One Identity Manager Reviews

One of the key use cases is certifications for SOX applications. Another is centralized onboarding and offboarding. Another use case is the Self Service using the IT Shop, which gives us a repository of entitlements that people can request and then have the approval workflows, and document the approvals for SOX and other regulatory requirements.

The appliances we use for this solution are VMs. We went with that version because we're forced to. We're not allowed to use physical hardware. Our infrastructure group requires us to use VMs.

The process prior to One Identity was very manual for certification for SOX applications, using Excel spreadsheets etc. We were able to automate that process. Right now we're doing approximately 250,000 automated attestations every quarter. The time it takes to do those is greatly reduced. For example, with our financial system, reviews used to take two-and-a-half months to complete and now we have 90 percent compliance within two days. 

When it comes to onboarding and offboarding, prior to our launching of One Identity Manager, users were provisioned disparately across the globe in all of our offices. There was no consistency or structure. We have centralized that and it's based on the HR data for new hires. And more importantly for "leavers" — and that was always an audit point, for not catching the leavers — we have a feed from Oracle as well that promptly disables access on the user's last day of work. That is a key use case.

In terms of integrations, we have a custom connector with our ERP system, JD Edwards. The process to build the connector was lengthy. It took us about six months. It was not easy. But with it in place, we improved the time for doing the recertifications. Once they saw the efficiency of the attestations for that, everyone was wanting to get on board with other apps as well.

The most valuable features include the 

• automated attestations or recertification
• IT Shop, which reduced calls to the help desk by 60 percent from users not having to contact someone to request access to something. Now, they go to the Self Service portal. 

Those two are the biggest wins.

In addition, when it comes to usability and functionality, users are always the most difficult to please. But when we went to version 8, we actually had zero negative feedback. We had people who were praising the UI of the new version. It was very well received. We had no pushback or anything negative that we had to address.

Another huge win is that a lot of our producers and salespeople are constantly on the road, and making them log into a portal for approval was very difficult. Once we implemented the approval feature, those users were extremely happy with it. It saves time and helps the end-users to become productive sooner because they can do the approvals.

There is room for improvement to their password self-service tool. We're actually leaving that tool right now because it's just been horrible. We've discussed that with them, but for such an easy functional feature it is lacking. 

Number two is their upgrades. We're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing. Those are the two key areas for improvement.

We've been using One Identity Manager since 2013.

Once we went to version 8 it became very stable. Version 6 had a lot of issues with performance. But all of those were resolved with the new infrastructure and table structures. We are never down. We are 99.999 up.

One of the reasons we bought One Identity was for scalability because we grow through acquisitions. We have about 40,000 internal users currently, but two years ago we only had 20,000. We knew that we would grow and would have to have something that would grow with us.

We have really good support. We tend to deal with one support person in particular, so he knows our environment well. We have a great relationship with their support in general.

Avatier was our previous solution. It couldn't scale with us. It was for a company with one domain, but we have about 12 domains and one forest. Even though it sat on a .NET framework, we could not do our own development so we were constantly going back to the vendor for enhancements.

The initial setup was straightforward. It's really easy to install. The out-of-the-box functions really are out-of-the-box. You're not having to do a lot of custom development. 

This is our second-generation tool, our first generation being Avatier. With our use cases already defined in that — and that's probably the longest thing that it will take to get done to get across the finish line — we had One Identity up and running within less than three months.

Because we have multiple divisions around the world, we broke up our implementation by region and then by division within those regions. We would launch a division and then leave a week between and then launch the next one so that we always had time in between. That's one of the things that I tell people: Do not do a big-bang launch because it will not be successful. You have to do a rolling launch, in my opinion.

When it came to training, we broke it up into the various populations. We did end-users, we did managers, and we did requesters. We developed that training internally. We did on-demand training modules as well as live training. From an engineering perspective, I did send engineers to One Identity. However, out-of-the-box, it was pretty straightforward. Based on the knowledge transfer from Professional Services, they were able to adequately manage the tool.

For our initial implementation, we used One Identity's Professional Services. Our experience with them was good. They knew the system and they were able to deploy our use cases.

Our migration project with iC Consult happened about two years ago. We were on version 6 and we had just started to undertake a move to version 7 but 8 had come out. We decided to go ahead and jump from 6 to 8. The reason we decided to do so was that that migration took nine months and, while version 7 did not have a UI change, 8 was going to have a UI change and we could not put our users through two upgrades. We had to think about our end-users and jumped straight to 8.

But iC Consult is phenomenal. I recommend them a lot. Many of their consultants and engineers came from the original Volcker Informatiks, which created the tool that we see today. Their employees have fundamental, foundational knowledge of the tool inside and out. They had the scripts, they knew the tables that needed to be restructured, inside and out. It was just an amazing, smooth process. I have colleagues who have fired up to three partners, in trying to get themselves migrated off of 6 to 7, because they were not successful. They are still on 6 and are trying to get funding — because they've thrown away so much money — so they can get iC Consult to come in because iC Consult just knows its stuff around the tool so well.

Our experience with iC Consult was outstanding. They were very involved. During our go-live weekend, Ulli, who is CEO of the Americas now, was pulled onto another project. They felt confident we would get through it without him, but at their own cost they sent another engineer to the US to be here during the migration. They were always very thoughtful around making sure that it would be successful and that we felt confident that the right resources were available.

Because of their knowledge, the iC Consult consultants were able to hit the ground running. So many consulting companies will come in and it takes them a while to get the lay of the land. They've got junior people on the account. We did not have that experience, thank goodness. I had come from a consulting company that was renowned for just not putting the best resources on projects and thus it stumbled and failed. The iC Consult consultants' maturity levels and their knowledge around the tools allowed them to hit the ground running with no issues.

We were completely satisfied. We have used them continuously since then. I have a very lean team — I only have three engineers to handle the global program. So iC Consult will do special projects that we just don't have the time to focus on. They can go off, uninterrupted, and handle those for us.

We have seen return on our investment with this solution, especially, as I mentioned, regarding the attestation recertification. The time that people have to focus on their real jobs and not spend it doing recertifications is huge.

We had gone into PoC, originally, with Avatier, CA, and Quest. But Volcker had been purchased by Quest soon after. We liked Quest, we liked our salesperson and when the tool began to grow and when we re-org'd and I was allowed to choose a different tool, we decided to do a PoC.

From a cost perspective, One Identity has the biggest bang for the buck. We do not have a large team and I cannot spend a lot on services. I wouldn't even look at the likes of IBM and Oracle because I know how expensive they would be.

It isn't just this product. IAM projects never come in on time or on budget. It's just the nature of the beast. But definitely have your use cases thoroughly defined. If you have those, the configuration will come rather easily.

Even though customization is available, you need to be aware of the dependencies and the other features that may be negatively impacted if you don't do best practices. You want to make sure that you're using best practices and not just configuring something because that's the way it's done in your company. That could negatively impact the other features that do adhere to best practices.

My company has a lot of use cases for One Identity Manager. In my previous company, I've been maintaining the tool, so I used to go to clients who needed improvements and support in terms of provisioning, and I provided those services. Now, in my current company, I'm in the Identity Management team, and my company is using its old Identity system with One Identity Manager, particularly for provisioning, access management, compliance, and certification, apart from identity management.

In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a really stable system which I like.

Having new features for web developers in the One Identity Manager shop is an area for improvement. Another area for improvement in the tool is its ServiceNow connection as ServiceNow is a major ITSM system player, but the current out-of-the-box feature proposed by One Identity Manager can only make simple incident requests to the system. My company is now in full ICL design, so it prefers for all concerns or requests to be sent properly to ServiceNow, so my company can have better control over the incident requests and be able to sort those out.

The tool fits all my needs today, except for the ServiceNow connector. That's the only additional feature I'd like to see in the next release of One Identity Manager.

I've been using One Identity Manager for three and a half years.

Stability is one of the main qualities of One Identity Manager. It could run even if people go on a holiday for weeks, and nobody would be worried about the tool breaking down. One Identity Manager could work for months even if you don't look at it or check it. It's a well-designed tool.

One Identity Manager is a scalable tool and its scalability is one of the reasons why my company chose it. The tool is capable of evaluation, and it has a lot of different connectors that come out of the box, so as soon as you know what you're doing, it's easy to extend the parameter and add new target systems to it. With One Identity Manager, you can have systems ready for future use. My company has never reached a point where it says: "Okay. There's nothing more you can do with this tool."

I've contacted the support team for One Identity Manager several times. For level one support, particularly when something is broken and I need help, the team's been really quick and accurate. Most of the time, I get the first answer or first contact resolution in less than half an hour as written in the contract, and the support team has really found a quick solution. Every time I face an incident, the team finds a solution to it within an hour. Sometimes it could take a few hours to resolve which is when the One Identity Manager support team provides new patches to implement, for example, the issue started at seven at night and patching would be done at eight in the morning the next day.

For major incidents, I would rate support a five out of five, but if it's just a little incident that does very little harm and is in development, issue resolution would take longer. The support team for One Identity Manager handles major incidents perfectly, so I have no complaints, but if you just have a little incident that appears on your development system and is not really that important, it could take days and days before a technician is sent onsite. This is why my company prefers to work with a partner that is more open to decision, and though the One Identity support team is really there to save your life, it's not there for every incident or situation that you come across.

My company decided to use One Identity Manager because of the large variety of connectors available that lets you connect everything you need, even for future use, as well as the reputation of One Identity Manager in terms of stability. Another reason for choosing the tool is the online forum and YouTube channel that allow engineers to learn more about One Identity Manager without the need to ask a partner each time, so you can be independent of the vendor or partner. The support you get is also another reason my company went with the tool.

Whether the initial setup for One Identity Manager is easy or difficult is hard to say because of other systems that have less functionality but are easier to deploy, and you won't face the same challenges that you'd face when setting up One Identity Manager. It's recommended for you to have knowledgeable engineers who can support you during the setup, especially if you don't have the knowledge on how to set the tool up. Setting up the tool may not be as easy, but considering all the things One Identity Manager can do for you, it's not such a big deal.

If you just want to basic features to be up and running with One Identity Manager, deployment could take a few weeks, for example, if you just want to use an authoritative source and have provisioning, active directory, exchange, and other basic features set up in your company. For a company that has really stable jobs to provision, with role mining that isn't difficult, the tool could be ready and working within a few weeks, but for a large company with a really, really large variety of jobs and regulations, deployment of One Identity Manager could take a few months.

You can get ROI from One Identity Manager. It's worth the money because my company wants to be agile, and if tomorrow, the head of the company says, "Okay, let's open a new area," with One Identity Manager, I can say, "Okay. If you say there'll be three hundred people, tomorrow, I'm able to create accounts with the rules needed for those to work, and it won't be a mess."

With One Identity Manager, even inexperienced people in the team can easily understand how each role works, and if you have a great conception of each role, you can just hire or transfer within days without being worried about whether or not each person has everything he needs to work.

I'm unable to discuss licensing costs for One Identity Manager.

I'm using the latest version of One Identity Manager.

In my company, the tool is still in the deployment stage, but within a few months, all people in the company will be users of One Identity Manager, particularly the portal. There'll be about five thousand users of the tool within my company.

My advice to anyone using One Identity Manager for the first time is to make an audit on your company with an independent partner to be sure if you need the tool because One Identity Manager won't be worth it for every company. You have to match it to your needs, or else you'll never get your money's worth. For example, in a stable company or one that has similar jobs, the tool won't be used a lot. If you have three to ten job types and all of those would be the same after many years, One Identity Manager won't be the tool you need. You can just go for a cheaper tool that can do the job for you, but if you have a complex company and you have to face a lot of regulations, and if you want to adapt more quickly, One Identity Manager is a good choice.

I'm rating One Identity Manager nine out of ten because it fits my need, and though it's complex, it's a learnable product. It also helps my company become more agile and also helps it face new challenges. One Identity Manager is the tool I need, and I like it. The tool helps my company and also helped the previous company I worked for, so I have no complaints about it. It's a tool I like working with.

I didn't give One Identity Manager a perfect score because the connection with ServiceNow isn't there yet, so that's an area for improvement. When you send in an incident or put in a request that's not a standard request on One Identity Manager, you have to make an exception in the way your company should work, and this is another area for improvement in the tool that I also don't like. My company came up with a workaround or a solution to this, but a company such as One Identity should be able to propose a solution out-of-the-box.

My company is both a customer and a partner of One Identity Manager. I say partner because a representative from One Identity comes to my company every two months and listens to feedback about the pros and cons of the tool. I say customer because my company pays for the One Identity Manager license, and if there's an issue, my company makes a request and lets the support team know what makes us unhappy.

We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.

We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.

One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.

One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.

I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.

As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.

In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.

One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.

If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.

It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.

I have used it for five and a half years.

We haven't had any stability issues.

So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.

We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role. 

We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues. 

Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.

Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.

Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.

The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.

The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.

We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.

Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.

It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.

We have had pretty good people on our team so far:

• For deployment, one or two people were needed. 
• For maintenance, our team is very small. We have two or two and a half people at all times. 

Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.

We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.

Unless you are buying a new connector, you won't need to shell out more money for the solution.

My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.

The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.

There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.

This solution should be considered by companies (based on their needs).

The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.

The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.

We connected SAP through a database.

We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.

I would rate this solution as eight out of 10.

We use One Identity Manager for every need. We use it for provisioning, cataloging, approvals, connecting to systems, and also for trying to figure out what's going on, governance, reporting, and provisioning changes. It's also for leavers, joiners, and movers. The solution is for everybody.

In terms of what I found most valuable in  One Identity Manager, it's the only product where the workflow and the catalog can be configured on roles or by business people. You don't need to know the technology at all to configure that, so this is the product's biggest advantage as well as its strongest feature. One Identity Manager is also business-oriented and IAM administrator-oriented.

A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement.

I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager.

Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager.

I've been using One Identity Manager since 2008.

One Identity Manager is a very stable product. Because the product is Microsoft-based, it all depends on how good your Microsoft database administrator is. One Identity Manager is a product that sits completely in the database, so if your database cluster is administered right, you'll be fine.

Scaling up One Identity Manager is extremely easy.

I've contacted the technical support team for One Identity Manager, and the team was very helpful and very knowledgeable.

We previously used different solutions, particularly SailPoint and Saviynt. We compared those with One Identity Manager and we found out that among those three solutions, One Identity Manager has the best feature from a business management standpoint and from an identity standpoint, plus we're a Microsoft shop and One Identity Manager being a Microsoft based product also makes a big difference, especially as the solution has a natural integration with Active Directory and many other tools provided by Microsoft.

In terms of how easy it is to set up One Identity Manager, it depends on who you're talking to. For me, the initial setup is extremely easy and very self-explanatory, but I'm someone who has twenty years of experience.

How long the deployment of One Identity Manager takes would depend on your scope. The average deployment is between three to six months.

I've seen ROI from One Identity Manager.

The licensing for One Identity Manager is per user, per carbon life, specifically, it's per people, and not a per-identity licensing model. For example, if I have two hundred people, or if I have someone with several identities, I'm only paying for it once. I don't remember the exact cost of One Identity Manager because I wasn't the one who paid for the license.

We evaluated SailPoint and Saviynt apart from One Identity Manager.

I don't remember the exact version of One Identity Manager I'm using, but it's the latest supported version.

Everybody uses One Identity Manager in my company because everybody's making requests, but the average number of users of the product is between thirty thousand to forty thousand.

My advice for anyone who's interested to use One Identity Manager is to find a good partner who can help you go through the product because no matter what product you buy, you need someone who can guide you. You should also have dedicated people who can learn and administer the product from the get go, not just when it's live or in production, but from the time of installation and implementation, because One Identity Manager is a great product and you need to watch how it's configured. Unlike in SailPoint and Saviynt where there's a lot of code involved, One Identity Manager is a product that has a configuration you can still understand when you're sitting next to somebody configuring it, so it's best to start learning the product from day one. You should also take notes and write documentation about what you've learned and what you did, even if you found it easy to configure, so many different people can do configurations in your place, and for you to also keep track of the versions and who did what, what this particular workflow does, and what this configuration does because if you're not doing the configuration all the time, you're going to get lost on it without documentation that you can reference and follow.

I'd never give a solution a rating of ten out of ten because the perfect solution doesn't exist. I'd be rating One Identity Manager a nine, and the reason for this rating is that if you think about implementing any identity governance tool,  the biggest amount of money you spend is not on technology, and the biggest amount of time you spend is when you're talking to businesses to understand processes, then translate those into the actual implementation. That would take up the most time in terms of processes. One Identity Manager helps you make it shorter because people in business can, instead of describing what's going on, if you train people right and let them go into the product and configure it because there's no technology involved, you can save yourself plenty of time responsibility-wise and access-wise, and this is what makes One Identity Manager a nine out of ten for me.

My company is a customer and partner of One Identity Manager. I'm a consultant for companies that have the solution. I'm also a partner who installs and offers consulting around One Identity Manager along with other products. I'm also a partner of Saviynt, SailPoint, and Microfocus. I also have experience with Oracle and Fisher.

We are a company in the health sector, with about 50,000 employees from six different health organizations. We use the solution to help automate all the processes around hiring and firing. We have automated as many processes as possible around user accounts and mailboxes, and file and folder administration. And with the IT Shop, customers can request permissions themselves.

Back in 2014, it took us six workdays to get an employee what they needed to do their work. The creation of the user accounts required two days, and the creation of the user mailbox and the assignment of permissions took another four days. Now, we get data from HR when a new hire begins and we have the user account, mailbox, and default permissions for the organization available approximately two hours later.

The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.

It has helped to simplify compliance. We are subject to compliance rules. Using the solution, a manager has the ability to check out which permissions an employee has and to make changes to the permissions.

We have also integrated One Identity with SAP. Every one of our customers uses SAP and we have the synchronization agent for SAP in different landscapes. The integration process between One Identity and SAP is simple. We don't have to do many steps to integrate SAP landscapes. We just have to start a new synchronization process and that's fine. The SAP integration gives us the ability to make rules for SAP accounts and SAP role assignments. And what is very impressive is the way it handles role assignments. We have more than 2 million role assignments for just one of our customer's employees.

Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions.

The solution is also very flexible. We can adjust all the standard processes that One Identity comes with and we can create new processes. We can always change whatever we need to change.

The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.

I have been using One Identity Manager since 2013. I was formerly a consultant for Quest, beginning in 1998.

We don't have any problem with the stability of the solution. We have problems with the stability of our own processes and the systems that are behind One Identity.

We have 50,000 employees. That speaks for itself regarding the scalability.

One Identity support has been fine. We always have good, professional feedback and solutions, and the communication has always been okay.

Positive

As an organization, we started the deployment with one of our customers in 2010 and completed deployment for all of our customers in 2016. Every system requires different processes and knowledge. We were able to set up some things in a really short time. Others took more time because we needed to learn the system and how it works.

We are a team of four employees who design and customize the whole system. Our company has 80 support engineers on the help desk, and on our customers' sites there are between four and 10 employees who have read-only access for the One Identity system.

We have worked with One Identity and with their partners, including IPG and Devoteam. In 2014, we worked with One Identity in our environment to deploy the IT Shop.

APG provided training for me and my colleagues. It went very well. We were stronger in our skills after the training and it was done very professionally. They also helped us customize the solution for our particular needs, the first time. Now, we understand things and we can customize the system on our own. Their assistance, along with Devoteam, in customizing things was very helpful. They customized the whole system and we learned from them.

We have seen ROI due to the better performance we now have in getting employees working. That is very valuable. In addition, we have the self-service via the web interface. That helps with return on investment because every call to our help desk has to be paid for by our customers, but with the web interface they can do things on their own.

It's not cheap, but the pricing is okay. Other applications cost about the same.

Take your time in deploying the system and know the processes you want to support with it. Knowledge of the processes you want to support is the main thing.

One Identity Manager is a central identity provider and authorization provider, and I've been using it for multiple customers who use it as a central identity provider.

In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager.

The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager.

What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself.

I've been working with One Identity Manager and its predecessor Quest since 2014.

One Identity Manager is a stable solution, although like any vendor bugs occur. It is frustrating there's no bug tracker available of known issues. It would be very helpful to know what bugs are currently acknowledged to prevent continuity issues and wasted troubleshooting time. 

In terms of the scalability of One Identity Manager, I mostly had experience with companies that had five to ten thousand identities in place, and now, I've been working with a setup in a larger enterprise environment with tens of thousands of users, and my impression is that everything is going much slower than what I was used to on the smaller scale, but I'm not completely familiar how it was set up. I know too little about the setup to judge the scalability of One Identity Manager.

I've contacted the technical support team for One Identity Manager multiple times. Sometimes support is excellent, and sometimes, it's just okay. Support asks for a lot of information that's not always necessary.

Neutral

Installing One Identity Manager nowadays is getting more and more straightforward, but in terms of configuration and setup, that's complex.

The time it takes to deploy the solution would depend on the organization. I've been involved in multiple projects and there were projects where One Identity Manager was deployed faster than others, so deployment time would depend a bit on the complexity of the organization and internal processes, but in theory, you could set it up within a week. Mostly it would take companies months to get the solution up and running.

I'm aware there's a license cost for One Identity Manager, but I'm not part of the team who handles licensing, so I'm unable to give pricing information.

I'm a freelancer, so I work for multiple customers and I work for three customers that are using One Identity Manager, so I can't give the exact number of users, but big teams use it.

I'm using One Identity Manager because it's what my customers selected.

My advice to anyone looking into using One Identity Manager is to start playing around on the virtual setup to get familiar with it, in particular, make a small domain, set some target systems up, and get familiar with the setup.

I would rate One Identity Manager eight out of ten because it's very stable and very customizable. For the last two years, the solution has improved and cut back on technical depth, and it can stand on its own two feet, but there's still space to improve. Overall, One Identity Manager is one of the best in the market.

I'm an identity and access management consultant, so I'm not a partner or a reseller of One Identity Manager.

We used One Identity Management for 15,000 employees of a financial services firm. In addition to the IM functionality, we leveraged One ID for Identity Governance - including access certifications.

We had automated provisioning of users based on HR data. This automatically created 4-5 base accounts and birthright access for users. In addition to that, we leveraged the IT shop to request roles for users which, for the most part, automatically provisioned access to users.

In addition to this, we used the Attestation features of the product to aid in our User Access Reviews.

There were significant productivity benefits over our previous platform with the increased automation which took the process of onboarding staff down from days to minutes. It allowed user self-service for additional access. The approval process was tracked and auditable.

It also improved our security controls with tighter de-provisioning, where we would automatically terminate a user's access when they left the company. In addition, regular user access certification campaigns were undertaken to review staff access and to ensure staff only had the access required to perform their role.

As the team supporting the platform, one of the key features One Identity Manager has that was very valuable was the administration interface which allowed a quick easy overview of staff, their entitlements, and how they had were entitled to access.

Centralizing identity management allowed for a centralized governance model. 

The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be. 

The blessing and curse with One Identity Manager was its flexibility and the ability to solve business problems in a number of ways. We fell into that trap of over-customization which made upgrading the product difficult. An improvement would be to offer guides on how you should set up a base configuration. There should also be integration guides to key systems like Active Directory.

In addition to that, we had some slowness with the IT shop when we had significant amounts of data, users, etc., in the system and there were some slow database queries that needed to be optimized and patched. This caused some slowness when running Attestation campaigns. 

I used the solution for over 6 years.

Overall, the tool was stable. Our issues were mostly around customizations and bad data.

The tool is scalable and can include a number of the usual infrastructure scalability options.

Technical support was good, for the most part, especially when the local support team understood our level of expertise. If we were raising a problem it was a real problem and we were put through to the level 3 support quickly.

We had a previous Identity Management Solution and we swapped it out as the old solution had little investment in its user interface and we needed a better interface for our users to be able to self-service effectively.

It was a complex setup process, however, it was the first time it was done in the country 7 years ago. Getting the product installed was straightforward. It would be important to follow a proper SDLC with requirements being a key initial piece of the puzzle to help you maintain costs.

We used a mix of vendor and in-house resources on the project. Like the in-house resources, the vendor at the time had no prior knowledge of the tool so it was a learning journey for both sets of resources.

When we started the journey 7+ years ago, there was a limited skill set in the market, and that is still the case today. 

Like all Identity Management projects, setting firm requirements upfront is important to maintain costs.

We did evaluate other options, however, I wasn't involved in that process.

Look to limit customizations where you can; it can be easier to customize the tool in the short term, however, it can result in significant technical debt and effort in the future.

We use the solution for creating and completing enhancements and other features. Personally, I have experience working as a .NET developer and working with the SQL server database. When I joined Wipro, I worked mainly with One Identity Manager tool as a developer. In addition, I do web design and object browsers, job queues, and use other tools.

The best feature is the security of the solution. 

The solution can be improved from a front-end point of view. It slows the portal down. The tool is too customized in our organization, and we face many challenges with the portal. We were able to make some improvements performance-wise to the portal slowness. It is particularly slow if you are using it in a large organization.

We have been using this solution for more than two years. We are currently using version eight, which is deployed in cloud.

This solution is stable when we are using all its features. However, when we customize the solution, it becomes difficult to use.

This solution is scalable.

When we cannot resolve issues with the tool, the technical support team assists us by proposing solutions based on the tool requirements. They consistently respond to us and help us resolve any issues we encounter while using the tool. I rate the technical support a ten out of ten. 

Positive

The initial setup process was easy. However, it took between 30 to 60 minutes to deploy the solution. 

One Identity Manager is very efficient for a limited amount of users. It is easy to use and handle. The license price is based on user capacity. However, I cannot speak about the exact costs.

Our company takes on projects for different types of clients, so we chose this solution because our clients had this solution implemented. Therefore, selecting this option made managing things more efficient.

I rate this solution a six out of ten.