One Identity Manager Reviews

We use the solution for creating and completing enhancements and other features. Personally, I have experience working as a .NET developer and working with the SQL server database. When I joined Wipro, I worked mainly with One Identity Manager tool as a developer. In addition, I do web design and object browsers, job queues, and use other tools.

The best feature is the security of the solution. 

The solution can be improved from a front-end point of view. It slows the portal down. The tool is too customized in our organization, and we face many challenges with the portal. We were able to make some improvements performance-wise to the portal slowness. It is particularly slow if you are using it in a large organization.

We have been using this solution for more than two years. We are currently using version eight, which is deployed in cloud.

This solution is stable when we are using all its features. However, when we customize the solution, it becomes difficult to use.

This solution is scalable.

When we cannot resolve issues with the tool, the technical support team assists us by proposing solutions based on the tool requirements. They consistently respond to us and help us resolve any issues we encounter while using the tool. I rate the technical support a ten out of ten. 

Positive

The initial setup process was easy. However, it took between 30 to 60 minutes to deploy the solution. 

One Identity Manager is very efficient for a limited amount of users. It is easy to use and handle. The license price is based on user capacity. However, I cannot speak about the exact costs.

Our company takes on projects for different types of clients, so we chose this solution because our clients had this solution implemented. Therefore, selecting this option made managing things more efficient.

I rate this solution a six out of ten.

My primary use case for the solution for the last several years was migrating from version 6 or older to version 7 or 8. Most of the time, we implement new features, optimize existing features, or do project management for the customer.

Our customers have a higher degree of automation and compliance. The product has a good self-service portal, which makes the IT processes a lot better and easier for the end customer.

We have integrated the solution with SAP. Our customer wanted us to do the implementation for web-based administration. They wanted to have easier access to provision their accounts into their system. Because until then, most of the customers were inputted manually. Now, they can automate it, which makes it a lot easier. They can monitor the segregation of duties, such as the financial aspects of it, in SAP.

There are so many different connectors out-of-the-box, and the solution works fine. Overall, the product works well and is very good tool, which functions well.

It's pretty flexible because you can use it in almost every way you want. It is very open. It provides good insight on all the basic job chains, and you are free to use, extend, or change it.

I am waiting to see the new API for the web.

There are several smaller parts of the tool that have room for improvement. One Identity currently is in the development process of fixing these issues.

It is quite stable if you know how to use it right. If you have a good implementation, it is really robust. 

The technical support is pretty good because we can reach the right person directly. We also get escalated quickly, if necessary, to the development team. So far, it has been a good experience.

There is a good support team if you have issues. There is a really nice path to get in touch with them.

The initial setup was pretty straightforward because the documentation is really good. It was even easy to train junior employees in our company since the documentation is easy to read and straightforward.

This solution has helped to reduce help desk calls for a lot of customers because of the password reset. People can now reset their own passwords. That is a great benefit for customers.

This solution has helped to increase employee productivity when it comes to provisioning users.

Look at one or two videos online on the One Identity YouTube channel. Get in touch with some of their people and possible get a short preview of their products. That is the easiest way, so you can set up a test environment pretty fast be shown how simple the processes work. 

One Identity has a very strong community combined with the tool. They also have a very good relationship between partners, customers, and themselves.

It is easy to extend the product for custom purposes. 

The primary use case for this solution is implementing them at the customer site, according to the customer's business needs. E.g., certain customers needs an attestation case. 

The reason for implementing this solution is the need to become somewhat more in control. There is also the ease of use for connecting products to target systems, like an Active Directory or Exchange.

I had an organization which had no idea of their user accounts and who owned them. It took me two weeks, and out of those two weeks, most of the time was spent waiting for the user accounts to connect to the Active Directory. Within two weeks, we knew exactly how many orphaned accounts that they had. This was a huge deal for the customer. They never realized that within such a short time frame that they could be able to better view their Active Directory, who owned which account, and how they could start cleaning it up. This is a very basic feature within the product, but to the customer, it is a huge leap.

The policy and role management features are superb. If you have a customer who is willing to go somewhere with role management, then the possibilities are endless with the product. It is well-structured, and the architecture is well-defined. I am quite content with it.

The solution is flexible. It is based on modules. Depending on the customer's needs, you can implement the different modules, which are accompanied with it. 

I would like better integration with cloud apps, but I just learned this week that there is already a pretty advanced cloud integration. So, what I would like to see is already implemented, but I just need to start using it.

When I first started using it, way before version 7, the manual wasn't comprehensive.

The UX design needs improvement, but I have noticed that people are working very hard behind the curtains to make sure that UX is designed in such a way that the end user is going to have a much easier time using the product in future releases. My ideal was a product designed by IT guys with an IT guy mindset, not without realizing thousands of people in an IT portal would be using the product. Therefore, it took my customers many hours to find the correct links to order something from the IT shop, but I know One Identity is working very hard to improve this as well. If they could improve the UX within the Manager tool, this would be another huge upgrade in just lowering the learning curve of how to use the product.

If well-implemented, the solution is extremely stable. What I have been confronted with is I am usually joining an ongoing project, which has been implemented quite messily: 

• The basic features of the product usually aren't used. 
• Customization is too spread out, and in a very inefficient way, making the product very unstable. 

It should be implement with the out-of-the-box features. When used with its features, it is extremely stable.

With the technical support, I create a case, then within a few hours I receive a reply. So, I'm very pleased with the technical support. However, some features aren't supported. It is based on your own risk, which I can accept, but I would be happier if they would provide me some additional information about them anyway, e.g., deleting tables or columns. 

You need a bit more knowledge than with the One Identity Manager product. You also need to be knowledgeable about servers and IIS servers for the web server. However, if you just follow the manual, you will get very far. Sometimes, you just need to Google somethings.

The SAP integration is extremely easy. The first time that I used it, I picked up the user manual, and typed in some user account system clients and passwords, then I was connected. It doesn't get any easier than that.

Once you are past the learning curve of the product, the most valuable feature is the ease in which you can implement the product.

It has helped to reduce customer costs.

For the customers that I have worked with, this solution has helped increase employee productivity when it comes to provisioning users. For example, if someone joins the company, then someone else will need to realize a member has joined the company. They need to create a ticket or call someone they know within the Active Directory team. This usually takes at least three to four weeks before they are able to make someone work efficiently. With One Identity Manager, within a few months, you can reduce four weeks time to a few days or even hours.

It needs flexibility in the licensing or packaging, because you buy the entire package at once, and sometimes the customers are a bit overwhelmed with whatever they get. I would like if they could cut the licensing or packaging into somewhat smaller things.

It isn't that hard of a product to use. It's actually very easy to set up. Your business case is much easier than you think, forget the word complex. Just use the product as it is meant to be used, and it will make your life easier. It will also make your customers much happier,  reducing the time to implement something or making the company grow. 

I have done some basic SAP integrations just using the out-of-the-box connectors. After connecting it, the customers with their own technical teams go in and clean up SAP.

The customers that I am working with haven't moved to the cloud yet or are just starting move to the cloud. I am pleased to see many steps are being taken to make cloud integration much easier from version 8 and up.

I am interested in finding more out about the privileged account governance features.

Our primary use case was to onboard certain applications for a customer.

One Identity Manager helps minimize gaps in governance coverage among various servers. If you are trying to do an access review, or want to grant access to someone, these generally require a review process. Those kinds of reviews are done manually if there are no governance tools. This tool makes that process smoother. It sends automatic reminders and will automatically discard a request if someone does not approve it. We can even configure it so that if someone has not approved it five times, it can be auto-approved. It streamlines the whole governance process and reduces a lot of manual activity with automation.

It also helps streamline application governance when it comes to application access decisions, application compliance, and application auditing. Previously, these processes required a lot of manual work, but that work has now been discarded.

Another benefit is that One Identity Manager definitely helps application owners make application governance decisions without IT. It sends regular notifications and anyone can see what is pending on their plate. They can take action on what should be a part of their application and what should not be a part of their application, and make informed decisions.

An outstanding feature of One Identity Manager, compared to SailPoint, is the dashboard where they present everything. With the dashboard, the customer can see how the integrations have happened. It is more presentable than what we have with SailPoint. The user experience is good because everything is exposed on the dashboard. They can tweak it a little bit if they want.

Also, using its business roles to map company structures is fairly easy and good, similar to SailPoint. It is handy. This function is very important because today, most organizations rely on RBAC, role-based access control. If a tool offers identity management capabilities, it must also offer role-based access control. Both One Identity Manager and SailPoint offer good role-based access controls. It's easy to configure and use.

I have used One Identity Manager for S/4HANA from SAP, and that was a very complex integration. S/4HANA has a very complex permission structure, and you cannot find the segregation of duty. That means you cannot do policy violations and policy checks. One Identity Manager does not provide a very flexible way to do segregation of duty based on the permission structure of S/4HANA. Doing so is beautiful in SailPoint, which has a more robust way of doing it.

Also, integration with various applications should be made smoother. It is very difficult right now for regular implementers.

Access reviews are another thing that is not that good in the solution. It needs improvement.

Entitlement management is another area where I have struggled a lot, wherein you try to manage the access of users to various applications. It is not that smooth in the solution.

These last three items need to be improved on a very urgent basis.

I used One Identity Manager for about six months.

On a scale of one to 10, where 10 is the best, if I look at the stability equally across all features, One Identity Manager is an eight and SailPoint is a nine.

The solution is very scalable.

I have not interacted with their support.

Onboarding certain applications for a customer was something that gave us difficulty with SailPoint. And the primary driver for switching was cost. SailPoint was very costly and One Identity Manager was a little bit cheaper.

The user experience is good, but the implementer's experience is not that great. As an administrator, when I'm trying to implement a solution, it is a hectic job.

The time it takes to implement depends on the requirements. If you want, for example, to integrate Active Directory, it will take two to four hours because it is an out-of-the-box application and very common. When it comes to complex applications like SAP, HRM, or ERP solutions, they have complex infrastructures. Integrating such applications takes no less than five to six working days.

The number of people involved is based on how big the project is. If it involves implementing 100 applications, you definitely need a team of 15 to 20 people to complete it within one year. But if you only have to onboard five applications with One Identity Manager from scratch, where you have to install the product, it will take six to seven months. With SailPoint, it takes a little bit less time.

We used the help of One Identity partners because we don't have expertise in One Identity Manager. We are SailPoint experts. They were involved in architecting the whole solution from the beginning as well as in customizing it.

The partners struggled a bit because some of the features are not that flexible in One Identity Manager. The product has all the capabilities required, but it is not that implementer-friendly.

In terms of the training that the partners provided to our customers, I was not present, but the feedback from the customers was that it was okay. They understood things.

Overall, the value provided by One Identity Partners was a seven out of 10.

The price of One Identity Manager is cheaper than SailPoint. When we initially suggested SailPoint to some customers they were surprised at the price, so we then suggested One Identity Manager and they went with that.

In addition to the licensing fees, there are costs for customization if you want to build custom modules.

In addition to SailPoint, I have worked with ForgeRock, Microsoft FIM a long way back, and others.

SailPoint has a lot of advantages as compared to One Identity Manager. First, the installation time is very short, and the process is very smooth. Second, it is an implementer's tool, meaning an implementer enjoys developing applications with SailPoint. SailPoint may not be that user-friendly, but it is very implementer-friendly. Implementation is easier with it. And because it is implementer-friendly, implementers can add value to the product, meaning its capabilities can be enhanced based on customer requirements, which is something that is lacking with One Identity Manager. And compared to SailPoint, One Identity Manager has fewer features.

Most of my customers in the region where I work, The Middle East, prefer on-prem solutions. They don't like the cloud. SailPoint and One Identity Manager both have on-prem solutions, so I am focusing my comparison on them.

I have also worked on cloud-based solutions but they have their challenges.

For enterprise-level administration and governance of users, data, and privileged accounts, One Identity Manager is average. Its privileged account management is lacking in capabilities. You have to integrate it with various other PAM tools and only then can it be used for that.

One problem with almost all identity managers today is that the implementation is based on certain information. After that, if certain big changes happen in the organization, you have to reflect all of those changes in the identity management solutions by doing certain customizations or implementation activities. That takes a good amount of time. That complexity is present in almost all identity managers today. It is not very quick when it comes to making changes.

Regarding Zero Trust, that is a buzzword as well as a big word. One Identity Manager alone cannot achieve an identity-centric Zero Trust model. It has to start at the network level through the identity management level, and we have to integrate it with multiple different solutions. We have not achieved Zero Trust for any organization yet.

One Identity Manager is mostly suitable for identity governance capabilities but is not that suitable for access management or privileged account management. If you are evaluating this product for access management or privileged access management, you should not go with it. If you want a governance product, go ahead and use this one.

We are managing the entire trend for our identity management, from HR hire until offboarding. We use it for managing all the IT accounts in the company, which has hundreds of thousands of identities.

At the time of the onboarding, this is solution that we have interfacing with HR. On the same day an employee is hired, an account is created and available for the manager when the end user arrives. The opposite is true. The moment employment is terminated, the same day everything is disabled, then later deleted.

We have integrated it directly with SAP, since our HR source of information is SAP and more than 80 percent of our business is run on SAP. Therefore, we have the largest SAP installation in the world. It's fully integrated, so we are creating, managing, and provisioning in SAP, as it is the core of our business. We are synchronizing for SoD, so it's working well. We are using different aspects of the integration.

The overall capabilities of the identity governance and administration (IGA) solution for identity management.

The flexibility of the solution: We are able to use what is out-of-the-box, customize and prioritize it, then further develop it to meet our needs. Our use for it is very complex, but we are able to achieve success with One Identity.

The back-end, its capabilities, and workflows are very good.

I would like a more friendly web UI. This is something that they are already starting to work on. 

Because of our volume, the monitoring of the solution, several job servers, and DBQs has been very time consuming for us.

I would also like it to have an easier integration with phones.

With the current version, the stability is very good. With the previous version, it was not good. We are now in version 8, and it's really stable and performing.

Without this solution, because of our sheer size, we cannot manage our own house.

We are paying for premium support, which is expensive. However, we do receive very good, fast support.

What we implemented is very broad. We implemented basic identity management: workflow, self-service, and shopping for roles. We also implemented SoD. To implement all of this and because of our size, we had to work with partners and One Identity, which was a complex process.

We have seen a little ROI when there was a restructuring reduction in the market for user management teams, but not enough to cover the cost of the project. The focus was on security compliance, not on return on investment.

This solution has helped to reduce help desk calls. We are a very big company, so we have implemented thousands of role-based access controls which give rights to the users. Based on their movements, we are removing or assigning access. We also have the entire onboarding process fully automated. We have removed more than 90 percent of all manual requests for accounts.

This solution has helped to increase employee productivity when it comes to provisioning users. E.g., We can give users access in under a day. It is now based on how long it takes for HR to perform the action to onboard the employee.

We started an RFP in 2013 or 2014. Then, the end of the process was in 2015, we selected One Identity Manager by comparing it against many other vendors.

Define what you are researching. Write down use cases you need. Then, ask for a demo with you data, so you can see actual results.

We are working on our IT cloud strategy. We are starting to do cloud provisioning integrated with our identity management.

We use it for compliance, but not directly for GDPR.

We are using the policy and role management features.

The primary use case is managing business applications.

We have centralized a large number of access management functions. Therefore, you have one place where you can have control and have automated on/off boarding processes for people joining and leaving. We have done a lot of things, covering a lot of applications.

This solution helps with compliance by having a way of controlling an audit trail, knowing how things are done, and knowing how to control who has access to what.

• Publishing capabilities
• Connectors
• This solution is quite flexible. We have a lot of customization since we have our own business processes. 
• We use it to manage our users in SAP.

Maybe it is going this way with the angled frame work, but we really want to be able to watch and control things, so we can change things and know what the impact will be. 

Most importantly for automatic testing and rollouts, we need an easier way of connecting applications and an easier way of onboarding applications. At the moment, the process is very technical. People associate this as a technical and development thing. In the end, onboarding applications should be a business problem, not a development problem. They have take the technical work out of it. That is why we have to completely custom build a framework. Our work is not about connecting 20 or 50 target systems, as we have to connect thousands, which is difficult to do one-by-one. 

The end user experience needs improvement. One of the things the end users complain most about is the shopping cart, because they are not really on eBay or Amazon buying things. They just need access to business applications. Why do they have to click so many times? We probably have around 20 calls a day because a user hasn't got access, not realizing they haven't completed the shopping cart. So, I would recommend removing the shopping cart.

Stability has been a challenge. With version 8, especially post go-live, we had a lot of problems. We were doing care everyday on One Identity Manager for a good month and a half, just fixing things. Therefore, stability was not great at that time.

It is not really scalable. We had to put in a lot of customization to make it scalable. We ended up putting in a lot of instances to build it up to our scale, not only for performance capability, but for change capability. Therefore, if you have to scale for a large amount of people with several different themes, changing the configuration in One Identity can be hard to coordinate. Everyone has to have their own environments to work in; you cannot work in a joint environment easily.

The policy and role management features are a bit hard to scale. The whole model for who can do what and how to set it up is not so well-governed for a larger organization. The demos are always shown for a 100 or 1000 people, but when it is a large number, it is quite difficult to maintain.

The technical support lacks the knowledge on custom deployments. They have good knowledge on the base product, but they lack the knowledge on the custom deployments. 

Their attitude is a bit strange. Quite often, we have to prove that there is a problem with the product rather than having them prove that there is not a problem with the product.

We had some audit issues. We had a distributive access management landscape (fragmented landscape) that we wanted to centralize, because we had a lot of in-house built tools (very narrow scope of tools) that only did one thing. It was expensive to run a lot of different tools, and we wanted to replace it with one tool.

The initial setup was complex. There are a lot of processes, which have to be covered, with a lot of users. Everyone is affected in the organization. It is not an easy thing to standardize, so it is quite complex. Then, we have five different port identity systems working together. This also makes it quite complex with the data replication between them. Therefore, it was not a straightforward thing to do. However, access management isn't a straightforward thing to do.

The SAP integration is quite cumbersome and long. It took many years. With the new addition of the SAP client to the new system, it is not so difficult anymore. However, there are some challenges with the new SAP technologies where they are not really supported by the One Identity tools.

We have used several consultants for the deployment. We used One Identity Professional Services, Data Consulting, Mphasis, Microsoft, and other smaller ones, which usually come through an umbrella company.

We have improved our security.

It has increase employee productivity when it comes to provisioning and controlling access in the system. It previously used to be distributed between a lot of things. Now, we can do them all in a central way. We are now more automated. End users know where to go to access critical business applications. In the past, it was email-based, textile-based, phone calls, and service tickets, so it was hard to know how to get access.

We have a different product for privileged account governance.

Evaluate how you can do the rollout, how will you approach the rollout, and if you have other application. Check how you are going to do the rollout and plan for it, then evaluate the products against it.

It has increased our help desk calls a lot. We probably have between 60 and 100 access calls related to access management processes in One Identity Manager a day.

One Identity Manager has not impacted our cloud strategy and its management.

We have chosen the product, especially for its governance for all the processes of the company, onboarding of employees, and lifecycle processes.

All our lifecycle processes have been improved. Some processes used to last around five days. Now, there are about one day or a couple of hours. This is very good for the user experience of our workers.

We are very satisfied of the privilege account governance feature, because we implemented a lot of processes around privilege account management that we didn't have before, which is a very good thing.

For the recertification and segregation of duties, it's easier to know all the information about our employees. If we need to delete some information, we can do it from a central point, then it can be deleted on all our searches. This is very good for GDPR.

The most valuable features of the product are the recertification, segregation of duties, and user experience.

The simplicity of the policy and role management features make it easy to use for implementing policies and configuring them.

When you see the product for the first time, it seems very complicated, but it's not. To improve the product, it should be made to seem simpler when you see it for the first time.

For the moment, we don't have any problems in production. Therefore, it is a good product.

The product is quite scalable, except for the database which is not highly available. This is where scalability could be improved.

We have the premium support and are very satisfied. They are always answer our questions very quickly. For the moment, we are very satisfied, but I think it's because we are paying for the premium support.

The initial setup is straightforward and easy to install. If it's your first time with the product, it can be very complicated because there are about 40 to 50 executables. However, when you know the product, it's simple.

The product is quite flexible. In the beginning, the product is an enormous solution. Then, after some training and experience, it becomes easier to implement.

It has helped to increase employee productivity.

We are satisfied with the product.

We primarily use the solution for background management. It's used for provisioning and license management. 

The solution has helped a lot with compliance. We can review access and have recertification alerts that make governing very easy. 

It's very easy to roll out. They do have various defaults available, so you have a variety of rollout options.

It is very easy to handle complex requirements. It provides a very good user experience.

I like the user interface. I'd rate it three out of five.

The solution provides an attributes-based setup, a dynamic role setup, and many other features for enterprises. It provides a single platform for enterprise-level administration. 

It has an easy user experience. It's great. From an intuitiveness standpoint, I'd rate it three or four out of five. It tries to make it easy for administrators to fulfill requirements, even if it needs to be customized. 

The customization is top-notch. It's the best compared to any other tool we've used. It fulfills a lot of needs. I'd rate the level of customization three out of five. 

While I haven't really used the solution's business roles to map company structure for dynamic application provisioning, leadership has used it for this purpose. My understanding is that it is quite good.

The product does help minimize gaps in governance coverage for test development and production servers.

It's helped us to achieve an identity-centric zero-trust model.  We are able to set up dynamic rules centrally. 

The interface can be a bit complex for an administrator to manage. I've used it for a long time; however, for a bit, I was confused. They need to work to make it easier to understand more quickly.

I've been using the solution for a year and a half. 

The solution has great stability. I'd rate it eight out of ten. 

We had 20 to 30 resources involved in the solution. The scalability is very good. I'd rate the scalability seven out of ten. There are some slight challenges, moreso related to human error; however, beyond that, scalability is great.

Technical support has been responsive enough. We do use premium support. You get a great response time and it helps us manage things very smoothly. It also offers support for many different regions. They've helped a lot with integrations. 

Positive

I have used different solutions in the past, including CyberArk. This solution, however, is great for identity governance. 

There was no problem with the deployment process. It took around a week to implement - maybe less than that with planning in place. It usually takes about two weeks to deploy.

The product is fairly priced. 

I'd rate the solution eight out of ten. 

I'm a customer of the vendor.