One Identity Manager Reviews

We are utilizing One Identity Manager as a provisioning engine. The main use case for us is to manage the identity life cycle of enterprise users in our context.

In my current role where I am managing this overall program, not only from the administration aspect but as the one whom all other departments reach out to with their request, one clear benefit is delegation. One aspect that I like about this solution is delegation. We have delegated administration in a way that we have access to new campaigns configured. This solution has a prebuilt option where we can configure campaign managers, and those campaign managers have a very nice prebuilt dashboard where they can monitor the campaign itself. That is very helpful. We can give these department's folks access.

Our identity landscape is very customized and unique. We are not only providing access for different users; we also have a huge set of non-human identities. We have a huge set of provisioned and service accounts. In our previous legacy solution, the issue that we were facing was that the solution was not very robust. We could not come up with some self-governed scenarios, such as moving the ownership of non-human identities, moving the ownership of service accounts based on the change in the managerial hierarchy, or based on users' movements within the organization. With One Identity, there are very good features that come prebuilt. For example, the department hierarchy within the One Identity solution helped us to build some automated logic, which was missing in the legacy solution. Other than the self-service features, there is also the ability to use ready-made capabilities and scale up on top of it. That was another reason to go for this solution at that time.

We make use of the solution’s business roles to map company structures for dynamic application provisioning. We use it quite heavily. In our context, we have two types of roles. We are using more of the requestable roles, not dynamic roles, and we also have dynamic role-based access control configured as per our organization hierarchy. We have defined entitlements and accesses that each department leverages. Accordingly, we have defined roles in our system.

The capabilities of this solution, in terms of out-of-the-box features and the ability for us to do customization on top of it, have helped us to come up with some automated processes, which were earlier taken care of manually by our staff. Whenever human intervention is involved, it is prone to error. It has helped us to bridge those gaps, which ultimately enhanced our governance score.

It has overall helped us to create a privileged governance stance to close the security gap between privileged users and standard users. With the processes that we had earlier, there were gaps in terms of changing the ownerships of privileged accounts and managing them in a way to have notifications in place. The majority of the stuff is provided out of the box to manage privileged accesses. Also, if you are a One Identity shop and have the Privileged Access Management product from One Identity, you are covered 100% out of the box. You do not have to do any customizations. If you are using any other tools for privileged access management, the product has very good features, which you can scale up and customize in your own context.

It has helped enable application owners or line-of-business managers to make application governance decisions without IT, but we are not using it that extensively for that. In terms of the product having features to do it, it has the features because we are using business roles where we have defined owners of business roles. Product-wise, there is out-of-the-box functionality for business owners to manage the membership. In this way, those lines of business owners are empowered to either revoke access or conduct a review on it. Earlier, with the legacy product, they were not able to do that because there was no such functionality.

In terms of user experience, once you get an understanding of the overall working of the product, it is not that difficult. There are so many underlying components within the product, and they are interlinked and working together. The initial impression is that it is just way too complicated for any developer to customize, but once you get familiar with how it is processing the information and how each box is working in silos, and what is the linkage in between, it makes sense. On a scale of ten, I would give it a seven. Three points to spare are for One Identity to enhance its documentation and maybe come up with more. They have a very good YouTube channel where they post content about One Identity. That is very helpful. However, in terms of explaining to new developers, there is room for improvement.

It has a lot of depth. It has advanced features. As a customer or as someone who is managing the solution, I like its self-service capabilities where it has lots of powers, and the users can select any reference users. The majority of the time, we face an issue where new joiners are not aware of what they need to have in order for them to do their job. One Identity has the answer where they can know this by selecting any reference users, which are basically their colleagues. This way, they can quickly know what sort of access they have in the system, and they can raise the same. The system will automatically identify it for them. It saves a lot of time and is also a very useful feature.

Another valuable aspect is the depth of the product. It allows the support team to reroute certain requests to different people, and within their request flow itself, you can ask questions. All these features are very helpful in our context.

There is room for improvement in terms of the ease of adding custom forms to onboard contingent workers. IT Shop is a great tool, specifically in terms of the self-service mechanism where it allows users to request different accesses. However, there are no prebuilt or easily customizable forms that developers can use to create onboarding forms for contingent workers. In most organizations, contingent workers do not have any authoritative source as HR. The majority of the time, the only authoritative source is the Identity Manager or the Identity Management department itself. I would love to see any enhancement in this regard. For user experience and intuitiveness, on a scale of ten, I would rate it an eight out of ten.

There is no out-of-the-box or very easy way to configure processes to manage non-human accounts. The functionalities that we have built are totally customized on top of what One Identity provided out of the box. It would have been nice to see some out-of-the-box or plug-and-play features available for it. However, the functionality was there, and we were able to scale up in terms of customization. Whatever we did was totally customized.

There should be some ready-to-use templates or utilities as the other Identity product providers have. There should be some sort of features that you can enable or there should be utilities that you can even purchase at extra cost. For example, it would be nice to see the utilities to manage privileged accounts or forms, onboarding forms, or other small things that different clients can leverage, even if it comes at a fraction of the cost.

The overall documentation needs improvement. This product has a lot of features, but people are not aware of it. The depth itself is still unknown.

Skilled resources are very difficult to find for One Identity, which leads us to the conclusion that there is very little certification or free information that users can just opt for and learn. In addition to the documentation, they should also provide more resources. Free training for partners would be nice because being a manager, it is very hard for me to locate skilled resources for this tool.

I have been using this solution for a total of five years. I have worked with it for three years in a technical role and for two years in a managerial role where I am managing people who are directly and technically managing the solution.

It is very stable. We do not need to do anything even with patching. I would rate it a nine out of ten for stability.

I would rate it a seven out of ten for scalability because I feel that the architecture of the product is such that you cannot have very effective active-to-active integration between the job servers.

For critical issues, it is good because you can call them, but for the regular issues, I feel that there is a lack of skilled resources on their side.

Neutral

We had another solution from a different vendor, and we replaced that solution with One Identity. We switched because of the self-service capabilities and advanced governance features, which were missing in the earlier solution.

Onboarding from authoritative sources and onboarding directly to One Identity Manager for contingent workers was never an issue for us, even with the legacy solution that we had earlier. The main use case for which we mainly deployed One Identity Manager and replaced the legacy solution was the self-service capabilities. There were limited self-service capabilities in the legacy solution. So, we brought this solution, which complemented the automated provisioning of users in a way that not only the solution is capable of automatically provisioning accesses based upon the policies and templates that we define in our system, but it also has very good features where it allows the end users to do many tasks by themselves. There is a self-service portal, which is called IT Shop in One Identity's terminology.

In terms of consolidation of procurement and licensing, we have not used any other solutions in such depth or so extensively. We still have one use case, which we had with the previous product as well, where we have all Oracle E-Business Suite accesses published on our self-service. The same flows are valid with One Identity as well. However, they are managing the POs and other things. That is still with the ERP itself. We have not gone to the extent of taking responsibility for the functionality of each responsibility within our identity management.

It is deployed on-prem. Our project was not just a deployment. It was also replacing the legacy solution. It was quite a unique and complex project. It took us around eight months to complete it fully because we not only deployed it, we also replaced the whole solution, and we had many integrations in place.

It requires maintenance in terms of product upgrades and security patching. In terms of One Identity upgrades, every two years, we have to upgrade because the previous version is not supported. The other thing for every organization is infrastructure vulnerability patching, so it does require maintenance.

The team that performed the deployment and did the migration had three people: two technical and one architect. The team that is currently managing includes one administrator, one architect, and one developer.

It is cost-efficient compared to its competitors. It is cost-effective. I do not know about the other regions, but here in the Middle East, the competitors are almost double the price.

I would recommend One Identity Manager in terms of value for money, but I would not recommend it in terms of skilled resources. If One Identity increases education, then it is a very good value product.

In terms of the extension of governance to cloud apps, we do have such a mechanism, but we are not directly connecting with any cloud apps. We follow our process. We do it through a proxy or some sort of data power or middleware tool. So, we do have some integration with cloud apps, but we have not used the new feature. I suppose they now have out-of-the-box connectors to connect with cloud apps, but we are not using that feature as of now because it requires a separate license. Unfortunately, we have a short budget on that ground. However, from what I heard from my developers, it is a very nice feature, and it is easy to connect, but we do not have the use case to validate.

Overall, I would rate One Identity Manager an eight out of ten.

We use One Identity Manager to synchronize SAP inbound and outbound Exchange data. More generally, we aim to synchronize data between target systems, such as those used in banking or other companies, and One Identity Manager.

One Identity Manager includes a default SAP connector that we utilize. Its simplicity is evident in connecting to SAP sites through a straightforward click or by completing a connection filtering form. We can easily establish mapping and workflow for SAP sites, making it a streamlined process. While exceptions may exist for specific customers, we can accommodate their needs by customizing workflow mappings based on their requests. Overall, the SAP connector provided by One Identity Manager is remarkably user-friendly and accessible to all, in my opinion.

We've used the web designer module, but it won't be available next year. One Identity has transitioned from web designer to Angular web development, offering complete freedom to create custom web pages and websites. While Angular requires JavaScript knowledge, it provides unrestricted development capabilities, unlike the complex web designer module. New employees struggled with learning web design, but Angular's accessibility empowers developers to modify everything within the One Identity website and backend, including database interactions and custom code development. This flexibility makes One Identity Manager a powerful tool for connecting various systems and databases.

Business roles are crucial for our customers because they are an essential identity management tool. Without them, we'd need to manually authorize every employee and group. However, Business roles allow us to create and assign business roles automatically. This is vital for our customers as we develop best practices for business workflows. A key component is creating business websites, for which we establish job descriptions and roles. Subsequently, we automate role assignments based on organization or title, which significantly streamlines our processes.

One Identity Manager is user-friendly for the end user.

One Identity Manager significantly simplifies application auditing. The auditing site we use extensively is one of its most valuable features. One Identity Manager is remarkably effective for auditing because it empowers us to create and deliver new attestation or compliance tools. We can generate all these audits through both the website and Manager modules. The audit screen on the website is exceptionally user-friendly. Customers consistently praise the audit feature, and we have received no complaints about the auditing site. We are highly satisfied with using the audit site for One Identity Manager.

One Identity Manager's most valuable asset is the ability to customize its front-end website.

The One Identity Manager documentation could be improved. Despite using the solution for six years, I encounter difficulties understanding certain features due to unclear explanations in the documentation. Additionally, while the One Identity Manager community has the potential to be a valuable resource, the community site does not effectively assist all users.

The report site could be improved because while One Identity Manager offers around forty default reports, our customers find them insufficient for their needs. Consequently, we must create custom reports to meet their specific requirements. Although building custom reports within One Identity Manager is straightforward, enhancing the existing default reports would greatly benefit our users.

I have been using One Identity Manager for six years.

I would rate the stability of One Identity Manager nine out of ten. While all software products are prone to errors or bugs, I have encountered none, specifically in version nine. Compared to previous versions like eight and seven, which did experience issues that required resolution, version nine represents a significant improvement in stability and reliability, making it the best version of One Identity Manager thus far.

One Identity Manager is well-suited for large-scale environments, making it an ideal solution for enterprise clients.

We use Premier Support from One Identity Manager. They respond quickly to our tickets, and our customers are extremely happy with the support.

Positive

The deployment is straightforward and takes a week to complete.

Prices in Turkey are high due to inflation, a challenge we've heard about from our customers. We understand that European consumers may have different expectations, but we must reduce the pricing to attract customers.

I would rate One Identity Manager nine out of ten.

Generally, we don't utilize a governance site but instead rely on an identity management site. Initially, our customers define the SAP architecture or structure, outlining user roles that must be created and associated with specific rules. We then establish the SAP site's structure and architecture, focusing on user management before addressing roles. Subsequently, we incorporate the business side to enable dynamic role calculation for users by creating business rules for role management and assigning roles to users.

I highly recommend One Identity Manager to others. Its ability to develop everything within a single platform is incredibly valuable for customers. Many other products or software often encounter challenges or require custom development, but One Identity Manager offers a comprehensive solution. Its simplicity and customization options make it a standout choice. While I haven't used other identity management products extensively, I am familiar with some features of competitors like SailPoint. However, One Identity Manager's flexibility allows for modifications to accommodate specific needs, unlike some out-of-the-box alternatives.

Its main purpose is identity management. It is an IGA tool. The organization where I am currently working is mainly using One Identity Manager for identity management and access control. We are also using it for various types of provisioning such as Azure AD, Exchange Online, or SAP account creations. When we talk about identity management, we also consider the various access recertifications. All those are being carried out as part of One Identity Manager.

It streamlines operations. Whatever you put in from an identity management perspective, access governance perspective, compliance perspective, or application perspective gets very easily streamlined. You can easily integrate multiple applications because it provides the inbuilt features or the default connectors. You do not have to know how cloud applications or other applications work. One Identity is doing everything. They provide custom connectors. You just get the details of a cloud application and then connect. One Identity by default will manage the things for you. They have inbuilt features, so you just have to study and implement them. In my last organization where I implemented One Identity, we integrated almost 12 SAP applications. It was easy. Once you define the framework, then implementation is very easy. Implementing multiple applications, managing users, and the entire JML lifecycle is streamlined.

We use One Identity Manager to help manage SAP. One Identity provides a connector for SAP. From an enterprise solution perspective, it can be implemented very safely. I have done multiple SAP implementations with One Identity. It provides all the inbuilt functions and everything related to SAP. It is a very good tool to implement SAP for an enterprise. If an employee has multiple SAP accounts or multiple SAP systems, One Identity provides a singular feature where you can have all the SAP accounts listed under an employee. From a management perspective, it can be easily managed. It is very good. It provides a unified view of all the accounts and various systems of SAP. Everything such as the SAP rules, groups, profiles, and access policies can be managed via One Identity, but I am not sure if workflows can also be managed.

One Identity is a complete and wholesome tool for managing any enterprise application. It provides a unified platform to manage everything. When you implement One Identity, you have all the features needed within an enterprise to manage various applications, such as SAP, Active Directory, Exchange Online, etc. From an enterprise perspective, it is wholesome and unified, and it supports everything. It supports the SaaS features, PaaS features, and cloud features.

We use business roles to map company structures for dynamic application provisioning. Normally, when any employee gets onboarded, they need access to certain company resources. You can assign any company resources to any business role, and you can assign that business role to an employee. That employee automatically gets access to the company resources. It is an important feature, and most organizations use the business roles part very frequently.

We are able to extend governance to cloud apps by using One Identity Manager.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. For the test environment and the production environment, you have a streamlined approach. The process of transporting from dev to production with One Identity is very smooth. It also provides a transporter tool or feature. You can just pull out the production configurations and put them in a lower environment. It just makes it as similar as production. In that way, the difference in the environments can be minimized. The configurations can be made similar. You do not have to pull the relevant production data. You cannot put it in a lower environment. From this perspective, it streamlines the environment and fills the gap.

It streamlines the application access decisions, application compliance, and application auditing aspects of application governance. It provides various compliance-related features and auditing features. They are inbuilt and very helpful for compliance and audits.

It provides various views. Employees have their own portal for requesting roles or accessing their profiles to see what type of access they have. Similarly, owners have a unified view within the portal for multiple roles, groups, or any resources. They have separate views. They can easily manage things. The views are well segregated within One Identity. There is the product owner's view, the manager's view, the employee's view, and the system administrator's view. There is also the business role owner's view and the call center's owner's view. Everything is well segregated.

There are various tools available in the market. The best part of One Identity Manager is that it provides wholesome features. Most of the things required for identity management are given out of the box in One Identity Manager. You can just define your use cases, take this tool, and right away implement the solution. The default features and the default setup are already embedded or built into One Identity Manager. That is what provides One Identity Manager an advantage over other tools where we have to customize things, whereas, in One Identity Manager, most of the things can be done out of the box. On top of that, if something needs to be customized, that can also be done in One Identity Manager. The inbuilt functions or features that One Identity Manager provides for identity management are very good.

I have been working on it for the last six years. It is very good from the user experience perspective.

Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work. This is the only thing. There are some gaps in that, but One Identity is trying to bridge those gaps.

I have been working with One Identity Manager since 2018. It has been around six years.

It is a very stable tool. There is about 80% stability.

It is scalable. I would rate it a ten out of ten in terms of scalability.

In my project, we have around 23 people using it.

We just take the normal support whenever we have any issues. For the premium support, you have to pay a lot.

The support from One Identity is very good. Whenever you reach out to them, they help you out. If you have a license, they have a technical support team. They also have a professional services team if you need any professional support. From the customer service perspective, they are pretty good. You can reach out to them anytime. That is a very flexible option they have.

In terms of documentation, they have everything. They have all the technical documentation and all the details. They also have a user forum where you can post your queries. It is a global forum where experts reply within an hour or two, which is very good. You can reach out to these experts, and they will help you out. The user experience is very good with One Identity.

Positive

In the current organization, we have had One Identity from the very beginning, but I have worked with other products. One Identity is far better than them. Pricing-wise, One Identity is more costly than others, but in terms of features, One Identity provides many features by default. It was not available in other tools. We have to do everything from scratch, whereas you do not have to do that in One Identity.

It is deployed on the cloud. If you want to install One Identity from the very beginning for the cloud application, it will hardly take three months. It can also be done before that. For a huge client, it takes time. For a small client, it can be implemented within two months.

It does require maintenance. From time to time, they have upgrades. They have long-term releases year after year, so it has to be updated. Sometimes, they do a cumulative update to fix many issues.

For upgrades, I am the only one, but when it comes to implementation, we have multiple teams. We have four to five members actively working, and then there are supporting resources.

It has saved us about 30% of the time.

It is fairly priced because they provide all the features by default. That is why they charge a bit more than other vendors. I am not sure about the exact cost part, but One Identity is a little bit more expensive than IBM and other tools.

I would definitely recommend implementing One Identity, but you have to understand how One Identity works and how it has been developed. You will be able to easily implement it then.

One Identity is a unified solution, and most of the features are inbuilt. Before you make any customizations, you need to understand how One Identity works. That is a critical bit. Normally, developers have a development mindset. They do not think from the framework perspective, but One Identity has been implemented from a framework perspective. They have designed this solution keeping in mind the needs of enterprises and how enterprises manage their accounts, employees, and applications. You should look at it from the framework perspective and not the customization perspective. However, even if you have to make any customization, it is very easy. You just have to learn .Net and MS SQL. If you understand how One Identity works, implementation and customization are very easy.

Overall, I would rate One Identity Manager an eight out of ten. 

We obtained tickets for user access roles to grant appropriate access to specific target systems. To process these tickets, we need to determine the user queue number, search for the corresponding user in One Identity Manager, and verify their target roles. The process includes understanding how to resolve each ticket.

One Identity Manager provides a single platform for enterprise level administration and the governance of users.

Immediately after deployment, we can reap the benefits of One Identity Manager. Based on my previous experience resolving similar tickets, I am confident that users will receive the desired access to roles upon completing the necessary configurations within the manager and observing the job queue.

One Identity Manager's user interface can be confusing due to its multiple UIs. Having worked with ForgeRock Identity Access Management, which has only two UIs for access and identity management, I believe One Identity's interface is significantly more complex and challenging to navigate compared to ForgeRock or other similar tools.

I have been using One Identity Manager for almost eight months.

It lags. Due to configuration issues, the system requires eight to ten GB of RAM, ideally 16 GB, to function properly with One Identity. If the system has eight GB of RAM or less, the tool will experience lag during use, regardless of the task being performed.

I previously used ForgeRock Identity Access Management but have been asked to switch to One Identity Manager for a new project.

Deploying One Identity Manager proved challenging due to the extended time required to install all necessary tools and subsequently gain access. While deployment would be significantly easier with the documentation, the process is lengthy regardless of the system. Additionally, any system hosting the tool must have a minimum configuration of 16 gigabytes of RAM. It takes one day to fully deploy One Identity Manager.

I would rate One Identity Manager six out of ten because of the complicated UI and system configuration lagging issues.

One Identity Manager requires no maintenance; once deployed, it can be used for any required purpose and then closed. However, if deployed on a virtual machine or VMware environment, it must be accessed every one or two years to prevent deletion due to machine expiration.

We started using the solution for the supply chain. We are a retail organization (FMCG) and we use it in the distribution center, at the head office, and for all of our employees in the stores, even the stock clerks.

The solution has made it possible for us to give everyone in the store a personal account for application access. That was not possible without One Identity. In the past, only management had a personal account in Active Directory and could use the computer and applications. It allows everyone to reach whoever they need in the store. It's also allowed us to move to the cloud and keep security. It helps us monitor users as well.  

The solution helps us to efficiently manage lots of authorizations automatically. We started initially using One Identity as a tool for security reasons. But then we noticed that management in the supply chain embraced One Identity for operational efficiency reasons. Today It allows all 100,000 employees to automatically access all kinds of applications.

We use it for SAP. We have multiple SAP systems. We use it for HANA and the cloud environment, for example.

One Identity Manager provides an enterprise view of management for logically disconnected SAP accounts. It's very good yet also difficult. Technically, it's a good solution, however, you need to have people who understand it and can use it the correct way. Being just a One Identity developer is not enough. You need to be specialized in this kind of module to use it to be efficient and effective. We are not there yet to use all this additional functionality.

One Identity Manager connects SAP accounts to employee identities under governance. It is important to see who has which SAP role, and if it's assigned based on the HR function, or assigned after an additional request.

There is a special SAP connector. There is reporting. You can build reports yourself. There are lots of possibilities, however, you need to know how to use it.

The solution is good for providing a single platform for enterprise-level administration and governance of users, and access to applications and data. We use it only for personal accounts. We have a separate PAM solution to manage privileged accounts. But to request access to PAM-tooling initially, needs to be done in One Identity. It's a two-step approach.

What I noticed, is that the user experience in version nine is good. We’re using an older version. The user experience is not very good in version eight. It’s a bit old-fashioned as it appears now. The latest version is much more modern.

We make use of the solution's business roles to map our company structure for Dynamic Application Provisioning. We are giving people the right authorizations based on the job and function. We use it a lot, especially in the stores and distribution centers where there is a high frequency in the joiner, mover, and leaver process, but the organizational structure is quite solid and doesn't change a lot.

We use One Identity also to give access to test environments, as self-service.

It has positively affected operations. There are a lot of things that are possible. It does what you want. 

It provides more insights because HR data and access to all systems are in one system. This information can help us to review who needs more access, or revoke access if it's necessary.  

One Identity Manager helps streamline application access decisions. There's an approval flow for additional access requests. For every application, you can have a different flow, in case you need extra security approvals or from a data-owner. 

It helps streamline application compliance and auditing. We can do a re-certification process and someone can give approval if it is needed or not. It's helped us improve governance. The re-certification process is very good. 

The solution helped enable application owners or line of business managers to make application governance decisions without IT. All employees and managers can request access as a self service in One Identity instead of going through IT.  The request for access is easier, and faster, because after approval the access is automatically granted.

It's customizable. However, that's also the downside. It's a bit complex and there are so many possibilities. You need to have good developers who know what is standard and how it's meant to be used before they adjust all kinds of stuff. It is possible to configure and change a lot of things and if it's not good enough, you can use custom code.

They should offer more best practices and documentation for every functionality. It would be helpful if there was a demo environment to show the possibilities and how they can be used. That would help with the learning curve. 

I've used the solution for quite a long time. It's likely been about seven years. 

The stability is very good. 

We have 100,000 users on the solution currently.

The solution is scalable. 

I'm satisfied with the level of support we receive. 

We use regular support. I was not aware premier support was an option.

Positive

I did not previously use a different solution.

The initial setup was complex. The start of the project took a bit more time than we expected.

We're still busy with the solution. We have a DevOps team, and every week we have things to do and improve. It's not a project you start and finish. It's a continuous process. 

We currently have a team of six people working with it. 

The solution requires a lot of maintenance. That includes updating, patching, and monitoring all kinds of processes that are running. On top of that, there are incidents that you want to improve and make better. 

It's important to have a good partner, a good process, and good people involved for the initial setup. We started the project with another team and moved to another partner. The partner was involved with training staff on the solution. 

The first partner we started with didn't understand what we really wanted and we went our separate ways. Our second partner understood our business much better and we have had a more successful partnership. They've been involved with post-implementation support. 

I cannot speak to the pricing. I don't deal with the licensing. 

We are a customer and end-user. 

It is hard to pinpoint when we noticed a benefit with this solution. It was step-by-step. We didn't dive in all at once. It might have taken two years of working with it and implementing small steps before all stores and franchises were under the solution. 

I'd advise others to start with the solution as a managed service so that you don't have all of the technical hassles. 

I'd rate the solution eight out of ten. 

The purpose of the solution is to add customers with identity and access management. We build software for them and configure everything, however, we're more on the consulting side. 

Automation has really helped to improve things. It provides less manual work for creating accounts and providing permissions. It allows for a faster onboarding process. As soon as a person joins a company, it used to take one or two weeks until someone had permission to access everything that they needed to access for the job. With this product, that can be reduced to half a day. 

There's now an automatic generation of accounts. There's no human element anymore. It's directly from HR to the Active Directory. There are fewer errors made or no errors. Overall, there are fewer errors, more automation, and faster processes. If someone leaves the company or needs to be deactivated and everything needs to be removed, nothing is forgotten. 

The customization is an excellent aspect of the solution. You can basically change the product to anything that we need to with most of the code available. Most of the user interfaces can be changed just by the request of the user and our customers. That's very good. 

Another very good part is the standard connectors, especially SAP. The integration with SAP and One Identity Manager is just very good. It brings a lot of the standards with it already. There's a lot that has already been done and doesn't have to be configured manually. That's back to the customizability. If the SAP connector or any other connector is not enough, things can be reconfigured. 

We use it to manage SAP. From an enterprise view standpoint, we have a full list of all SAP users. It connects all SAP users to the specific employees and we get an enterprise view. The solution connects SAP accounts to employee identities under governance. That is very important. It's one of the most important things we can do - to recertify permissions and recertify the users and also find authentic users that are not used anymore. That is why it's a very important part of governance.

The solution provides some default workflows for creating users, updating permissions, et cetera, however, you can customize beyond that. You can basically do whatever you want all in workflow and processes, automatic processes, et cetera. 

It provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts. It allows you to see everything. If you have more than one product, you have a very good overview of everything. The identity manager alone can give an overview of privileged accounts that exist. The overview is very good. 

The solution's user experience and intuitiveness are great, especially for the users and administrators. The web interface is very good. It's very easy to use. Most customers change the interface colors and icons and stuff like that to match their own company. 

It is easy to customize the solution for our particular needs or for our client's particular needs, depending on what has to be customized. For web interface customization, you need to do some programming. You need to be experienced in web interface programming. However, enterprise processes, workflows, approval, recertification, and calculation of permissions and stuff like that is very easy. It's easy to configure that without much knowledge of the system. 

We make use of the solutions business roles to map the company structure for dynamic application provisioning. Business growth is one of the first things that we try to conceptualize with our customers. We can map specific permissions to specific roles and also apply those via dynamic roles automatically to people in specific departments.

We do use the solution to extend governance to cloud apps. This extension of governance to the cloud apps is important. You have to extend the governance to every aspect - not only on-premise, but also cloud. You cannot stop with governance. If you only do governance on half your systems, then that doesn't really make sense. Therefore, it's very important that the solution provides it for the cloud as well.

The product helps minimize gaps in governance coverage. The recertification and access management part can help with that.

It can help consolidate procurement and licensing. None of our customers have needed it until now. 

The solution helped enable application owners and managers to make application governance decisions without IT. When the recertification or application access is automated and configured correctly, then the manager automatically gets, for example, every six months, a request on the web interface, which is very easy to understand. It basically explains everything. The user just has to click the green arrow or the red cross to say yes or no to certain access or permissions; it's very easy.

The product helped us achieve an identity-centric zero-trust model. It all comes back to the optimization of different accounts since everything is connected. With this product, you get a 360-degree view of all accounts, et cetera. 

Items that can be improved in the solution include pricing, integration, support, and analytics.

The update processes for hotfixes need improvement. There are bugs in the system, and even though there are not a lot, there's no information about it until you happen to stumble upon it and then talk to the support, and then the support informs you there has been a hotfix for that for two months. Users need to be informed they exist in advance. 

Integrations are basically always able to improve. They can always have more standard connectors, more prepaid workflows, more templates, and stuff like that. That said, with the standard rest API and C-sharp and power share connectors you can basically do everything that you need to do even with stuff that is not supported.

I've been using the solution for three years. 

It's very stable. I have never seen it crash or anything like that.

It's very scalable. I've seen the solution operate with millions of users. 

I mostly work with premiere support. It offers faster support times. That's important. When we do reach out, it's likely very critical. 

Positive

I have past experience with Microsoft, Omada, and IBM HCI, among others. While I can't speak to the pricing differences, functionality seems to be better with One Identity. It's more customizable and the user interface is very good.  

The deployment varies according to what is included in the deployment itself. To get it up and running, it takes about one year. 

We have enterprise clients and it's mostly deployed in a high-availability environment, mostly three databases, a web server, and an application server. It mostly starts small with one server and then grows bigger. The same is true with the application side. All of our customers are using Active Directory, Azure Active Directory, or a combination of both. That's the first integration that we start with. Then, we also have, of course, HR data coming in via .CSV or a REST API or starting connector. 

We're also implementing standard workflows, and standard processes, and integrating HR data to exchange for emails or anything like that. As soon as the big applications are done, we provide workshops so that the companies can extend the product by themselves.

The solution requires maintenance. There are regular updates provided. We also check regularly if there are any processes or jobs that aren't working anymore. Other than that, there's maintenance maybe once a year. It's not very often.

I'm not too familiar with the pricing.

We're integrators.

I'd advise others to always do a proof of concept for this or any other product they use. However, I would recommend the product to others. 

I'd rate the solution nine out of ten.

Currently, we are using the One Identity Manager solution for user feeding from the HR database to target systems such as Microsoft Active Directory, Microsoft Exchange, and other protocols and servers. In our organization, One Identity's main use case is user feeding, user onboarding, and user offboarding.

We have created job flows for users, and One Identity listens to our HR database to see if there are any changes. It detects any changes and then synchronizes with the target systems or feeds the target systems. We have created a custom workflow based on our organization's requirements, and then we are managing our users with One Identity.

One Identity has a single sign-on solution. If you want to use single sign-on or auth providers in your organization, you can use it, but currently, we are not using it for the single sign-on features. We are using it for privileged accounts. We have created custom rule sets for access reviews, attestation, etc. We have also created flows for the segregation of duties and job rotations. We are handling these operations or regulations with One Identity.

We are completely working with an on-prem solution. As per Turkish financial regulations, we can't use cloud services for financial services. That's why we didn't test any scenarios related to the cloud and any software on the cloud. We are currently using its latest version.

It's very easy to implement for privileged accounts and for our regulations. It's a competent solution that we can use for our regulations and requirements.

We use its business roles to map company structures for dynamic application provisioning. We are implementing and developing our business roles for business needs. One Identity mainly manages our business roles to do all the business and use financial tools in our bank. It's critical for our business. If this solution is not working properly, our main functions and our main operations will not continue because all access rules are managed with One Identity. Some roles will not be able to do their daily tasks. Currently, One Identity is managing the roles for credit approval, credit preparation, and credit final approval. Without it, they cannot do their daily tasks, and they cannot approve credit.

For IM services, we are completely working with One Identity auto-flow jobs. Our help desk, or our user administration teams, are not involved in any subsidiary company's employees' processes. We delegate activities related to user onboarding and offboarding to their HR teams. They start the onboarding process with their own portal running on One Identity, and then, auto tasks and auto flows are managing the operations to the target systems. Our operations teams are not involved in this process, so there is no overhead in managing users.

We have many regulations for access reveal, user onboarding, user offboarding, user rotation, and user re-organization tasks. For example, if users move to another department, One Identity manages the activities for data operations, such as removing some groups and adding new groups. It happens automatically with One Identity. We need to meet these regulatory requirements, and it helps with that.

We can also see historical operations and modification logs with One Identity. If we need information about any activities, we can create an identity-based custom report for users or an object-based report for groups. We can create a report to see what happened, what changed, and which modifications happened in our systems. We can provide detailed reports to our auditors. It has powerful reporting tools for auditing activities.

One Identity Manager completely helps us with our operations. We are relying on One Identity for our operations. We don't want to touch Microsoft AD, Microsoft Exchange, or other target systems. We don't want to touch them, log in to them, or operate anything on these servers. Our master database and our master platform for modifications is One Identity.

It has helped to close the security gap. If any unauthorized change happens on our target systems, or a suspicious change happens in our target systems, the One Identity platform overwrites these operations because the master database is One Identity. If there are any security vulnerabilities, or if there are any suspicious activities that are identity-based or related to our privilege groups, One Identity will ignore and overwrite that with the master data.

Identity Manager has been managing our application authorization tables. All of the authorization tables and all the access-revealing features are managed with One Identity. These tasks are delegated to us, and we are providing One Identity's reports for the auditing activities and requirements.

Changes are being synchronized with applications. If there are any changes on One Identity access tables, it'll affect the applications directly.

It has helped to achieve an identity-centric Zero Trust model. We can manage and we can feed from one database to all target systems. We have distributed target systems. We have more than 10 target systems, and we are effectively using One Identity tools for managing and seeing from one view. From the operation side or the administrative side, this solution helps us to have a view without logging into the target systems.

We did a PoC with other identity management tools such as SailPoint, Oracle Identity Manager, and Microsoft Identity Manager. We chose this product for being able to accommodate our requirements. It's very flexible, and it's open to being developed to our requirements. For example, for our custom tasks related to subsidiary companies, we created a custom HR portal for our subsidiaries. These employee accounts are not in our main HR databases. We created a portal in One Identity for their HR divisions, and they are doing their daily operations on this One Identity custom portal. That's why we chose this product for our production environment.

Another reason for choosing One Identity was the local support and the Password Manager solution that they have.

The product's GUI could be more user-friendly.

One Identity can improve its Password Manager solution for custom requirements. We want to manage different environments, such as test environments, and we want to manage their passwords, but we can't use this solution because their environment does not have its own connector server.

I'm not sure if One Identity already has it or not, but there could be a Privilege Identity Management solution from the vaulting side in the One Identity family.

It has been almost three years.

It's very stable. I would rate it a nine out of ten in terms of stability.

It's scalable. We have installed it on an on-prem server in one of our data centers, but it's a highly available infrastructure. It's not a standalone server. We have a redundant topology for this one. The approximate number of end-users who are using this solution is 35,000. Its usage would only increase by 5% in our organization.

Currently, we are using both premium support and local partner support. We are getting support from our local partners for the development requirements from our side. They are supporting us with development requirements. I would rate our local partner an eight out of ten in terms of support. 

We used Security Identity Manager from IBM. We switched to One Identify because that product was out of support, and it was not open to implementing a custom workflow from our side. It was not flexible, and it was not a convenient service.

I worked as a team leader. I was involved, but I did not execute or administer this service. We worked with our local partners, and they did it for us, but it was straightforward. 

It took about three months to implement it. We closed our old identity management solution and moved all the workflows to the new one, but the installation was quick.

We used SoftwareOne in Turkey for the implementation. In general, four people were involved in the implementation. We had two people from each side, and then there was a project manager. People from our side were from the Identity Access Management department. They were Access Management architects. From the integrator company, two people were Identity Access developers.

Our experience with SoftwareOne was good. They helped us to customize the solution for our particular needs. They trained us on the solution, which was very helpful for us in managing and doing daily activities. They have also been involved in post-implementation support. We are happy with their support. They have been very important to us. We wouldn't have been able to go further without them.

In terms of its maintenance, for the maintenance tasks, two IM specialists are involved.

It was okay for us. It was not too much for us. It was nearly the same as other products. It was not expensive.

We aren't paying any costs in addition to the standard licensing fees. We are just paying for the local support. We are paying for the development requirements to our local partners.

We evaluated SailPoint, Oracle Identity Manager, and Microsoft Identity Manager. When we compared this solution against SailPoint, they were very close, but the local support and development capabilities were the reasons for going with One Identity.

It's a very flexible solution. You can improve or develop it based on your needs. If you have a little bit of knowledge of .Net code, you can create whatever you want. The product is so open to development. If you have some coding experience, you can do whatever you want. This is one of the most important things for us.

I would rate it an eight out of ten.

We're a consulting company and provide professional services. If the customer has the solution, we end up using it. 

It offers really powerful processes. For example, when a person is joining a company, or changing teams, or leaving, it's easy to create a management flow for the onboarding or offboarding process. It helps manage all of the accounts a person might need to have access to. It integrates with several platforms and has specific connectors that make it very useful. It works with the majority of applications an enterprise might be using, such as Salesforce or various cloud providers. It also integrates well with SAP. 

It provides a unified view of logically connected solutions. It can connect to accounts related to employee identities under governance. It's probably the main reason a client would use the solution. The entire reason to deploy such a solution would be to have governance over accounts and have access to the life cycle of the account. 

The solution is a single platform for enterprise-level administration and governance of users, data, and privileged accounts. 

It can be fairly easy to customize, depending on a user's particular needs. If you are integrating with some very common solutions, it's pretty straightforward. 

The solution offers various business roles to help map company structure, name, and provision. You can tie permissions to specific roles very effectively. You can implement role-based access control.  

We've used it to extend governance to cloud apps. This is important to us. The common trend is to move to cloud applications. Even local clouds afford the same level of permissions. Having a standardized layer in between definitely helps. 

We immediately noted the benefits of the solution. However, it depends on the type of user. Common enterprise users can get quick results. Those responsible for identity access management or compliance see the results quickly. They'll benefit almost immediately. The normal user, however, may not understand the difference. 

You can use the solution to minimize security gaps and close the gaps between privileged and standard users. 

It can help consolidate procurement and licensing. It can help you understand how many users need access to specific applications to help you get better numbers as to what is needed and not overbuy licenses. 

The solution helps us streamline application access decisions, application compliance, and application auditing. You can get reports. It's nice. It helps with visibility and planning. 

It helps reduce footprints and minimizes access from unrelated teams. 

The user interface can be a bit clunky. It could be more modern. 

Its documentation could be better, especially around complex configurations. 

Support could be better as it is part of the user experience of the product itself.

I've used the solution for the past year. That said, we do not use the solution in my company directly. 

The solution is pretty stable. I haven't experienced any major issues. 

It's a scalable product. You can integrate with many platforms, and it works well with the majority of common enterprise platforms. It's pretty scalable overall. 

I've contacted support in the past. There is premiere and regular support, and I've used both. I work mostly on the client's behalf, which I would reach out to would depend on the client's contract. 

Premiere support has more advanced engineers and is more available to the users.

Normal support could be better in terms of the level of service. They should offer more services during the initial deployment and configuration. 

Neutral

I have used competitors in the past.

One of my colleagues handled the configuration and setup process. I've never experienced a deployment. 

If any maintenance is needed, it will depend on the deployment model. For example, if it is on-prem, it would need a bit more maintenance than if it were deployed on the cloud. There may be access and configuration reviews or integrations with other platforms that may be ongoing on occasion. 

Given the fact that you can save a lot of time and headaches around compliance, it is worth paying for this - if you are an enterprise. SMEs may find the cost high, even though they could benefit from the offering. 

We're One Identity partners. 

I'd rate the solution seven out of ten.