can use that information to create an identity in One Identity. If you have an SAP account, you must create that SAP identity in One Identity. You can tag and call it SAP and import the source. You can add a SAP tag to it to show that this is an SAP account. 

Before Angular was introduced, the user experience was bad. To do a small custom change in the web UI, you had to do a lot of configuration on the back end. The new Angular portal solved that problem. I don't have any complaints now. The user interface is perfect, making the experience good for the users. Loading objects, caching, and handling errors are way faster with Angular.  

One Identity's business roles help us with provisioning. The whole idea of business roles is to provision based on the user's role. You create business roles for a department with a manager, assistant manager, technician, etc., so you can create custom business roles for all these positions in the same department. Each has permission to do certain things because of their business role. Business roles assign resources and permission groups based on role. It's critical because it limits access based on those roles. We can use business roles to extend governance to cloud apps. 

One Identity can be complex to customize, depending on the scope of the project, the existing system, and the architecture. If the underlying architecture does not suit what the user wants, you must rebuild it entirely by moving data, changing data objects, etc. In a production environment, that can do much harm because these processes and data inputs will change. If the scope is not so robust, you can customize as much as you want. 

On an existing project, the standard was kind of poor because they didn't use experienced consultants to do it. You had to consider rewriting a lot of things, changing how the code works, or redesigning processes. These are not hard things to do, but may just take time. Time will always be a major factor to consider when customizing.

I have actively used One Identity Manager for three years.

One Identity is highly stable. Some companies are still using the 2013 version, and it works perfectly for them. They have not updated it since then. You don't need to upgrade to the latest version. It comes with a lot of benefits like the Angular portal, but it's highly stable. As long as it meets all your needs, why change?

One Identity is scalable, depending on your architecture. 

I rate One Identity support six out of 10. They have bad support. Sometimes, they're fast, and sometimes not. They have 24-hour support, so when you message them, they try to fix their problems. One Identity can give you a technical engineer who can guide you through what to do or give you custom scripts for a problem.

Neutral

Deploying One Identity is straightforward, and configuration is not complex at all. If you have access to the database and application server, initial deployment can be completed in a day. Once you install it, there isn't much maintenance aside from updating to a newer version. You also need an engineer or a consultant to monitor the data for inconsistencies. 

I'm a developer, and I can see the relief from companies because when a person who needs access doesn't have it, emails fly everywhere, and everything stands still. If someone needs access over the weekend to a business-critical task and they can't do it, those problems lead to a lot of waste. It has saved a lot of time and saved some companies a lot of money.

One Identity isn't cheap for small or medium-sized businesses, but I don't think it's necessary for a small company to use. The price is fair for large enterprises with thousands of employees that want to adopt a zero-trust model. 

People talk about CyberArk, but I've never used it before. I don't know how better it would be than this. I don't see anybody competing with this. One Identity is on another level.

I rate One Identity Manager eight out of 10. If you plan to implement One Identity Manager, I recommend finding an experienced consultant. They are not cheap. If you're thinking about implementing One Identity at a small business, I would tell you not to waste your time. At a mid-sized business with a lot of identities or a contractor for a big company, you can use One Identity, but you still need an experienced consultant, depending on the scope of the project.