IT Central Station is now PeerSpot: Here's why

One Identity Manager OverviewUNIXBusinessApplication

One Identity Manager is #2 ranked solution in top User Provisioning Software and top Identity Management (IM) tools. PeerSpot users give One Identity Manager an average rating of 8.0 out of 10. One Identity Manager is most commonly compared to SailPoint IdentityIQ: One Identity Manager vs SailPoint IdentityIQ. One Identity Manager is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
One Identity Manager Buyer's Guide

Download the One Identity Manager Buyer's Guide including reviews and more. Updated: July 2022

What is One Identity Manager?

One Identity Manager is a value-added and trusted active directory management and user provisioning software solution. One Identity Manager administers and protects an organization’s data and users, minimizes threats, and ensures that compliance regulations are consistently satisfied.

Users will have access to the data and applications they need when they need them. One Identity can be used on premises, in the cloud, and also with hybrid options. One Identity Manager is able to easily combine strict governance compliance regulations and rigorous security protocols to keep business enterprises secure and functional today and into the future. One Identity Manager is also a robust, scalable identity governance and administration (IGA) solution. The solution is designed to meet the changing needs of a growing dynamic business enterprise, and not be limited or left vulnerable by IT department constricts.

One Identity consistently provides robust security solutions that facilitate a strong secure enterprise where the users, applications, and critical data are safe and secure. The unified identity security platform provides identity governance and administration (IGA), privileged access management (PAM), active directory management and security (ADMS), and identity and access management (IAM) processes to ensure an aggressive stance on security for today’s dynamic enterprise organizations.

One Identity is used by more than 11,000 organizations worldwide managing over five hundred million plus identities.

One Identity Manager Features

  • Self-service options: Organizations save time and are able to get tasks completed easily. Users can request permissions or access and receive predetermined approval based on role assignments.

  • Password management: Organizations can easily reset user passwords based on established organizational protocols. Password policies can be determined according to user roles and assignments.

  • Governance: One Identity Manager offers complete visibility regarding data access, such as who has access, when the access was given, and the reasons why access was given. The solution delivers clear reporting to comply with any regulatory requirements.

  • SAP certified: Users are able to amplify existing SAP security protocols and seamlessly connect accounts under governance. One Identity Manager is a complete identity access solution.

  • Reporting: One Identity Manager delivers reliable reporting regarding user access and privileged access to an organization's network. The reporting can satisfy all government and regulatory compliance standards.

  • Connectors: One Identity Manager’s significant amount of available connectors enable organizations to easily extend identity governance to the cloud and will ensure cloud application time is minimized significantly.

Reviews from Real Users

The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.” - Marc H., IT Architect at a tech services company

“The most valuable features are that it has a lot of capabilities, can integrate with a lot of systems, including automated onboarding like CyberArk, and allows you to integrate different entities.” - Security Consultant at a financial services firm

One Identity Manager was previously known as Quest One Identity Manager, Dell One Identity Manager.

One Identity Manager Customers

Texas A&M, Sky Media, BHF Bank, Swiss Post, Union Investment, Wayne State University. More at OneIdentity.com/casestudies

One Identity Manager Video

One Identity Manager Pricing Advice

What users are saying about One Identity Manager pricing:
  • "From a cost perspective, One Identity has the biggest bang for the buck."
  • "We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company."
  • "The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license."
  • "It's not cheap, but the pricing is okay. Other applications cost about the same."
  • One Identity Manager Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Director, Global Identity and Access Technologies at a financial services firm with 10,001+ employees
    Real User
    Enables us to automate SOX recertification, saving a significant amount of time
    Pros and Cons
    • "The most valuable features include the automated attestations or recertification... The time that people have to focus on their real jobs and not spend it doing recertifications is huge."
    • "[Regarding] their upgrades, we're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing."

    What is our primary use case?

    One of the key use cases is certifications for SOX applications. Another is centralized onboarding and offboarding. Another use case is the Self Service using the IT Shop, which gives us a repository of entitlements that people can request and then have the approval workflows, and document the approvals for SOX and other regulatory requirements.

    The appliances we use for this solution are VMs. We went with that version because we're forced to. We're not allowed to use physical hardware. Our infrastructure group requires us to use VMs.

    How has it helped my organization?

    The process prior to One Identity was very manual for certification for SOX applications, using Excel spreadsheets etc. We were able to automate that process. Right now we're doing approximately 250,000 automated attestations every quarter. The time it takes to do those is greatly reduced. For example, with our financial system, reviews used to take two-and-a-half months to complete and now we have 90 percent compliance within two days. 

    When it comes to onboarding and offboarding, prior to our launching of One Identity Manager, users were provisioned disparately across the globe in all of our offices. There was no consistency or structure. We have centralized that and it's based on the HR data for new hires. And more importantly for "leavers" — and that was always an audit point, for not catching the leavers — we have a feed from Oracle as well that promptly disables access on the user's last day of work. That is a key use case.

    In terms of integrations, we have a custom connector with our ERP system, JD Edwards. The process to build the connector was lengthy. It took us about six months. It was not easy. But with it in place, we improved the time for doing the recertifications. Once they saw the efficiency of the attestations for that, everyone was wanting to get on board with other apps as well.

    What is most valuable?

    The most valuable features include the 

    • automated attestations or recertification
    • IT Shop, which reduced calls to the help desk by 60 percent from users not having to contact someone to request access to something. Now, they go to the Self Service portal. 

    Those two are the biggest wins.

    In addition, when it comes to usability and functionality, users are always the most difficult to please. But when we went to version 8, we actually had zero negative feedback. We had people who were praising the UI of the new version. It was very well received. We had no pushback or anything negative that we had to address.

    Another huge win is that a lot of our producers and salespeople are constantly on the road, and making them log into a portal for approval was very difficult. Once we implemented the approval feature, those users were extremely happy with it. It saves time and helps the end-users to become productive sooner because they can do the approvals.

    What needs improvement?

    There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking. 

    Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.

    Buyer's Guide
    One Identity Manager
    July 2022
    Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    622,063 professionals have used our research since 2012.

    For how long have I used the solution?

    We've been using One Identity Manager since 2013.

    What do I think about the stability of the solution?

    Once we went to version 8 it became very stable. Version 6 had a lot of issues with performance. But all of those were resolved with the new infrastructure and table structures. We are never down. We are 99.999 up.

    What do I think about the scalability of the solution?

    One of the reasons we bought One Identity was for scalability because we grow through acquisitions. We have about 40,000 internal users currently, but two years ago we only had 20,000. We knew that we would grow and would have to have something that would grow with us.

    How are customer service and support?

    We have really good support. We tend to deal with one support person in particular, so he knows our environment well. We have a great relationship with their support in general.

    Which solution did I use previously and why did I switch?

    Avatier was our previous solution. It couldn't scale with us. It was for a company with one domain, but we have about 12 domains and one forest. Even though it sat on a .NET framework, we could not do our own development so we were constantly going back to the vendor for enhancements.

    How was the initial setup?

    The initial setup was straightforward. It's really easy to install. The out-of-the-box functions really are out-of-the-box. You're not having to do a lot of custom development. 

    This is our second-generation tool, our first generation being Avatier. With our use cases already defined in that — and that's probably the longest thing that it will take to get done to get across the finish line — we had One Identity up and running within less than three months.

    Because we have multiple divisions around the world, we broke up our implementation by region and then by division within those regions. We would launch a division and then leave a week between and then launch the next one so that we always had time in between. That's one of the things that I tell people: Do not do a big-bang launch because it will not be successful. You have to do a rolling launch, in my opinion.

    When it came to training, we broke it up into the various populations. We did end-users, we did managers, and we did requesters. We developed that training internally. We did on-demand training modules as well as live training. From an engineering perspective, I did send engineers to One Identity. However, out-of-the-box, it was pretty straightforward. Based on the knowledge transfer from Professional Services, they were able to adequately manage the tool.

    What about the implementation team?

    For our initial implementation, we used One Identity's Professional Services. Our experience with them was good. They knew the system and they were able to deploy our use cases.

    Our migration project with iC Consult happened about two years ago. We were on version 6 and we had just started to undertake a move to version 7 but 8 had come out. We decided to go ahead and jump from 6 to 8. The reason we decided to do so was that that migration took nine months and, while version 7 did not have a UI change, 8 was going to have a UI change and we could not put our users through two upgrades. We had to think about our end-users and jumped straight to 8.

    But iC Consult is phenomenal. I recommend them a lot. Many of their consultants and engineers came from the original Volcker Informatiks, which created the tool that we see today. Their employees have fundamental, foundational knowledge of the tool inside and out. They had the scripts, they knew the tables that needed to be restructured, inside and out. It was just an amazing, smooth process. I have colleagues who have fired up to three partners, in trying to get themselves migrated off of 6 to 7, because they were not successful. They are still on 6 and are trying to get funding — because they've thrown away so much money — so they can get iC Consult to come in because iC Consult just knows its stuff around the tool so well.

    Our experience with iC Consult was outstanding. They were very involved. During our go-live weekend, Ulli, who is CEO of the Americas now, was pulled onto another project. They felt confident we would get through it without him, but at their own cost they sent another engineer to the US to be here during the migration. They were always very thoughtful around making sure that it would be successful and that we felt confident that the right resources were available.

    Because of their knowledge, the iC Consult consultants were able to hit the ground running. So many consulting companies will come in and it takes them a while to get the lay of the land. They've got junior people on the account. We did not have that experience, thank goodness. I had come from a consulting company that was renowned for just not putting the best resources on projects and thus it stumbled and failed. The iC Consult consultants' maturity levels and their knowledge around the tools allowed them to hit the ground running with no issues.

    We were completely satisfied. We have used them continuously since then. I have a very lean team — I only have three engineers to handle the global program. So iC Consult will do special projects that we just don't have the time to focus on. They can go off, uninterrupted, and handle those for us.

    What was our ROI?

    We have seen return on our investment with this solution, especially, as I mentioned, regarding the attestation recertification. The time that people have to focus on their real jobs and not spend it doing recertifications is huge.

    Which other solutions did I evaluate?

    We had gone into PoC, originally, with Avatier, CA, and Quest. But Volcker had been purchased by Quest soon after. We liked Quest, we liked our salesperson and when the tool began to grow and when we re-org'd and I was allowed to choose a different tool, we decided to do a PoC.

    From a cost perspective, One Identity has the biggest bang for the buck. We do not have a large team and I cannot spend a lot on services. I wouldn't even look at the likes of IBM and Oracle because I know how expensive they would be.

    What other advice do I have?

    It isn't just this product. IAM projects never come in on time or on budget. It's just the nature of the beast. But definitely have your use cases thoroughly defined. If you have those, the configuration will come rather easily.

    Even though customization is available, you need to be aware of the dependencies and the other features that may be negatively impacted if you don't do best practices. You want to make sure that you're using best practices and not just configuring something because that's the way it's done in your company. That could negatively impact the other features that do adhere to best practices.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Security project Manager at a tech services company with 1,001-5,000 employees
    Real User
    Stable, has a large number of connectors, doesn't require a lot of maintenance, and provides quick and accurate support for major incidents
    Pros and Cons
    • "In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a stable system which I like."
    • "Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out. The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager."

    What is our primary use case?

    My company has a lot of use cases for One Identity Manager. In my previous company, I've been maintaining the tool, so I used to go to clients who needed improvements and support in terms of provisioning, and I provided those services. Now, in my current company, I'm in the Identity Management team, and my company is using its old Identity system with One Identity Manager, particularly for provisioning, access management, compliance, and certification, apart from identity management.

    What is most valuable?

    In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a really stable system which I like.

    What needs improvement?

    Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out.

    The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager.

    For how long have I used the solution?

    I've been using One Identity Manager for three and a half years.

    What do I think about the stability of the solution?

    Stability is one of the main qualities of One Identity Manager. It could run even if people go on a holiday for weeks, and nobody would be worried about the tool breaking down. One Identity Manager could work for months even if you don't look at it or check it. It's a well-designed tool.

    What do I think about the scalability of the solution?

    One Identity Manager is a scalable tool and its scalability is one of the reasons why my company chose it. The tool is capable of evaluation, and it has a lot of different connectors that come out of the box, so as soon as you know what you're doing, it's easy to extend the parameter and add new target systems to it. With One Identity Manager, you can have systems ready for future use. My company has never reached a point where it says: "Okay. There's nothing more you can do with this tool."

    How are customer service and support?

    I've contacted the support team for One Identity Manager several times. For level one support, particularly when something is broken and I need help, the team's been really quick and accurate. Most of the time, I get the first answer or first contact resolution in less than half an hour as written in the contract, and the support team has really found a quick solution. Every time I face an incident, the team finds a solution to it within an hour. Sometimes it could take a few hours to resolve which is when the One Identity Manager support team provides new patches to implement, for example, the issue started at seven at night and patching would be done at eight in the morning the next day.

    For major incidents, I would rate support a five out of five, but if it's just a little incident that does very little harm and is in development, issue resolution would take longer. The support team for One Identity Manager handles major incidents perfectly, so I have no complaints, but if you just have a little incident that appears on your development system and is not really that important, it could take days and days before a technician is sent onsite. This is why my company prefers to work with a partner that is more open to decision, and though the One Identity support team is really there to save your life, it's not there for every incident or situation that you come across.

    Which solution did I use previously and why did I switch?

    My company decided to use One Identity Manager because of the large variety of connectors available that lets you connect everything you need, even for future use, as well as the reputation of One Identity Manager in terms of stability. Another reason for choosing the tool is the online forum and YouTube channel that allow engineers to learn more about One Identity Manager without the need to ask a partner each time, so you can be independent of the vendor or partner. The support you get is also another reason my company went with the tool.

    How was the initial setup?

    Whether the initial setup for One Identity Manager is easy or difficult is hard to say because of other systems that have less functionality but are easier to deploy, and you won't face the same challenges that you'd face when setting up One Identity Manager. It's recommended for you to have knowledgeable engineers who can support you during the setup, especially if you don't have the knowledge on how to set the tool up. Setting up the tool may not be as easy, but considering all the things One Identity Manager can do for you, it's not such a big deal.

    If you just want to basic features to be up and running with One Identity Manager, deployment could take a few weeks, for example, if you just want to use an authoritative source and have provisioning, active directory, exchange, and other basic features set up in your company. For a company that has really stable jobs to provision, with role mining that isn't difficult, the tool could be ready and working within a few weeks, but for a large company with a really, really large variety of jobs and regulations, deployment of One Identity Manager could take a few months.

    What was our ROI?

    You can get ROI from One Identity Manager. It's worth the money because my company wants to be agile, and if tomorrow, the head of the company says, "Okay, let's open a new area," with One Identity Manager, I can say, "Okay. If you say there'll be three hundred people, tomorrow, I'm able to create accounts with the rules needed for those to work, and it won't be a mess."

    With One Identity Manager, even inexperienced people in the team can easily understand how each role works, and if you have a great conception of each role, you can just hire or transfer within days without being worried about whether or not each person has everything he needs to work.

    What's my experience with pricing, setup cost, and licensing?

    I'm unable to discuss licensing costs for One Identity Manager.

    What other advice do I have?

    I'm using the latest version of One Identity Manager.

    In my company, the tool is still in the deployment stage, but within a few months, all people in the company will be users of One Identity Manager, particularly the portal. There'll be about five thousand users of the tool within my company.

    My advice to anyone using One Identity Manager for the first time is to make an audit on your company with an independent partner to be sure if you need the tool because One Identity Manager won't be worth it for every company. You have to match it to your needs, or else you'll never get your money's worth. For example, in a stable company or one that has similar jobs, the tool won't be used a lot. If you have three to ten job types and all of those would be the same after many years, One Identity Manager won't be the tool you need. You can just go for a cheaper tool that can do the job for you, but if you have a complex company and you have to face a lot of regulations, and if you want to adapt more quickly, One Identity Manager is a good choice.

    I'm rating One Identity Manager nine out of ten because it fits my need, and though it's complex, it's a learnable product. It also helps my company become more agile and also helps it face new challenges. One Identity Manager is the tool I need, and I like it. The tool helps my company and also helped the previous company I worked for, so I have no complaints about it. It's a tool I like working with.

    I didn't give One Identity Manager a perfect score because the connection with ServiceNow isn't there yet, so that's an area for improvement. When you send in an incident or put in a request that's not a standard request on One Identity Manager, you have to make an exception in the way your company should work, and this is another area for improvement in the tool that I also don't like. My company came up with a workaround or a solution to this, but a company such as One Identity should be able to propose a solution out-of-the-box.

    My company is both a customer and a partner of One Identity Manager. I say partner because a representative from One Identity comes to my company every two months and listens to feedback about the pros and cons of the tool. I say customer because my company pays for the One Identity Manager license, and if there's an issue, my company makes a request and lets the support team know what makes us unhappy.

    Disclosure: My company has a business relationship with this vendor other than being a customer: customer/ partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    One Identity Manager
    July 2022
    Learn what your peers think about One Identity Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    622,063 professionals have used our research since 2012.
    Srivalli Sristla - PeerSpot reviewer
    IAM Engineering Manager at a construction company with 10,001+ employees
    Real User
    Comes with a lot of out-of-the-box features
    Pros and Cons
    • "We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%."
    • "Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions."

    What is our primary use case?

    We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.

    How has it helped my organization?

    We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.

    One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.

    What is most valuable?

    One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.

    I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.

    As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.

    What needs improvement?

    In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.

    One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.

    If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.

    It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.

    For how long have I used the solution?

    I have used it for five and a half years.

    What do I think about the stability of the solution?

    We haven't had any stability issues.

    What do I think about the scalability of the solution?

    So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.

    We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role. 

    How are customer service and support?

    We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues. 

    Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.

    Which solution did I use previously and why did I switch?

    Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.

    Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.

    How was the initial setup?

    The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.

    The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.

    We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.

    What about the implementation team?

    Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.

    It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.

    We have had pretty good people on our team so far:

    • For deployment, one or two people were needed. 
    • For maintenance, our team is very small. We have two or two and a half people at all times. 

    Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.

    What's my experience with pricing, setup cost, and licensing?

    We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.

    Unless you are buying a new connector, you won't need to shell out more money for the solution.

    Which other solutions did I evaluate?

    My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.

    The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.

    There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.

    What other advice do I have?

    This solution should be considered by companies (based on their needs).

    The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.

    The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.

    We connected SAP through a database.

    We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.

    I would rate this solution as eight out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Vladislav Shapiro - PeerSpot reviewer
    Founder at Costidity.com
    Real User
    Business-oriented and IAM administrator-oriented, easy to configure and scale up, and has a helpful and knowledgeable technical support team
    Pros and Cons
    • "In terms of what I found most valuable in One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented."
    • "A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement. I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager. Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager."

    What is our primary use case?

    We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.

    What is most valuable?

    In terms of what I found most valuable in  One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.

    What needs improvement?

    A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.

    I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.

    Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.

    For how long have I used the solution?

    I've been using One Identity Manager since 2008.

    What do I think about the stability of the solution?

    One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.

    What do I think about the scalability of the solution?

    Scaling up One Identity Manager is extremely easy.

    How are customer service and support?

    I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.

    Which solution did I use previously and why did I switch?

    We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.

    How was the initial setup?

    In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.

    How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.

    What was our ROI?

    I've seen ROI from One Identity Manager.

    What's my experience with pricing, setup cost, and licensing?

    The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.

    Which other solutions did I evaluate?

    We evaluated SailPoint and Saviynt apart from One Identity Manager.

    What other advice do I have?

    I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.

    Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.

    My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.

    I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool,  the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.

    My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: customer/partner
    Flag as inappropriate
    PeerSpot user
    IT Architect at a tech services company with 501-1,000 employees
    Real User
    Top 20
    Significantly reduces time needed to create an account, mailbox, and default permissions for a new employee
    Pros and Cons
    • "Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions."
    • "The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified."

    What is our primary use case?

    We are a company in the health sector, with about 50,000 employees from six different health organizations. We use the solution to help automate all the processes around hiring and firing. We have automated as many processes as possible around user accounts and mailboxes, and file and folder administration. And with the IT Shop, customers can request permissions themselves.

    How has it helped my organization?

    Back in 2014, it took us six workdays to get an employee what they needed to do their work. The creation of the user accounts required two days, and the creation of the user mailbox and the assignment of permissions took another four days. Now, we get data from HR when a new hire begins and we have the user account, mailbox, and default permissions for the organization available approximately two hours later.

    The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.

    It has helped to simplify compliance. We are subject to compliance rules. Using the solution, a manager has the ability to check out which permissions an employee has and to make changes to the permissions.

    We have also integrated One Identity with SAP. Every one of our customers uses SAP and we have the synchronization agent for SAP in different landscapes. The integration process between One Identity and SAP is simple. We don't have to do many steps to integrate SAP landscapes. We just have to start a new synchronization process and that's fine. The SAP integration gives us the ability to make rules for SAP accounts and SAP role assignments. And what is very impressive is the way it handles role assignments. We have more than 2 million role assignments for just one of our customer's employees.

    What is most valuable?

    Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions.

    The solution is also very flexible. We can adjust all the standard processes that One Identity comes with and we can create new processes. We can always change whatever we need to change.

    What needs improvement?

    The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.

    For how long have I used the solution?

    I have been using One Identity Manager since 2013. I was formerly a consultant for Quest, beginning in 1998.

    What do I think about the stability of the solution?

    We don't have any problem with the stability of the solution. We have problems with the stability of our own processes and the systems that are behind One Identity.

    What do I think about the scalability of the solution?

    We have 50,000 employees. That speaks for itself regarding the scalability.

    How are customer service and support?

    One Identity support has been fine. We always have good, professional feedback and solutions, and the communication has always been okay.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    As an organization, we started the deployment with one of our customers in 2010 and completed deployment for all of our customers in 2016. Every system requires different processes and knowledge. We were able to set up some things in a really short time. Others took more time because we needed to learn the system and how it works.

    We are a team of four employees who design and customize the whole system. Our company has 80 support engineers on the help desk, and on our customers' sites there are between four and 10 employees who have read-only access for the One Identity system.

    What about the implementation team?

    We have worked with One Identity and with their partners, including IPG and Devoteam. In 2014, we worked with One Identity in our environment to deploy the IT Shop.

    APG provided training for me and my colleagues. It went very well. We were stronger in our skills after the training and it was done very professionally. They also helped us customize the solution for our particular needs, the first time. Now, we understand things and we can customize the system on our own. Their assistance, along with Devoteam, in customizing things was very helpful. They customized the whole system and we learned from them.

    What was our ROI?

    We have seen ROI due to the better performance we now have in getting employees working. That is very valuable. In addition, we have the self-service via the web interface. That helps with return on investment because every call to our help desk has to be paid for by our customers, but with the web interface they can do things on their own.

    What's my experience with pricing, setup cost, and licensing?

    It's not cheap, but the pricing is okay. Other applications cost about the same.

    What other advice do I have?

    Take your time in deploying the system and know the processes you want to support with it. Knowledge of the processes you want to support is the main thing.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Founder at a marketing services firm with 11-50 employees
    Real User
    Customizable, stable, and has synchronization and process orchestration features
    Pros and Cons
    • "In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager."
    • "The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager. What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself."

    What is our primary use case?

    One Identity Manager is a central identity provider and authorization provider, and I've been using it for multiple customers who use it as a central identity provider.

    What is most valuable?

    In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager.

    What needs improvement?

    The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager.

    What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself.

    For how long have I used the solution?

    I've been working with One Identity Manager and its predecessor Quest since 2014.

    What do I think about the stability of the solution?

    One Identity Manager is a stable solution, although like any vendor bugs occur. It is frustrating there's no bug tracker available of known issues. It would be very helpful to know what bugs are currently acknowledged to prevent continuity issues and wasted troubleshooting time. 

    What do I think about the scalability of the solution?

    In terms of the scalability of One Identity Manager, I mostly had experience with companies that had five to ten thousand identities in place, and now, I've been working with a setup in a larger enterprise environment with tens of thousands of users, and my impression is that everything is going much slower than what I was used to on the smaller scale, but I'm not completely familiar how it was set up. I know too little about the setup to judge the scalability of One Identity Manager.

    How are customer service and support?

    I've contacted the technical support team for One Identity Manager multiple times. Sometimes support is excellent, and sometimes, it's just okay. Support asks for a lot of information that's not always necessary.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    Installing One Identity Manager nowadays is getting more and more straightforward, but in terms of configuration and setup, that's complex.

    The time it takes to deploy the solution would depend on the organization. I've been involved in multiple projects and there were projects where One Identity Manager was deployed faster than others, so deployment time would depend a bit on the complexity of the organization and internal processes, but in theory, you could set it up within a week. Mostly it would take companies months to get the solution up and running.

    What's my experience with pricing, setup cost, and licensing?

    I'm aware there's a license cost for One Identity Manager, but I'm not part of the team who handles licensing, so I'm unable to give pricing information.

    What other advice do I have?

    I'm a freelancer, so I work for multiple customers and I work for three customers that are using One Identity Manager, so I can't give the exact number of users, but big teams use it.

    I'm using One Identity Manager because it's what my customers selected.

    My advice to anyone looking into using One Identity Manager is to start playing around on the virtual setup to get familiar with it, in particular, make a small domain, set some target systems up, and get familiar with the setup.

    I would rate One Identity Manager eight out of ten because it's very stable and very customizable. For the last two years, the solution has improved and cut back on technical depth, and it can stand on its own two feet, but there's still space to improve. Overall, One Identity Manager is one of the best in the market.

    I'm an identity and access management consultant, so I'm not a partner or a reseller of One Identity Manager.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Matt Thomson - PeerSpot reviewer
    Principal Consultant at UNIFY Solutions
    Consultant
    Top 5Leaderboard
    Great security controls with tighter de-provisioning and excellent self-service capabilities
    Pros and Cons
    • "The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be."
    • "We fell into that trap of over-customization which made upgrading the product difficult."

    What is our primary use case?

    We used One Identity Management for 15,000 employees of a financial services firm. In addition to the IM functionality, we leveraged One ID for Identity Governance - including access certifications.

    We had automated provisioning of users based on HR data. This automatically created 4-5 base accounts and birthright access for users. In addition to that, we leveraged the IT shop to request roles for users which, for the most part, automatically provisioned access to users.

    In addition to this, we used the Attestation features of the product to aid in our User Access Reviews.

    How has it helped my organization?

    There were significant productivity benefits over our previous platform with the increased automation which took the process of onboarding staff down from days to minutes. It allowed user self-service for additional access. The approval process was tracked and auditable.

    It also improved our security controls with tighter de-provisioning, where we would automatically terminate a user's access when they left the company. In addition, regular user access certification campaigns were undertaken to review staff access and to ensure staff only had the access required to perform their role.

    What is most valuable?

    As the team supporting the platform, one of the key features One Identity Manager has that was very valuable was the administration interface which allowed a quick easy overview of staff, their entitlements, and how they had were entitled to access.

    Centralizing identity management allowed for a centralized governance model. 

    The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be. 

    What needs improvement?

    The blessing and curse with One Identity Manager was its flexibility and the ability to solve business problems in a number of ways. We fell into that trap of over-customization which made upgrading the product difficult. An improvement would be to offer guides on how you should set up a base configuration. There should also be integration guides to key systems like Active Directory.

    In addition to that, we had some slowness with the IT shop when we had significant amounts of data, users, etc., in the system and there were some slow database queries that needed to be optimized and patched. This caused some slowness when running Attestation campaigns. 

    For how long have I used the solution?

    I used the solution for over 6 years.

    What do I think about the stability of the solution?

    Overall, the tool was stable. Our issues were mostly around customizations and bad data.

    What do I think about the scalability of the solution?

    The tool is scalable and can include a number of the usual infrastructure scalability options.

    How are customer service and technical support?

    Technical support was good, for the most part, especially when the local support team understood our level of expertise. If we were raising a problem it was a real problem and we were put through to the level 3 support quickly.

    Which solution did I use previously and why did I switch?

    We had a previous Identity Management Solution and we swapped it out as the old solution had little investment in its user interface and we needed a better interface for our users to be able to self-service effectively.

    How was the initial setup?

    It was a complex setup process, however, it was the first time it was done in the country 7 years ago. Getting the product installed was straightforward. It would be important to follow a proper SDLC with requirements being a key initial piece of the puzzle to help you maintain costs.

    What about the implementation team?

    We used a mix of vendor and in-house resources on the project. Like the in-house resources, the vendor at the time had no prior knowledge of the tool so it was a learning journey for both sets of resources.

    What's my experience with pricing, setup cost, and licensing?

    When we started the journey 7+ years ago, there was a limited skill set in the market, and that is still the case today. 

    Like all Identity Management projects, setting firm requirements upfront is important to maintain costs.

    Which other solutions did I evaluate?

    We did evaluate other options, however, I wasn't involved in that process.

    What other advice do I have?

    Look to limit customizations where you can; it can be easier to customize the tool in the short term, however, it can result in significant technical debt and effort in the future.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Manoj Pathak - PeerSpot reviewer
    One Identity Developer at Wipro Limited
    Real User
    Stable, efficient and easy to use but can be slow with a large number of users
    Pros and Cons
    • "It is easy to use and handle."
    • "It is particularly slow if you are using it in a large organization."

    What is our primary use case?

    We use the solution for creating and completing enhancements and other features. Personally, I have experience working as a .NET developer and working with the SQL server database. When I joined Wipro, I worked mainly with One Identity Manager tool as a developer. In addition, I do web design and object browsers, job queues, and use other tools.

    What is most valuable?

    The best feature is the security of the solution. 

    What needs improvement?

    The solution can be improved from a front-end point of view. It slows the portal down. The tool is too customized in our organization, and we face many challenges with the portal. We were able to make some improvements performance-wise to the portal slowness. It is particularly slow if you are using it in a large organization.

    For how long have I used the solution?

    We have been using this solution for more than two years. We are currently using version eight, which is deployed in cloud.

    What do I think about the stability of the solution?

    This solution is stable when we are using all its features. However, when we customize the solution, it becomes difficult to use.

    What do I think about the scalability of the solution?

    This solution is scalable.

    How are customer service and support?

    When we cannot resolve issues with the tool, the technical support team assists us by proposing solutions based on the tool requirements. They consistently respond to us and help us resolve any issues we encounter while using the tool. I rate the technical support a ten out of ten. 

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup process was easy. However, it took between 30 to 60 minutes to deploy the solution. 

    What's my experience with pricing, setup cost, and licensing?

    One Identity Manager is very efficient for a limited amount of users. It is easy to use and handle. The license price is based on user capacity. However, I cannot speak about the exact costs.

    Which other solutions did I evaluate?

    Our company takes on projects for different types of clients, so we chose this solution because our clients had this solution implemented. Therefore, selecting this option made managing things more efficient.

    What other advice do I have?

    I rate this solution a six out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free One Identity Manager Report and get advice and tips from experienced pros sharing their opinions.
    Updated: July 2022
    Buyer's Guide
    Download our free One Identity Manager Report and get advice and tips from experienced pros sharing their opinions.