IT Central Station is now PeerSpot: Here's why
Buyer's Guide
User Provisioning Software
July 2022
Get our free report covering CyberArk, Saviynt, Okta, and other competitors of SailPoint IdentityIQ. Updated: July 2022.
620,068 professionals have used our research since 2012.

Read reviews of SailPoint IdentityIQ alternatives and competitors

Søren Tams - PeerSpot reviewer
Senior Consultant at Københavns Kommune
Consultant
Top 20
Reduces the number of manual tasks and helpdesk tickets, but it is not easy to operate and maintain
Pros and Cons
  • "The identity lifecycle support is definitely valuable because we are a complex organization, and there is a lot of onboarding, movement, and offboarding in our organization. We have 31,000 users, and there are a lot of users who are constantly onboarding, offboarding, and moving. So, we need to make sure that these activities are supported. In old times, we used to do everything manually. Everyone was onboarded, offboarded, or moved manually. So, from a business point of view and an economics point of view, identity lifecycle is most valuable. From a security point of view, access review is the most important feature for us."
  • "One thing that we are not so happy about is the user interface. It is a bit dated. I know that they are working on that, but the user interface is quite dated. Currently, it is a little bit difficult to customize the user interface to the need of the business, which is a little bit disappointing. It needs it to be a little bit easier to operate, and it should have a better user interface."

What is our primary use case?

The primary use cases are identity lifecycle, provisioning, and authorizations to our IT infrastructure. We use it for provisioning to our SAP platform. We also need it to make a survey of the IT authorizations. We need to make sure that our managers can review the authorizations of the employees in our company. 

We have a couple of secondary use cases as well, such as segregation of duties on provisionings to make sure that we have correct approval flows for authorizations. 

How has it helped my organization?

The automatic provisioning of a lot of authorizations has definitely lightened the load on the manual part of authorization management. It has not directly caused savings in our operations, but our administrators have seen a dip in the number of manual tasks they had to do. So, that's a direct business value for us from the platform.

It has helped in reducing the number of helpdesk tickets and requests by at least 30%.

What is most valuable?

The identity lifecycle support is definitely valuable because we are a complex organization, and there is a lot of onboarding, movement, and offboarding in our organization. We have 31,000 users, and there are a lot of users who are constantly onboarding, offboarding, and moving. So, we need to make sure that these activities are supported. In old times, we used to do everything manually. Everyone was onboarded, offboarded, or moved manually. So, from a business point of view and an economics point of view, identity lifecycle is most valuable. From a security point of view, access review is the most important feature for us.

Our internal customers are quite happy with the product, and we receive a lot of positive feedback. Its identity-governance and administration features are very broad. It can support a lot of use cases. I don't think we use a broad part of the product, but it is a very broad platform that can be used for a lot of different things.

It provides a lot of flexibility for our security operations. We can combine the security operations of the product with other security operations, such as logging, surveillance of our infrastructures, and things like that. I sit in the security office primarily, and identity governance is a part of our operations in security. So, it provides a lot of flexibility for a lot of different use cases.

What needs improvement?

Error handling can be improved. From an on-premise perspective, internal support can be improved. It is quite a technical and difficult application to maintain. A very specialized skill set is required to operate and maintain it, which is the most difficult part. The process to upgrade versions is also quite tricky.

One thing that we are not so happy about is the user interface. It is a bit dated. I know that they are working on that, but the user interface is quite dated. Currently, it is a little bit difficult to customize the user interface to the need of the business, which is a little bit disappointing. It needs it to be a little bit easier to operate, and it should have a better user interface.

Their technical support is good, but there is room for improvement. It is not an easy product to support. They helped us set it up a little bit, but it gets difficult for them to handle more complex problems.

For how long have I used the solution?

I have been using this solution for the last year.

What do I think about the stability of the solution?

The product itself is quite stable. The problem is that it is quite complex with all the integrations, which is applicable to all IGA solutions. There is a lot of need for surveillance on the solution itself, but it is not because of the solution itself. It is because of all the integrations. So, the solution itself is quite stable, but the integrations make it quite vulnerable to all kinds of stuff.

What do I think about the scalability of the solution?

It seems quite scalable in terms of performance and in terms of the ability to scale itself.

How are customer service and technical support?

Their technical support is good, but there is room for improvement. One problem that we have discussed with Omada several times is their handling of a customer-specific problem and a solution-specific problem. The coordination between their technical support and their backend developers can be better. It becomes an issue when a problem is more complex. It is not an easy product to support. They helped us set it up a little bit, but it gets difficult for them to handle more complex problems.

Which solution did I use previously and why did I switch?

It was an internally developed solution. We switched to Omada because our previous solution didn't support governance. It was only for ordering new authorizations, and the level of automation was limited.

How was the initial setup?

It was a complex process in terms of technicality and the amount of effort needed for setting it up from Omada's point of view.

We started in August 2018, and we finally deployed the solution and were ready for production in June 2020. So, it took 18 months.

We had to deploy or onboard a part of our infrastructure at once. We onboarded a couple of applications and our SAP solution on day one. Omada would probably call it the big bang, but it was definitely not the big bang. We deployed a lot of functionalities at once, but it was a very limited part of our total application portfolio that we deployed with Omada. It is not yet done. The first one and a half or two years will go into implementing the rest of our application portfolio in the solution.

What about the implementation team?

We used Omada itself as an implementation partner. The consultants themselves were quite adept at handling the product. From a technical standpoint, they were definitely above average. From a project management point of view, we would have liked to see some improvements. This is from the perspective of a very large customer. The problem for us was handling an organization of our size. If I have to choose again, instead of Omada, I would choose an implementation partner who is more used to handling large enterprises. That was definitely a pain point for us.

It is quite a technical and difficult application to maintain. It is a standard solution, but some parts of the solution make it difficult to upgrade and maintain the solution. A very specialized skill set is required to operate and maintain it. You should either pay Omada or another consultancy firm to maintain the solution, or you should have internal resources for maintaining the solution. 

We have around 10 people who are directly involved in its maintenance. They are on the business side, such as for onboarding new applications, front-end problem-solving, and incident-handling, as well as on the operations side, such as for ensuring data validation, handling integrations, and things like that. 

What was our ROI?

It is very difficult to say at this point. We are a municipal organization, and we do not, as such, do a very systematic review on the return on investment. I would say we have seen a positive ROI, but I'm not sure.

It is also very difficult to say whether it has reduced the total cost of ownership. My gut feeling is that it has, but we have not made a precise estimate of what economic impact it has had on us.

Our business is regulated and subject to audit fines, but again, it is too difficult to estimate whether it has reduced the number of audit fines we have received. It is too early to estimate that, but I would guess it has.

What's my experience with pricing, setup cost, and licensing?

From an on-prem point of view, the cost is quite transparent and reasonable. The direct cost is primarily for licenses and maintenance on licenses.

Which other solutions did I evaluate?

We evaluated other solutions. I don't remember them all. We did a market analysis where we considered SailPoint. We definitely reached out to Microsoft as well but not for their identity solution as such. We reached out to them for their future solutions in this environment.

We only did a market analysis. Being in the public sector, we have a very strictly EU-regulated process for procurement. So, it is quite difficult to do a look-and-feel kind of selection of tools.

I was not directly involved in the market analysis. As far as I know, our tender showed that from a technical standpoint, all evaluated solutions were comparable in functions and features for our intent and purpose. They were not identical, but they were comparable in functions and features.

What other advice do I have?

Any business interested in using this product needs to make sure that they are ready to either pay Omada or another consultancy firm to maintain the solution, or they should have the internal resources for maintaining the solution. It is quite a difficult solution in terms of maintenance.

It is very important to make sure that the master data is correct and is controlled by processes rather than humans. This is very important. We thought that we had a very good understanding of our master data, and it was mostly supported by processes and not by people, but we certainly were caught a bit by some of the things. So, having control over your master data is the most important thing. 

If you are a reasonable-sized organization, you should be very careful and make sure that the implementation partner has the correct implementation model that suits your need. You need to make sure that you have the correct support, or the means to find the correct support, for the application itself when you go live. These are definitely the three most important things.

I would rate Omada Identity a seven out of 10. There is definitely room for improvement, but it is not a bad product. It is a good product, and seven, in my book, is for a good product. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Srivalli Sristla - PeerSpot reviewer
IAM Engineering Manager at a construction company with 10,001+ employees
Real User
Comes with a lot of out-of-the-box features
Pros and Cons
  • "We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%."
  • "Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions."

What is our primary use case?

We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.

How has it helped my organization?

We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.

One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.

What is most valuable?

One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.

I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.

As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.

What needs improvement?

In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.

One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.

If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.

It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.

For how long have I used the solution?

I have used it for five and a half years.

What do I think about the stability of the solution?

We haven't had any stability issues.

What do I think about the scalability of the solution?

So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.

We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role. 

How are customer service and support?

We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues. 

Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.

Which solution did I use previously and why did I switch?

Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.

Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.

How was the initial setup?

The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.

The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.

We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.

What about the implementation team?

Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.

It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.

We have had pretty good people on our team so far:

  • For deployment, one or two people were needed. 
  • For maintenance, our team is very small. We have two or two and a half people at all times. 

Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.

What's my experience with pricing, setup cost, and licensing?

We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.

Unless you are buying a new connector, you won't need to shell out more money for the solution.

Which other solutions did I evaluate?

My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.

The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.

There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.

What other advice do I have?

This solution should be considered by companies (based on their needs).

The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.

The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.

We connected SAP through a database.

We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.

I would rate this solution as eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Identity and Access Management Specialist at a non-tech company with 10,001+ employees
Real User
Top 10
The way the tool is introduced to the user lacks industry standards and better learning resources
Pros and Cons
  • "The dedicated Freshdesk platform is a user community and a step in the right direction for offering learning resources."
  • "Saviynt has a lot of potential with many features available for users."
  • "The product lacks a broad user base which makes it difficult sometimes to find answers to questions about the product."
  • "The company needs to do more to establish standard practices within the product itself that are common in the industry."

What is our primary use case?

We are using Saviynt for a wide range of things. That includes attestation, SoD (Segregation of Duty), analytics, requestee, ARS (Access Request System) platform, role entitlement, but other features as well. We are planning to pretty much use the full suite of tools.  

What needs improvement?

As one of the leading IGA (Identity Governance & Administration) products and because of how I see this is the tool, I have to wonder how a client can fully maximize the capabilities of Saviynt. Surely the client needs to understand the tool to some extent. I think it is important that Saviynt services agents help to empower their clients to use their tools in a better way that is not being promoted at this time.  

One thing — and it could be just a problem in the APEC area — it that there is a lack of resources for independent learning. I have to spend quite a bit of time in the Freshdesk area to study in order to understand a feature, what other people are saying about it, et cetera. I find that I can not really get to understand the features that I am exploring quickly enough and in enough depth. The company I am working for is doing a project with Saviynt. My role is project/BAU (Business as Usual). Once everything is deployed in a proper way, I will be the person running it as a BAU resource.  

For an example of the learning that is absent, one thing I wonder about is the campaign module. Part of a campaign is to determine a risk score. The risk score is to be determined by the role as far as the entitlement for that role. I was hoping to have some kind of Saviynt-as-a-Service provide best practice governance where they could advise the client on how the risk score can be implemented in the tool. It is not obvious, and they do not provide that guidance.  

A tool like this can work for the client only if they have that standard governance in place. If not, they will not be able to leverage the experts in the field while working with so many clients. Saviynt has to work for their clients and so does the competition, like SailPoint. These users have different tools to do similar things and they will have a lot of exposure to different use cases. But still, there will be some common ground that should be addressed as standards. Some of those governance questions become very important in order to stay within an expected standard. If Saviynt can provide a framework for working with these standards with their tool, I think that would be quite helpful.  

Because different people are working together with clients in a company and using different tools, when we are in that situation, people using different tools have to speak the same language. Assuring that product users follow some best practice recommendations can help with that. In turn, we can uplift our standards and policies and strategies to align better with other people doing IGA.  

It is not really the tool itself, but the way it is introduced to the user or used by the user that is my issue with the product.  

For how long have I used the solution?

We have been using Saviynt since May of 2020. So that is for about four months.  

What other advice do I have?

The advice I might give to someone who is new to Saviynt is to be aware of Freshdesk. It is the community area for Saviynt users. It is good to have that community as there will be people wondering about the same questions and it makes it easier to find out the answer.  

One thing I noticed about other popular products like SAP or Microsoft Azure, is that when there is a large user-base you can Google a question and most likely you will find the answer somewhere. Saviynt's profile and usage is still expanding. It is not always so easy that you can just Google a question to find your answer. Freshdesk can provide a way to fill that gap.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate my experience with Saviynt so far as maybe only a four-out-of-ten. This is my personal ranking from what I have experienced with the product. Be mindful that the rating reflects that I am in the process of discovering the tool. For example, one of the key selling points of Saviynt is the SoD module, which we have not deployed yet. I can only provide feedback on what I know to date. I think SoD is going to be a really important feature and I look forward to when it will be deployed in our environment. At that stage the rating may change.  

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Technical Project Manager at a computer software company with 5,001-10,000 employees
Real User
Top 20Leaderboard
Provides good out-of-the-box connectors, but customization is not easy to do
Pros and Cons
  • "The most valuable feature is the set of out-of-the-box connectors."
  • "The cost of this product needs to be reduced."

What is our primary use case?

We are a solution provider and we help customers migrate to different platforms integrated with multi-factor authentication.

This product is used for the provisioning of devices that are used for different applications and users inside the enterprise.

What is most valuable?

This solution offers multiple features that are valuable. 

The most valuable feature is the set of out-of-the-box connectors. The connectors can be customized, and we do make use of several custom ones.

What needs improvement?

The cost of this product needs to be reduced. There are other modern IAM solutions that are available at a better price, and the use cases are very easy. It is cloud-based and it caters to the needs of an enterprise. For example, there are some features that we do not use, yet we still pay for them. In the past, there was no choice, but many options are now offered. 

Customization is not easy to do. For example, additional reports or modules are difficult to create in a timely manner.

We would like to see more support for public cloud services. 

For how long have I used the solution?

We have been using this solution for approximately five years.

What do I think about the stability of the solution?

This is a stable product.

What do I think about the scalability of the solution?

There is no doubt that this product scales well. It is a well-established product for enterprise users. One of our customers has an employee base of almost 30,000 people.

How are customer service and technical support?

Technical support differs depending on the region. We have found that the turnaround time can be high, depending on what regional support we are dealing with. 

Which solution did I use previously and why did I switch?

I have experience with several similar solutions, including Centrify.

We are currently exploring SailPoint and Saviynt and although no decision has been made as of yet, we might move to another platform.

In the past, I also worked with SiteMinder, but it did not have this level of depth.

How was the initial setup?

The initial setup is complex and for a larger, enterprise-level customer, it becomes very complex.

What's my experience with pricing, setup cost, and licensing?

The cost of support and upgrading to the next release are both expensive. We have an annual maintenance contract.

What other advice do I have?

The suitability of this product depends on the organizational budget and plan, which includes the roadmap to having an IAM solution.

In summary, they are not great, but not poor either. My biggest complaint is about the costs.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Manager at a consultancy with 1,001-5,000 employees
Consultant
Easy data collection tool that lacks many features and customization options
Pros and Cons
  • "The data collection is excellent and easy to do. It does not require a lot of configuration nor does it require rules to be written like other competitors do."
  • "This product is missing a lot of features which other competitors are providing. One of the key features that are missing right now is risk scoring. Additionally, there is not much scope for customization - everything is hard-coded and predefined, so it does not allow the developers to make many modifications."

What is our primary use case?

I use this solution for joiners/movers/leavers along with the add-back, role-based access control, and certification.

What is most valuable?

The data collection is excellent and easy to do. It does not require a lot of configuration nor does it require rules to be written like other competitors do.

What needs improvement?

This product is missing a lot of features which other competitors are providing. One of the key features that are missing right now is risk scoring. Additionally, there is not much scope for customization - everything is hard-coded and predefined, so it does not allow the developers to make many modifications.

What do I think about the stability of the solution?

I think the solution is stable for the most part with occasional performance issues. In my opinion, it is not meant for larger companies.

What do I think about the scalability of the solution?

The solution is quite easy to scale.

How are customer service and support?

I was working on a very critical project involving cluster deployment and needed RSA technical support to help us configure the cluster in our environment for on-premise. They assigned two engineers. One was not available until the last moment even though we contacted them nearly one month in advance. For that whole month, we were not told what we needed for the update, then just one day before the actual upgrade, they came out and said that they require physical access, a CD to be inserted in the data center, etc.  Our project ended up being delayed as a result.

The other engineer, in the middle of the upgrade, told us he was not sure what kind of architecture we were using. Support needs to improve their communication and efficiency as a whole.

How was the initial setup?

Setup is straightforward and takes a team of roughly five members three to four months to complete depending on the size of the environment.

Which other solutions did I evaluate?

Competitors include SailPoint, CyberArk, 300, and Clarity.

What other advice do I have?

It is important to note that this solution runs on Oracle database only. So, even if your organization already has a database, they will still need to purchase another one. This also would require them to get a separate team of Oracle experts.

Additionally, there is no automatic load or failback process.

Overall this solution is best for a customer without many advanced tools within their environment who do not require integration with identify management. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
User Provisioning Software
July 2022
Get our free report covering CyberArk, Saviynt, Okta, and other competitors of SailPoint IdentityIQ. Updated: July 2022.
620,068 professionals have used our research since 2012.