What is our primary use case?
We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.
How has it helped my organization?
We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.
One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.
What is most valuable?
One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.
I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.
As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.
What needs improvement?
In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.
One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.
If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.
It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.
For how long have I used the solution?
I have used it for five and a half years.
What do I think about the stability of the solution?
We haven't had any stability issues.
What do I think about the scalability of the solution?
So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.
We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role.
How are customer service and support?
We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues.
Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.
Which solution did I use previously and why did I switch?
Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.
Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.
How was the initial setup?
The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.
The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.
We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.
What about the implementation team?
Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.
It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.
We have had pretty good people on our team so far:
- For deployment, one or two people were needed.
- For maintenance, our team is very small. We have two or two and a half people at all times.
Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.
What's my experience with pricing, setup cost, and licensing?
We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.
Unless you are buying a new connector, you won't need to shell out more money for the solution.
Which other solutions did I evaluate?
My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.
The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.
There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.
What other advice do I have?
This solution should be considered by companies (based on their needs).
The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.
The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.
We connected SAP through a database.
We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.
I would rate this solution as eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.