One Identity Manager Reviews

It manages our Active Directory and SAP user accounts according to HR data and assigns permissions via request or rules.

We create business roles with permissions in different systems and employees can either request those bundles or get them automatically via rules. User creation in all connected systems has been automated. Employees can request permissions through the IT Shop, their manager and permission owners approve the request and the system assigns it - we don't have to wrangle with excel lists of permission assignments anymore.

It is very flexible and adaptable to our needs and the ootb features are also quite comprehensive. The overview sheets are great.

Make logging and debugging easier to find, I never quite know which log to turn on for which use case (just for my tools, for the job service user, etc).

Setting up permissions inside the admin tools could be easier, maybe have some roles already created and configurable, like helpdesk needs to view persons, accounts, requests, but not change anything, maybe be able to set delegations etc. 

More than five years.

Had no major problems. Support is great and quick to help.

Technical support is usually great.

We had a vb script for Active directory user provisioning from HR data. It was outdated and prone to errors. We wanted one solution that could manage Active Directory and SAP accounts.

The initial setup was complex because the product is complex, there's usually more than one way of doing something. It's a steep learning curve. Our project didn't leave lots of time for our internal admins to familiarize themselves with the tools. Support was a great help in the first few months after it went live and without a consultant...

For the migration from 6.1.4 to 8.0.1 we used IT Concepts. Migration went smoothly as our expert and theirs worked closely together.

Provisioning users and permissions has been automated. The IT shop helps spread the load of permission requests and IT personnel can focus on other things than manually assigning those permissions in various systems.

We looked at a few different solutions. Most of them were better suited for only one target system and some had poor add-ons for the other targets we needed. OIM seemed the most balanced and also has connectors for other targets we were planning on using.

The primary use case is to handle identities.

We have seen a slight reduction in help desk calls, as this solution is a self-service product.

• To get an overview.
• To get a good structure.
• To get a good automation process.

The tool to develop the web portal needs improvement.

We are pushing out a cloud strategy, but running this on-premise solution, and do not know what steps to take.

The stability depends a lot on the infrastructure, but it is pretty slow. For us, it is stable, but slow.

I haven't used the technical support yet.

We are using a self-built solution. It would cost too much to get that up to the standard of what we need. In the long-term, it is cheaper to buy a solution that has what we need. Though, we are still running the previous solution, as we are still in the implementation phase. One Identity Manager is very limited in what we have live; we are not using it fully yet.

The initial setup was complex. It is an extremely complicated thing to replace an entire self-built solution.

We are using an implementer for the deployment.

Think through what is most important and your strategy, especially your cloud strategy. Look at the different competitors in the market, including this one.

Our cloud strategy is impacting what we decide to roll out.

We have not implemented the privileged account governance features yet.

We implement One Identity Manager for our customers.

It has helped to simplify compliance. We have multiple customers who now have a full overview of their accounts and users. They can use the reporting for GDPR compliance or accounts retention.

Flexibility: It has many features which can be combined and configured in a great way, then put together in projects and ways that developers didn't think were possible, which has been great.

The policy and role management features are very powerful and useful for our customers. You can do anything there.

The privileged account governance features are great from the overall governance look, the things which you can do with it, and the results that you can achieve from it.

The UI and user experience side of things needs improvement.

It is very stable. It has been running for years (for our customers). Even if it bugs up at some point, it is rather fast to fix and easy to get going again.

The scalability is very good. It scales well for companies, from small companies to very big ones worldwide.

The German technical support is great. We are a German partner, and we find them knowledgeable and fast, as they do their thing.

The complexity of the initial setup depends. While it's fast and easy to set up initially, the complexity can come once the solution starts to grow.

We have implement the following for our customers:

• SAP
• Cloud IT strategy.

Compare all the solutions and all the things that you can do on them: How easy you can set it up and how fast it can grow. Because identity management will grow with you, and you have to have a product which can grow with your organization.

We use it to control identity and access management in our company.

It has helped when people need access somewhere. It makes it much faster to grant user access. I used to be the one who gave everybody their rights and it took me a few days per week to do it. Now, it's just pressing a button. It's a huge time saver. I don't have to create the users in AD anymore.

All of the systems that we use are in Identity Manager, we didn't have that before. It was hard to even say what kind of systems we were using. Everybody had their own system. When somebody said, "I need to get access to that system," everybody often answered, "Oh, what system is that? Do we have a system like that?" Now, everything is in the same place and they can access so much more, and it's easier to get access.

The solution has also helped to very much simplify compliance. By law, once a year, we have to check what kind of access our users have. For compliance, they can look at everybody's rights because they can see them from Identity Manager. They can look at what kind of rights and access people have and get reports easily. It was very much harder before when we had to make Excel lists.

It has also helped to notably reduce helpdesk calls. Before we had Identity Manager, people called a lot. Now they don't call that much anymore about needing access to something. They can get access, themselves, from the IT shop.

Nobody has to put people in AD groups by hand anymore. It goes automatically and that's very good.

It's also very flexible. It's quite easy to customize and we have customized it a lot. There are many features already in it that you can choose from but you don't have to use everything. You can use just a few features and leave things out.

I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. 

For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.

It has been stable. We haven't had many technical problems at all. Maybe there have been some small issues, but not anything that has been affecting my work. The performance is okay. It works quickly and is stable.

We speak to our consultants. They are our technical support.

We had something we built ourselves, but it was not integrated with anything. It was mostly just a list. 

When the world is changing and getting more technical, people need more access and we needed the ability to check what kind of access people have. There are all the GDPRs and other things that involve our company. We also thought it would be nice to have some automation for AD. I was literally creating people in AD and giving them rights to different places, putting them in AD groups. It was wasting time and, when a person does it, there are probably mistakes and you're not always sure what's happened. There's no tracking of who did what. Now we can track everything.

That initial implementation was a long process. It took about two years from the time we decided to take the product until we had it in production. There was a lot of fixing and thinking and configuration.

Overall, there were about ten people involved in the implementation, but we have two developers who work actively in developing it at our company. And we have about two-and-a-half people who actually work with it.

Upgrades take a while. The last upgrade we did was from version 6 to 8, when we migrated. It wasn't that difficult. It took time but we prepared properly for it, so it went very smoothly. That migration took a weekend or three days, but the preparations were over the course of many months.

We had a lot of customization in version 6, and we had to clean that up so that version 8 would work smoothly and without problems. Then, we changed our consultants as well, so we had new consultants for version 8. They knew the code better and they told us we had a lot of faults in in version 6 that we needed to fix before version 8 because they wouldn't work in version 8 anymore. We cleaned up a lot of systems and users so that we wouldn't take a lot of garbage with us to the new version.

There were two people who did the migration and they had to learn a lot about how to do it. Then we did testing in version 8 to see how everything was working. In the future, the work involved in upgrading will probably be much less because there won't be that big of a gap. In this case we had to first migrate from 6 to 7 and then 7 to 8. It was a very long process, a big project. I don't think we will do that again. I think we will upgrade with smaller gaps in the future, to make it easier.

We looked at one other vendor, but it was some time ago. It might have been something from Microsoft. I don't think we looked at it that seriously because, as I remember, we decided on One Identity quite fast.

It's very good to have a system that handles access rights and a system that you can automate with a lot of other systems like with LDAP and Active Directory. You can probably integrate it with other things as well. For us, it has been a very nice product and we are very happy with it.

The advantages come with many other things that need to be done to use Identity Manager. It takes time to create things and get new systems and features running and to teach people how to use it.

We've heard about the privileged account governance features. We haven't yet started using them but I think we will soon.

Overall, I would rate it at nine out of ten. There are always things to improve on, nothing is ever perfect. I like the product and I think it's nice to work with, but I don't do that too much technical stuff. For everything I do with it, I think it works fine.

We use it to make requests and show the information that the users have, as well as for attestation.

It saves us time and has increased employee productivity when it comes to provisioning users or systems. It has changed the way things are done, and people who had been doing manual work are doing something else at the moment.

We now have standard processes, the whole flow when a new user comes in; what happens and when. It's always done in exactly the same way. We know that it goes from start to finish in a certain way and we can be sure that it's done in the correct way when it's automated. The master data is always used in the same way.

It has also impacted our cloud IT strategy because we have to be there to manage the user accounts and all, in that environment. That's on-going work at the moment. We haven't implemented or started any processes in production yet.

In addition, it has helped to reduce helpdesk calls, according to the information that we have seen.

For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems.

We are familiar with the policy and role management features and we are using some of them. They are very hard to define, but they are also very powerful in a way. You have to define them clearly before you start using them.

One Identity Manager is also flexible. If it doesn't have a feature that you want, out-of-the-box, you can customize it by creating scripts or modifying the schema. But you usually need consultants to do the job.

This is getting at really detailed functionality, but the system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people. That's an issue for us at the moment.

I would like the ability to have different user accounts and to have a flexible way to order things. For example, if you have a domain with a lot of sub-domains, for the end-user it should be easy to order to these other environments. But you would have to have sub-identities. We have tried to create different kinds of solutions for this.

This version, version 8 has been working fine. Version 6 was horrible for us. The performance wasn't good at all, but our experience now with performance and stability is good. We are happy now.

When it comes to adding other users or a growing environment we haven't had any issues. At the moment, at least, we have been able to add features and functionality, and everything has worked fine.

We have only used technical support through our partner/consultant company. We haven't been in direct contact with One Identity. Everything has been okay. 

We had a solution that was built in-house before we migrated to One Identity. The old solution didn't have the automation features and provisioning features the way that this product does. The old solution was more manual with a lot of built-in scripts. It was hard to maintain or to create extra features.

Our initial setup was about three years ago, but we did the migration from version 6 to 8. That was almost the same. It was a really big project, or it felt like it.

The initial go-live for the product overall was over one weekend, but the work before that took a year. There were ten people involved during that weekend. We had some time-outs during that year though, because there were some other big projects.

The setup was complex because we did a lot of things. It wasn't only our project, because it was HR and the organization. It was not only the technical part, "next, next, next." It included changing the processes and standards in the company overall.

In terms of our implementation strategy, we added a totally new HR program, to get the master data up and running and correct. And then, of course, we had to work on how the organization is defined and have master data for that, and the roles to be used and the master data for that. And we had to get overall processes standardized.

There are two-and-a-half people working on the solution now, doing daily maintenance.

We had a partner, Infragen, do the integration. Our experience with them was good. They did good work and we had good cooperation, overall.

The managers are satisfied when things are automated, when people are coming in or going out, because they don't have to do the work. They just contact HR and it's automated from there. People know that it's one place where you can do everything: make the request, the attestation side, and compliance is also automated and in one place. That's what people want.

Microsoft was one of the solutions we looked at, as well as some small Finnish companies. We went with One Identity because of the features. Somebody had already made the stuff that we needed, the functionality that we needed was there and didn't require so much customization. And the partner that was able to give us the solution was also a factor in our decision to go with One Identity.

Keep the scope small in the beginning, so you don't do too much. Go live and then add more features on the way because, otherwise, it can go on for years, and you never get anything done. Also, don't start to customize features too much. Try to use what comes out-of-the-box and try to implement it that way. Somebody has thought of these things already. In most companies, a lot of these things are probably done in the same way.

I would rate One Identity Manager at eight out of ten. There's always room for improvement, but I'm pretty satisfied.

Our primary use case is to control access to our open source Unix and the app store games. This is a banking organization, so you don't want to give all of the rights to one person.

Using this solution means that our engineers do not need to log in to a domain controller as frequently. Rather, they can log in using One Identity and perform all of the administrative tasks. This is beneficial from a security perspective, and also helps to complete the task in the least amount of time.

It provides Authentication services and integrates Active Directory for open source operating systems.

The most valuable feature for me is the built-in security, which is the best that I have seen. The interface is also very good.

My only complaint about this solution is the price, as I think that the cost of the full user license is a little high.

A feature that I would like to see is a mobile app that provides users the ability to make changes or add users to the Active Directory on the fly.

Three to five years.

I would rate the stability of this product a nine out of ten. This is the only tool that will comfortably help you work with Active Directory in other solutions. 

It is scalable across infrastructures. It works with Windows, open source operating systems, and covers almost everything that you need. We have more than 4,000 users in this solution. Our organization keeps growing, so our base will forever be increasing.

To this point, we have not had to reach out to the solution's technical support.

Prior to using this solution, everything was done manually. Security was at risk of breach and we thought that we needed to be compliant.

The setup of this solution was simple and straightforward. Any admin can do it by looking at the whitepaper.

The process of deployment took approximately one month. However, that is not because the process is complicated or time-consuming. In our case, being in banking, there are a lot of policies and processes that have to be followed before implementing a new solution.

One Identity does what we need it to do, so we do not require any other plugins or packs to run our solution. 

One Identity sells everything that is required to deploy. We directly deal with them and do not use a vendor or a consultant.

There is a one-time licensing cost, and there is also a yearly subscription fee. The fee is related to the number of users and is perhaps $6 or $7 per license per month. 

We did look at other options, but it boiled down to choosing One Identity with no second thought.

My advice is to try this product first and then decide. In organizations with a large footprint of open source operating systems, such as Unix or Linux, security for them is a bigger concern, especially for banking. They should take advantage of using the evaluation version.

Overall, I would rate this product eight out of ten.

We have this process of provisioning and non-provisioning users, depending on our SAP HR database.

The most important thing is that we don't have bad users in our systems anymore.

We no longer keep users who shouldn't exist.

It is flexible with APIs and the customizing of a portal.

I would like to have more extensive out-of-the-box reports.

The stability is great. We haven't had any problems. It keeps on working.

We can expand as much as possible. It will meet our needs going forward. We have already expanded a lot of times. The only issue with expansion is the cost of licensing.

I have only had one experience with the technical support, and it was okay.

We were not using another solution prior to this one (not in this scope).

The initial setup is mostly straightforward, but you still need to customize some things.

It has helped to reduce the paperwork of the help desk. There is a lot less paperwork, which has increased employee productivity, allowing them to be assigned to additional projects. 

We were also looking at the Microsoft Identity Manager. However, we decided on One Identity Manager because it has a wider coverage of different products.

Implementation and integration with SAP went well from the Identity side, but we have had internal problems with the data. However, we have been solving that for four years now.

The primary use case for us is to follow the identity lifecycle, starting from feature improvement up to many accounts along with targeted systems.

It has improved the way of operations functions. 

It has partly helped with GDPR, especially with HR.

The most valuable features of this solution are its handling and that it is easy to maintain and manage the data.

The solution is flexible in connection with the controls. For example, it's easy to implement, easy to handle, and understandable to configure.

The user interface needs improvement.

I would like a secondary account approach out-of-the-box, as this would be really useful. Additionally, it would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes. 

The stability has improved over time. 

It is easy to scale up. However, obtaining additional resources additional are an issue.

We have not been much in touch with their technical support, which is a good sign for the product, since it mostly working.

Our previous solution (IBM) was outdated.  

The complexity of the initial setup varies. The Active Directory may be considered less complex then connecting a SAP system.

We have a consultant, who helps us in wrapping up solutions and connecting the current systems to one another.

This solution helped us to increase employee productivity when it comes to provisioning users or systems. It is what the solution was designed for. In some cases, it has gone down from days to hours/minutes.

To a certain extent, it has helped us reduce help desk calls by five to ten percent.

It helps us save on licenses for applications because we are following the account lifecycle, as well as account reactivation.

We had a shortlist of three vendors: SailPoint IdentityIQ, IBM, and One Identity. We looked at functionalities, what came out-of-the-box with each product, and what needed configuring.

The product is a nine out of ten because 80 to 90 percent of our requirements are out-of-the-box.

Consider the speed of implementation, amount of customization, and the authentications if you are comparing between tools. Operations is also a topic: Is it easy to operate and is there a dedicated operational team? 

We have integrated with SAP because SAP has connected systems.

I like the integrated approach of the privileged account governance features.