2017-05-17T23:59:00Z
it_user667554 - PeerSpot reviewer
IAM Technical Specialist at a consultancy with 10,001+ employees
  • 1
  • 41

Which one is best: Quest One Identity Manager or Forgerock Identity Management

We are looking at analyzing both products, from the points of:

1. Configuraitons

2. Customization

3. Support

4. Various client implementations

Can you advice or suggest your opinion?

1
PeerSpot user
1 Answer
it_user585720 - PeerSpot reviewer
Senior Identity and Access Management Specialist at Tieto
MSP
2017-09-04T11:53:32Z
Sep 4, 2017

While I can't comment on Forgerock Identity Management, I can still share my two cents on 1IM based on my experience with it for the past few years:

1. Configurations - Mostly wizard based configurations, so it's not to complex in that sense. Configuration options are also plenty. Good out of box connector support for AD, SAP, LDAP etc.

2. Customization - Process orchestration is fairly flexible and allows for creation of custom processes that can invoke various actions. Scripts written within 1IM are in VB.NET.

3. Support - Average support experience so far. In some cases, we get prompt and thorough responses with good follow ups, whereas, sometimes the experience is quite the opposite. Some escalation engineers are very knowledgeable and it can be a really great experience troubleshooting with them.

4. Client implementations - Till now, I have been involved in 3-4 implementations. All of them had varying levels of complexity. While the product allows for a lot of customizations, from personal experience, I would say that it is always a better practice to promote out of box functionalities first even if they require some process changes. Customizations can often get out of hand very quickly and with constant revisions/upgrades happening to the tool, it may be so that customizations don't migrate that well when upgrading. Like the v6 to v7 was a major product upgrade and a lot of v6 customizations did not port over as expected.

Apart from that, I also have a few very specific complaints with the product:

- The DB queue behaves very inconsistently. Recently that caused a lot of grief in one of the implementations we were doing. The DB queue just gets stuck and doesn't process tasks and it has to be "pushed" manually. This happened in the Development environment so it wasn't the end of the world for us, but it was a major inconvenience nevertheless.

- v7 introduced the concept of Extensions on the Web designer (it allowed for re-usability of certain elements within a module/component without the need of copying entire module/component). While I appreciated the idea at first, in practice it did not perform that well. It may just be me, but it was just a convoluted implementation which made the already cumbersome Web designer tool even more confusing.

- Database Transporter issues - Transporting changes across environments can cause problems. Using change labels can sometimes lead to errors and can be a bit frustrating. As a practice, it's better to document changes stored within labels from the very beginning and store all transport files in a shared folder for hassle free migrations. Different kind of changes done (Designer changes, WebDesigner Changes, Sync Editor changes, Schema changes etc) all have different best practices and ways of transporting and it's better to know about that from the beginning.

- Synchronization editor issues - v7 introduced the Sync. editor which is a great tool no doubt, but it doesn't feel robust. I have faced several issues using CSV connectors. Changes made to the schema of the CSV are often not synced up to 1IM even after "Updating Schema" on 1IM end. This can cause the definition of the connector to remain outdated. In some cases, I had to reconfigure the connector from scratch, which in itself is pretty easy to do but it can certainly cause inconvenience.

- Cache issues - Like many tools, 1IM also caches a lot of information and makes use of that for faster processing. While that is okay most of the times, it can be very irritating when the tools keep using cached information even after changes have been made, committed and compiled. Often times, a manual cache deletion becomes necessary, otherwise the changes are never actually "picked" up by 1IM.

Having said that, I still feel the tool is great and is certainly working towards great innovations in the IDM sphere. The GUI is very clean and informative and gives a great visual representation of objects, especially the 360-degree person view which shows person object connected to roles, departments/locations/cost centers, any connector accounts, any compliance violations etc. The tool offers some good reporting capabilities out of the box. A nice IT shop structure with a shopping cart based request/order flow. Robust out of box connectors for AD and SAP that are quite easy to set up. In all of the implementations, there have rarely been any cases where there was a requirement that 1IM couldn't implement.

Find out what your peers are saying about ForgeRock vs. One Identity Manager and other solutions. Updated: November 2022.
657,849 professionals have used our research since 2012.
Product comparison that may be of interest to you
Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Nov 6, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 11 answers
Srivalli Sristla - PeerSpot reviewer
IAM Engineering Manager at a construction company with 10,001+ employees
Aug 31, 2021
We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.
Matt Thomson - PeerSpot reviewer
Principal Consultant at UNIFY Solutions
Sep 6, 2021
We used One Identity Management for 15,000 employees of a financial services firm. In addition to the IM functionality, we leveraged One ID for Identity Governance - including access certifications. We had automated provisioning of users based on HR data. This automatically created 4-5 base accounts and birthright access for users. In addition to that, we leveraged the IT shop to request roles for users which, for the most part, automatically provisioned access to users. In addition to this, we used the Attestation features of the product to aid in our User Access Reviews.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Nov 6, 2022
Hi Everyone, What do you like most about One Identity Manager? Thanks for sharing your thoughts with the community!
2 out of 11 answers
Srivalli Sristla - PeerSpot reviewer
IAM Engineering Manager at a construction company with 10,001+ employees
Aug 31, 2021
We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.
Matt Thomson - PeerSpot reviewer
Principal Consultant at UNIFY Solutions
Sep 6, 2021
The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be.
Product Comparisons
Related Categories
Download Free Report
Download our FREE report comparing ForgeRock and One Identity Manager based on reviews, features, and more! Updated: November 2022.
DOWNLOAD NOW
657,849 professionals have used our research since 2012.