I implement One Identity for multiple use cases, including identity management, access assignment, and workflow automation. I also use it to migrate workloads from the admins to the business owners of the resources that are available in the IT shop.
solution architect/ engineer at APEX.IT Sp. z o.o.
It delivers a simple solution for assigning the correct permissions to the right person
Pros and Cons
- "One Identity is simple to implement. About 90 percent of the implementation is configuration rather than scripting and creating the connectors."
- "There are too many different user interfaces. For example, one is the designer and another is the manager. There's also a web interface and an object browser. It would be helpful to consolidate all of those into a single administrator portal."
What is our primary use case?
How has it helped my organization?
One Identity increases security and decreases the provisioning time. Provisioning can be completed in a few minutes instead of days. That's a huge difference. It improves governance because you can deal with a problem account much quicker. You can fine-tune the roles to an employee's position in the company. You can give them the exact permissions they need and nothing more.
It delivers a simple solution for assigning the correct permissions to the right person. One Identity helps us develop an identity-centric zero-trust model. The solution gives us one centralized entity for all the accounts in the connected systems, such as Active Directory accounts, email accounts, application accounts, SAP application accounts, etc.
What is most valuable?
One Identity is simple to implement. About 90 percent of the implementation is configuration rather than scripting and creating the connectors. It's quite easy to customize the solution.
What needs improvement?
There are too many different user interfaces. For example, one is the designer and another is the manager. There's also a web interface and an object browser. It would be helpful to consolidate all of those into a single administrator portal.
Buyer's Guide
One Identity Manager
June 2025

Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.
For how long have I used the solution?
I have used One Identity Manager for 10.
What do I think about the stability of the solution?
One Identity is a stable product.
What do I think about the scalability of the solution?
One Identity is scalable. We deploy the solution for businesses of all sizes.
How are customer service and support?
I rate One Identity support nine out of 10. Most of our customers use One Identity's premier support. The main advantage is that they offer 24/7 service, so you can call them on Sunday evening if you need help.
Which solution did I use previously and why did I switch?
I previously used SailPoint and OpenText.
How was the initial setup?
Deploying One Identity is straightforward and only takes a couple of days. After installation, you have to onboard the servers, databases, Windows operating systems, etc. The number of people needed during the deployment varies, depending on the size of the project. It is typically deployed at two or three locations.
One Identity requires some daily maintenance to ensure that everything is working fine. We need to review the logs and extend the functionality for the customer. Sometimes, the client needs to make changes like connecting a new hub system connected, adding applications, changing the workflow, etc.
What's my experience with pricing, setup cost, and licensing?
One Identity's pricing is similar to that of other products. It might be a little more expensive, but you save time and implementation costs. It's cheaper to implement One Identity compared to Sailpoint and other solutions.
What other advice do I have?
I rate One Identity Manager 10 out of 10. I recommend doing a proof of concept before implementing the solution.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner

Lead IAM manager at a tech services company with 11-50 employees
Streamlines application governance for access decisions, compliance, and auditing
Pros and Cons
- "An outstanding feature of One Identity Manager, compared to SailPoint, is the dashboard where they present everything. With the dashboard, the customer can see how the integrations have happened."
- "Integration with various applications should be made smoother. It is very difficult right now for regular implementers. Access reviews are another thing that is not that good in the solution. It needs improvement."
What is our primary use case?
Our primary use case was to onboard certain applications for a customer.
How has it helped my organization?
One Identity Manager helps minimize gaps in governance coverage among various servers. If you are trying to do an access review, or want to grant access to someone, these generally require a review process. Those kinds of reviews are done manually if there are no governance tools. This tool makes that process smoother. It sends automatic reminders and will automatically discard a request if someone does not approve it. We can even configure it so that if someone has not approved it five times, it can be auto-approved. It streamlines the whole governance process and reduces a lot of manual activity with automation.
It also helps streamline application governance when it comes to application access decisions, application compliance, and application auditing. Previously, these processes required a lot of manual work, but that work has now been discarded.
Another benefit is that One Identity Manager definitely helps application owners make application governance decisions without IT. It sends regular notifications and anyone can see what is pending on their plate. They can take action on what should be a part of their application and what should not be a part of their application, and make informed decisions.
What is most valuable?
An outstanding feature of One Identity Manager, compared to SailPoint, is the dashboard where they present everything. With the dashboard, the customer can see how the integrations have happened. It is more presentable than what we have with SailPoint. The user experience is good because everything is exposed on the dashboard. They can tweak it a little bit if they want.
Also, using its business roles to map company structures is fairly easy and good, similar to SailPoint. It is handy. This function is very important because today, most organizations rely on RBAC, role-based access control. If a tool offers identity management capabilities, it must also offer role-based access control. Both One Identity Manager and SailPoint offer good role-based access controls. It's easy to configure and use.
What needs improvement?
I have used One Identity Manager for S/4HANA from SAP, and that was a very complex integration. S/4HANA has a very complex permission structure, and you cannot find the segregation of duty. That means you cannot do policy violations and policy checks. One Identity Manager does not provide a very flexible way to do segregation of duty based on the permission structure of S/4HANA. Doing so is beautiful in SailPoint, which has a more robust way of doing it.
Also, integration with various applications should be made smoother. It is very difficult right now for regular implementers.
Access reviews are another thing that is not that good in the solution. It needs improvement.
Entitlement management is another area where I have struggled a lot, wherein you try to manage the access of users to various applications. It is not that smooth in the solution.
These last three items need to be improved on a very urgent basis.
For how long have I used the solution?
I used One Identity Manager for about six months.
What do I think about the stability of the solution?
On a scale of one to 10, where 10 is the best, if I look at the stability equally across all features, One Identity Manager is an eight and SailPoint is a nine.
What do I think about the scalability of the solution?
The solution is very scalable.
How are customer service and support?
I have not interacted with their support.
Which solution did I use previously and why did I switch?
Onboarding certain applications for a customer was something that gave us difficulty with SailPoint. And the primary driver for switching was cost. SailPoint was very costly and One Identity Manager was a little bit cheaper.
How was the initial setup?
The user experience is good, but the implementer's experience is not that great. As an administrator, when I'm trying to implement a solution, it is a hectic job.
The time it takes to implement depends on the requirements. If you want, for example, to integrate Active Directory, it will take two to four hours because it is an out-of-the-box application and very common. When it comes to complex applications like SAP, HRM, or ERP solutions, they have complex infrastructures. Integrating such applications takes no less than five to six working days.
The number of people involved is based on how big the project is. If it involves implementing 100 applications, you definitely need a team of 15 to 20 people to complete it within one year. But if you only have to onboard five applications with One Identity Manager from scratch, where you have to install the product, it will take six to seven months. With SailPoint, it takes a little bit less time.
What about the implementation team?
We used the help of One Identity partners because we don't have expertise in One Identity Manager. We are SailPoint experts. They were involved in architecting the whole solution from the beginning as well as in customizing it.
The partners struggled a bit because some of the features are not that flexible in One Identity Manager. The product has all the capabilities required, but it is not that implementer-friendly.
In terms of the training that the partners provided to our customers, I was not present, but the feedback from the customers was that it was okay. They understood things.
Overall, the value provided by One Identity Partners was a seven out of 10.
What's my experience with pricing, setup cost, and licensing?
The price of One Identity Manager is cheaper than SailPoint. When we initially suggested SailPoint to some customers they were surprised at the price, so we then suggested One Identity Manager and they went with that.
In addition to the licensing fees, there are costs for customization if you want to build custom modules.
Which other solutions did I evaluate?
In addition to SailPoint, I have worked with ForgeRock, Microsoft FIM a long way back, and others.
SailPoint has a lot of advantages as compared to One Identity Manager. First, the installation time is very short, and the process is very smooth. Second, it is an implementer's tool, meaning an implementer enjoys developing applications with SailPoint. SailPoint may not be that user-friendly, but it is very implementer-friendly. Implementation is easier with it. And because it is implementer-friendly, implementers can add value to the product, meaning its capabilities can be enhanced based on customer requirements, which is something that is lacking with One Identity Manager. And compared to SailPoint, One Identity Manager has fewer features.
Most of my customers in the region where I work, The Middle East, prefer on-prem solutions. They don't like the cloud. SailPoint and One Identity Manager both have on-prem solutions, so I am focusing my comparison on them.
I have also worked on cloud-based solutions but they have their challenges.
What other advice do I have?
For enterprise-level administration and governance of users, data, and privileged accounts, One Identity Manager is average. Its privileged account management is lacking in capabilities. You have to integrate it with various other PAM tools and only then can it be used for that.
One problem with almost all identity managers today is that the implementation is based on certain information. After that, if certain big changes happen in the organization, you have to reflect all of those changes in the identity management solutions by doing certain customizations or implementation activities. That takes a good amount of time. That complexity is present in almost all identity managers today. It is not very quick when it comes to making changes.
Regarding Zero Trust, that is a buzzword as well as a big word. One Identity Manager alone cannot achieve an identity-centric Zero Trust model. It has to start at the network level through the identity management level, and we have to integrate it with multiple different solutions. We have not achieved Zero Trust for any organization yet.
One Identity Manager is mostly suitable for identity governance capabilities but is not that suitable for access management or privileged account management. If you are evaluating this product for access management or privileged access management, you should not go with it. If you want a governance product, go ahead and use this one.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
One Identity Manager
June 2025

Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.
Senior Manager / IAM Evangelist at a tech services company with 201-500 employees
Helps streamline application access decisions, and when granted, access is automatically provided to target system
Pros and Cons
- "Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments... Doing that in One Identity Manager is a very simple task and it is very well organized."
- "End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes."
What is our primary use case?
The use case is like any other identity management solution: to provision and de-provision software accounts and entitlements for new hires and terminations, and to update name changes, leaves of absence, and those kinds of business cases. The goal of the tool is to automate processes of updating or modifying user access.
How has it helped my organization?
One Identity Manager is going to improve your CIS standards, or any other security framework, because it going to help automate account management and entitlement management. It's going to help organizations run a certification campaign and implement role-based access processes.
It also helps consolidate procurement and licensing. You can configure the tool to track cost-center expenses or licenses of software assigned to users' workstations. Typically, One Identity Manager is not used for that purpose, but it has those capabilities.
Another benefit is that it helps streamline application access decisions, application compliance, and application auditing. You can implement a request process for onboarding of any application, meaning a user can request access to an application and it will follow a workflow approval process and the request can be approved or denied. Once access is granted, One Identity Manager will provide access automatically to the target system. You can also define certification campaigns to recertify access for users. On top of that, you can configure segregation-of-duty rules.
In addition, if the application owner has all the information or the criteria to make a decision—i.e. all these users need access to my application, and all these users don't need access—we can integrate that application within One Identity Manager and enable a request engine process for that application. For example, if a new employee needs access to that application, they need to submit a request for access and the approval process will be directed to the application owner. The application owner can approve or deny access for that person. In that way, the entire decision process belongs to the application owner and not the IT department.
One Identity Manager can also help achieve an identity-centric Zero Trust model. You can configure the tool to identify the different departments, call centers, and locations to give them the minimal permissions necessary to perform a task. Furthermore, if you have critical access or entitlements that need to be recertified, you can run a certification campaign against an Active Directory group or Google group or SIP entitlement to recertify that these entitlements in Active Directory, for example, are assigned to these 20 users. You can then ask someone to certify this critical group and determine if all 20 users are still needed. If the decision-maker denies access to some of those users, the tool can remove the access automatically. It definitely gives you that flexibility.
What is most valuable?
It helps in managing SAP. There is a connector that you configure with the tool and it helps to provision accounts and assign roles or permissions in SAP. If there is a disconnected SAP application and you want to bring it on board, One Identity Manager gives you the tools to do so.
One Identity Manager connects SAP accounts to employee identities under governance. Although each organization is different, what is typical in some organizations is that it is important for them to meet security compliance regulations like CIS controls. They use the solution to meet those requirements.
In addition, healthcare companies have to be HIPAA compliant. One of the HIPAA rules is related to terminations. They need to make sure that every user or employee who is terminated is denied access within 24 hours. One Identity Manager helps you to implement that kind of case. If we connect One Identity Manager with the human resources system, we can read the employee's end date and automatically disable access for that user in less than 24 hours. In fact, we can disable the employee, once we have connected to Active Directory, in five minutes or less.
One Identity Manager doesn't have a privileged access management model but we can create one. A robust solution is based on the Windows platform. To address this use case you need a SQL Database and Microsoft Internet Information Services. If your organization is a Windows environment, One Identity Manager is a good option for your company.
In terms of the user interface, Quest, the vendor, follows up-to-date web standards for development. Currently, they are moving to implement Angular as a framework to implement end-user UIs. As a result, end-users will see a pretty nice website, a web portal where users can approve requests, submit password changes, or submit new requests. Also, if there is a certification campaign running, the web portal is very user-friendly. The manager can log in and see items that need approval or denial. The current version is designed to support mobile, tablets, and web browsers.
We also make use of One Identity's business roles to map company structures for dynamic application provisioning. That is a very important feature because most companies want to implement role-based access. Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments. For example, if you know all the people in your sales department, you can configure a business role so that anybody who is a new hire in that department will get certain accounts or certain access or certain groups in different applications. Doing that in One Identity Manager is a very simple task and it is very well organized.
The product can also be extended to support any of the SaaS or PaaS applications on the cloud. Nowadays, identity manager solutions are focused more on managing of identities and entitlement access on-premises. But companies are moving to the cloud and it has become very critical for solutions to start handling user accounts and permissions in the cloud. One Identity Manager is specifically a product that is moving in that direction and providing connectors to the cloud. It's a gap that needs to be closed and not many providers are investing in that. I've been implementing One Identity Manager for 12 years and I still haven't seen any other company doing cloud identity management, 100 percent. Hopefully, next year and in the following years, more companies are going to start adopting that technology.
And whenever you implement test, dev, and production servers, it will help minimize gaps in governance coverage among them. Using the solution you can connect and configure users in production, but if you configure dev or test instances, you should absolutely be able to handle ID and governance access for those applications.
What needs improvement?
End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes.
There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.
For how long have I used the solution?
I have been implementing the solution for about 12 years.
I don't use the solution as an end-user, I just implement it as a consultant for multiple companies. When a company wants One Identity Manager, I gather requirements, do the design, implement the solution, and train people on how to use it.
What do I think about the stability of the solution?
The product is very stable and performs well for medium-sized organizations with fewer than 200,000 users. For organizations with over half a million identities, there are some performance issues that have been found in previous versions, issues that affect the end-user experience. For example, if you run an attestation cycle or a request for a deployment with half a million identities, the system becomes a little slow in processing end-user requests to refresh a page, because of the amount of data.
Once you go into production and you have a stable system, you have it for a year or two, as long as there is no major issue that you find in your deployment, something that can be fixed in the next release. Typically, customers have the same version for one or two years before they decide to do an upgrade. Going through an upgrade to the next version means a lot of production testing of your current implementation.
What do I think about the scalability of the solution?
The scalability is very good. You can scale the application job servers or web servers. They are very easy to scale. Once you have identified your gap or your need for scaling in your current deployment, it's just a matter of adding a new server, configuring it, and you're done. It's highly scalable.
How are customer service and support?
The only advantage of their Premier Support is that you have an agent from the vendor assigned to your account, someone you can contact for any kind of product updates or fixes. That person will also tell you, "Hey, the next release is coming and these are the new features, these are the hotfixes." You get the added value that if you open a support ticket with them, your Premier Support agent will try to get a response a little sooner than usual.
How would you rate customer service and support?
Neutral
How was the initial setup?
The deployment is in between easy and difficult. On a scale of one to 10, where 10 is "easy," it's an eight. It's not difficult to implement and use the out-of-the-box functionality. I can have a company running in two weeks, including connecting the tool with Active Directory and creating and updating users.
When a company wants more customization, that is when it starts getting more complicated. But if a company is looking for basic use cases and not too much customization, from the start of gathering requirements, though deployment in production and Active Directory, could take three to four weeks. That is fairly simple.
You have the option of deploying the solution on-premises or in the cloud or using Quest's cloud. The solution requires application or database servers in a web server. You can deploy it on-premises or, if you have Amazon or Azure components, you can deploy the solution there. And Quest, as a company, offers cloud services, where you pay for a One Identity Manager instance with the number of users you need, and they will do the installation and configuration for you, and they will take care of all the technology. You then just need to implement your use cases. So there are three options: On-premises, where the customer handles all the servers, in the cloud, where the customer handles all the servers, or through Identity Manager on Demand, where Quest manages all the infrastructure and servers and the customer just implements the business cases.
The number of people involved in an implementation depends. I have led teams of two people and teams of 20 people. I have implemented the solution for companies with 10,000 users and I have done an implementation for a major company with about half a million identities. For that instance, we had 10 dev servers and 20 people involved, including developers, testers, project managers, et cetera.
At the very least, when the vendor releases hotfixes every three or six months, you will need to do maintenance if there is an issue with your implementation that has been addressed in that release. Typically, customers do upgrades once a year to the next version. But the solution doesn't require a lot of attention.
What other advice do I have?
My advice is to review your business cases and try to use most of the out-of-the-box features of the product, instead of asking a consulting company to customize the solution. Adding customizations will add some burden when you need to upgrade to the next version or make changes. They will increase the chances of failure and your progression and smoke testing. Try to reduce the amount of customization with this tool.
When it comes to customizing One Identity Manager for particular needs, it's like any other tool. When the tool is implemented we try to push customers to use all of the functionality. If there is a need to customize, on a scale of one to ten, where ten is easy, customizing it is a seven.
And as a tool, on its own, it does not create a privileged governance stance to close the security gap between privileged users and standard users. It needs to be integrated with another product. One Identity Manager does the user provisioning, de-provisioning, and access requests and management. But if you want a full integration with a PAM solution, Quest has a different solution called One Identity Safeguard. Safeguard is the solution for privileged access management and can be connected with One Identity Manager. By connecting the two tools, you can keep track of the submission of requests with One Identity Manager and the fulfillment of the requests in the privileged access management tool, which is Safeguard.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
IDM Senior Engineer at a tech services company with 1,001-5,000 employees
Provides good performance, has a nice appearance, and helps minimize governance
Pros and Cons
- "The most valuable features are the behavior, configuration, and customization options."
- "Using dynamic business roles can degrade the performance of One Identity Manager."
What is our primary use case?
We utilize One Identity Manager to manage the employee lifecycle, provision user accounts, administer numerous systems, and maintain a web portal.
How has it helped my organization?
One Identity Manager's ability to consolidate tools helps simplify the administration process.
I would rate the UI nine out of ten. The performance and appearance have improved since the new portal was implemented.
With my experience and the help of the user community, customizing One Identity Manager is not difficult.
The business roles feature is easy to use.
We see the benefits of One Identity Manager within weeks of deployment.
One Identity Manager helps minimize governance gaps between test, development, and production servers. An administrator's experience typically correlates with increased ease of use.
One Identity Manager simplifies the process of determining application access. Integration is straightforward for standard systems like Active Directory or Exchange, but connecting custom web applications requires developing a connector, which is time-consuming but manageable for experienced programmers.
What is most valuable?
One Identity Manager is more reliable than other identity managers. The most valuable features are the behavior, configuration, and customization options.
What needs improvement?
Using dynamic business roles can degrade the performance of One Identity Manager.
I would like to have better documentation for configuring other Microsoft systems.
For how long have I used the solution?
I have been using One Identity Manager for almost four years.
What do I think about the stability of the solution?
One Identity Manager is stable. If it crashes, it is due to human error, not the solution itself.
What do I think about the scalability of the solution?
One Identity Manager's scalability depends on the use of other Microsoft systems, such as SQL and Windows servers.
How was the initial setup?
The deployment is straightforward. The deployment takes between one and two hours and requires one engineer. The overall implementation requires a team consisting of an architect, an analyzer, one or two programs, testers, and an engineer.
What about the implementation team?
We are integrators who implement One Identity Manager for our customers.
What other advice do I have?
I would rate One Identity Manager nine out of ten.
In most cases, the customer doesn't need to do any maintenance.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cyber Security Analyst at a tech services company with 10,001+ employees
A single platform that is customizable and user-friendly
Pros and Cons
- "One Identity Manager's account creation feature stands out as its most valuable functionality."
- "I would like One Identity Manager to offer an easier way for users to learn to use their new features."
What is our primary use case?
We operate in three regions and use One Identity Manager for identity governance.
How has it helped my organization?
One Identity Manager enables us to manage SAP systems efficiently. We can configure user settings and assign global and business roles, adding them to the directory regardless of their account activation status.
One Identity Manager integrates SAP accounts with employee identities. We can create accounts by importing job data into the server. However, if an employee's data is missing, we must input it first to create their profile.
One Identity Manager provides a single platform for enterprise-level administration and governance of users' data and privileged accounts.
The interface is intuitive, displaying all employee details and allowing for direct edits after account creation.
Customizing One Identity Manager is easy to do.
One Identity Manager allows us to manage business roles, including adding and removing them through the deployment flow sheet.
One Identity Manager is user-friendly, offering both ease of understanding and management. From a central console, we can apply both business and referral roles.
One Identity Manager helps to make procurement and licensing easier.
One Identity Manager helps us achieve an identity-centric zero-trust model.
What is most valuable?
One Identity Manager's account creation feature stands out as its most valuable functionality.
What needs improvement?
I would like One Identity Manager to offer an easier way for users to learn to use their new features.
For how long have I used the solution?
I have been using One Identity Manager for two years.
What do I think about the stability of the solution?
One Identity Manager is stable.
How was the initial setup?
The initial deployment of One Identity Manager was straightforward. We have three environments where we deploy the load sheets to servers in a top-down approach. For removal, we follow the same procedure in reverse order.
What other advice do I have?
I would rate One Identity Manager nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
CEO, Executive Advisor (CyberSecurity IAM) at 8x8 Cybertech
Powerful, customizable, and works very well with the SAP environment
Pros and Cons
- "One Identity Manager connects SAP accounts to employee identities under governance. The connector from One Identity for SAP is the most powerful one in the market. This connector can touch all the levels of the objects in SAP. It can not only be connected to SAP ERP but also to SAP HANA, GRC, etc. One of the strengths of One Identity Manager is the SAP connector. You can touch a lot of the SAP environment and also have deep granularity."
- "It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side."
What is our primary use case?
In terms of the use case, the traditional use case related to IAM is to synchronize the accounts to the user ID.
Most of the time, we connect it to Active Directory, Azure AD, SAP One, and one or two other systems at the first stage of the project. At the next stage, we start to integrate it with other systems.
My company is an integrator and a partner. I am not the final customer. I deliver solutions to our customers. I also have other solutions in my portfolio, but my strength is Identity Management.
How has it helped my organization?
One Identity Manager delivers SAP-specialized workflows and business logic.
It provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts.
The user interface is not a big problem nowadays. About 10 years ago, it could have been a problem, but now, it is easy to do proper localization in Portuguese, Brazilian Portuguese, and Spanish. We have multiple language support. Of course, it is not yet 100%.
When it comes to customization, we need to model the business rules for customers. Every customer has different business rules. For a similar use case, you can have different business rules. I split the ability to model that into two categories. There is the ability to do the parameterization, and there is the ability to do customization with coding, which can have some risks.
One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers.
It also helps to create a privileged governance stance to close the security gap between privileged users and standard users.
One Identity Manager helps consolidate procurement and licensing. One of the valuable use cases that this solution provides is to take care of the licensing for some of the applications.
One Identity Manager helps streamline the following aspects of application governance: a) application access decisions; b) application compliance; and c) application auditing. We can deliver a use case where when a user requests access, the user may receive a warning that the access being requested conflicts with some other access that the user may already have. We can now model the SOD rules to validate a request when it is made. It is very important to be able to use One Identity Manager to do this kind of validation at the time of the request.
One Identity Manager enables application owners or line-of-business managers to make application governance decisions without IT. We can model that kind of personas, participate in the process, and make some decisions in the workflow process.
One Identity Manager helps to achieve an identity-centric Zero Trust model. That is a very strong use case of One Identity Manager. They claim that they are the only vendor that can deliver the Zero Trust model or Zero Trust architecture for identity, but I do not know if they are the only vendor.
What is most valuable?
One Identity Manager connects SAP accounts to employee identities under governance. The connector from One Identity for SAP is the most powerful one in the market. This connector can touch all the levels of the objects in SAP. It can not only be connected to SAP ERP but also to SAP HANA, GRC, etc. One of the strengths of One Identity Manager is the SAP connector. You can touch a lot of the SAP environment and also have deep granularity.
What needs improvement?
It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side. There can be more documented templates where you can take a piece of code and deliver a specific use case. I cannot find that in the documentation. Sometimes, you can go to the community, and sometimes, you have to use their support.
What do I think about the stability of the solution?
If you implement it properly and finetune it, it is very stable.
How are customer service and support?
I have used their Premier Support. It is called PSO. It is very easy to book an appointment. You can use the calendar to find a slot. You can take half an hour or one hour. Once you are connected, the guy knows it is very important. Based on my experience, they were able to provide the resolution and tell me about the button that I needed to hit and what I needed to do. At that time, I asked them why it was not documented, and the answer from the PSO was that for specific matters, they wanted us to contact PSO.
I prefer not to involve PSO because the prices are huge. We try to avoid it. When I need to involve PSO, it adds value, but it is very expensive. Whenever I involved PSO, I got the answers I needed within the time in which I needed the answers. I would rate them a ten out of ten.
Premier Support has not been an influence in purchasing additional licenses or products from the vendor.
How would you rate customer service and support?
Positive
How was the initial setup?
I never implemented the SaaS model because of the pricing. My experience is for on-prem.
Its implementation is easy for me, but it is very complex for those who are doing it the first time. It is not straightforward. They do provide documentation, but it is not easy. I usually build my documentation and enable my team. After that, it is easy.
What about the implementation team?
For its implementation, one project manager and two more people are required. One is senior, and the other one is of intermediate experience. Sometimes, developers are also required for customization.
We licensed it from a distributor. In Brazil, it is not possible to directly license One Identity. The distributor's name is ADISTEC. We did not take their help with implementation. We implemented it ourselves. They help me with other solutions but not with One Identity because it is very specific. In Brazil specifically, I do not have resources to help me with implementation. Quest in Brazil has a structure only for commercials. They do help with presale but for implementation, I do not have any kind of help. I usually take the help of the YouTube channel, the official documentation, and the community. We are pretty much doing everything ourselves.
The maintenance usually involves changing the logic, roles, or workflows. After the sign-off for the implementation, I also provide sustainability services where I take care of any problems and also contact the vendor. I also help with the environment and sometimes help implement a new connector if it is easy to implement or is a native connector from an API, for instance. I take care of the sustaining phase issues where we are not installing everything again. We are doing a little bit of parameterization. These services are helpful for revenue and important for our business.
What's my experience with pricing, setup cost, and licensing?
Its price is okay.
What other advice do I have?
Overall, I would rate One Identity Manager an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner and Reseller
Works
Efficient application governance, robust documentation, and offers responsive support
Pros and Cons
- "The portfolio view simplifies this process, eliminating the need to check through Tableau or other tools."
- "I would like them to enhance the search functionality to enable faster processing when looking for objects."
What is our primary use case?
The primary use case involves overseeing comprehensive identity and access provisioning, along with managing the onboarding and de-provisioning processes for users. This includes orchestrating the creation of new projects, conducting simulations, and ensuring synchronization between a core solution and other target systems.
How has it helped my organization?
We utilize One Identity Manager to assist in SAP management. When connecting to an SAP target system, the synchronization of data is facilitated. Following the data sync process, all users can be reviewed within One Identity Manager under the SAP user tab. Furthermore, this tool allows us to publish data seamlessly from One Identity to various target systems.
Identity Governance and Administration is particularly beneficial for addressing the complexities associated with managing SAP, especially when dealing with aspects like transaction code (t-code) profiles and rules. It's important to note that while One Identity Manager doesn't specifically handle t-codes, it does provide functionality through the manager for managing files, rules, and other relevant features associated with transaction codes.
I haven't observed specialized workflows or specific business logic for SAP in One Identity Manager.
One Identity Manager serves as a consolidated platform for enterprise-level administration, offering governance over user data, privileged accounts, and related aspects. It's particularly effective in managing privileged accounts. By incorporating the manager, administrators can easily assign resources, facilitating the seamless management of admin accounts. The available features within the manager enable the creation of special identities, such as admin accounts.
The user experience with One Identity Manager is excellent. It's highly user-friendly, with well-organized features that make exploration intuitive. Everything, including account definitions, is easily accessible in the manager module. You can efficiently check the status and associations of objects, such as which projects or other objects are linked to a specific one.
Customizing the manager to meet our specific needs is crucial, as there are some limitations tied to factors like database performance. These limitations are often dependent on the volume of data being imported or synchronized. It's important to note that the platform's performance can be impacted when dealing with a high volume of data, potentially leading to degradation in performance.
I've utilized the Business Roles feature to map company structures, and it's a highly valuable tool as it allows you to define a set of rules for various markets. This feature facilitates logic and rule sets associated with market specifications. Under the business roles section, you can easily identify how markets can request access through IT software products and sales tools. Each business role is linked to specific SAP roles, creating a layered structure. This functionality simplifies understanding of the connection between SAP roles and business roles. If you're searching for a particular SAP role, you can efficiently locate it within the corresponding business role and vice versa. The platform also makes it easy to check mappings, and if new business roles need to be created, the process is streamlined within the Manager.
The Manager aids in reducing governance gaps among Test, Dev, and Production Servers. By synchronizing data monthly from the production system to the development and sandbox environments, this approach effectively minimizes any potential gaps in governance coverage.
It assists in streamlining decisions related to application access.
It does not include features for application compliance and auditing. Application auditing is not a capability provided. We do have Application rules in place, and for auditing, we utilize the attestation feature available in the Manager. However, it's important to note that managing the entire application is not within the scope of the tool.
What is most valuable?
In the Manager tools, my favorite feature is the ability to obtain a comprehensive overview of any user efficiently. The portfolio view simplifies this process, eliminating the need to check through Tableau or other tools. Another significant advantage is the quick and easy creation of mappings, roles, and IT configurations for various products within One Identity Manager. This feature stands out as a valuable and time-saving capability in the manager tools.
In our Governance and management tool, One Identity Manager plays a crucial role in connecting SAP accounts to employee identities. This integration ensures that all identities are linked to their respective employee profiles. This connection is of utmost importance because if, for instance, a login is enabled for a specific user, maintaining a consistent ID becomes essential. With One Identity, this process becomes seamless, allowing the replication of related attributes across all relevant systems and ensuring a cohesive identity management approach.
What needs improvement?
I would like them to enhance the search functionality to enable faster processing when looking for objects. Ideally, the system should automatically identify relevant entries and promptly present the results, eliminating the need for users to input search criteria each time they look for specific objects.
For how long have I used the solution?
I have been using it for the last six years.
What do I think about the stability of the solution?
I would rate its stability capabilities eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability abilities nine out of ten.
How are customer service and support?
Whenever we require support from One Identity, we initiate a service request, and the support team is readily accessible. They typically respond within twenty-four hours and effectively assist us with any issues we encounter. The support from One Identity has been reliable and responsive. I would rate it eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment was straightforward and smooth, mainly due to the clarity provided in the installation guide. Following the step-by-step instructions outlined in the documentation from the One Identity solution made the deployment and setup process very simple.
What about the implementation team?
With the assistance of an architect, I managed the deployment process by completing just the configurations for the initial installation of One Identity. Maintenance during deployment is essential, especially when there are significant changes and script modifications aimed at improving performance. System maintenance is a necessary step in ensuring optimal functionality, and we routinely undertake these tasks.
What other advice do I have?
The system lacks the capability to empower application orders in the line of Business Management to independently make governance decisions for applications without requiring IT involvement.
It did not assist us in realizing an Identity-centric Zero Trust model.
I recommend that individuals working with this system should possess some knowledge of Microsoft SQL and be familiar with server configurations. A good understanding of SQL servers can simplify the process of comprehending and managing cloud repairs. I would rate it nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
COO at a comms service provider with 11-50 employees
Seamless user experience, excellent intuitiveness, and offers a good integration with SAP
Pros and Cons
- "The solution offers good integration with other environments such as SAP and Active Directory, et cetera."
- "It’s not something you get from the beginning. It’s not like Windows. It is more complicated. You need to know a few things from the back end, however, as you learn it, it becomes easy."
What is our primary use case?
We use the solution for managing identity access in a production company with nearly 6,000 users and more than 10,000 employees.
How has it helped my organization?
The main benefit is that it makes it easier to comply with GDPR. It makes it much, much easier. Also, it helps with data privacy and everything. It reduced the workload on the help desk and other departments that deal with user access and provisioning providers for users.
What is most valuable?
The solution offers good integration with other environments such as SAP and Active Directory, et cetera. We are managing access and managing all the provisioning of user access and accounts.
We manage the product to help manage SAP. The solution is okay for providing an enterprise view for the management of logically disconnected SAP accounts. It is quite complicated since SAP has quite a structure for these roles and accesses, however, it is quite manageable in One Identity and it is well supported with proper support from our external provider. We finally managed to make it perform. It is now working well.
One Identity Manager connects SAP accounts to employ identities under governance. This is important. We had it implemented before only based on requests without active-active connection. There were quite a lot of non-matched users, and what happened a lot was that we would have users who had left the company and were still active in SAP. So now when a user leaves the company it’s not an issue. Also, the SAP account is already provisioned. This ensures data protection and the privacy of users and everything.
If I were to assess One Identity Manager for providing us with a single platform for enterprise-level administration and governance of users, data, and privileged accounts, I’d rate it highly. From a rating of five, I’d rate it 4.9.
The solution's user experience and intuitiveness are good. It’s extensive.
How easy it is to customize really depends on the level of desired customizations. There are some customizations out of the box while others require quite a lot of coding. In that case, I’d suggest a person uses support or gets external support.
What needs improvement?
You do need to learn it. It’s not something you get from the beginning. It’s not like Windows. It is more complicated. You need to know a few things from the back end, however, as you learn it, it becomes easy.
For how long have I used the solution?
I've used the solution for four or more years.
What other advice do I have?
I'd rate the solution nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Popular Comparisons
Microsoft Entra ID
SailPoint Identity Security Cloud
Omada Identity
Fortinet FortiAuthenticator
ForgeRock
CyberArk Identity
One Identity Active Roles
Microsoft Identity Manager
SAP Identity Management
Oracle Identity Governance
OneLogin by One Identity
EVOLVEUM midPoint
OpenText Identity Manager
Symantec Identity Governance and Administration
Buyer's Guide
Download our free One Identity Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which one is best: Quest One Identity Manager or Forgerock Identity Management
- Looking for an Identity and Access Management product for an energy and utility organization
- Which Identity and Access Management solution do you use?
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- What are some tips for effective identity and access management to prevent insider data breaches?
- Which is the best legacy IDM solution for SAP GRC?
- Sailpoint IdentityIQ vs Oracle identity Governance
- OpenIAM vs Ping identity
- When evaluating Identity and Access Management, what aspect do you think is the most important to look for?
- What access management tools would you recommend to help with GDPR compliance?