One Identity Manager Reviews

We're a consulting company and provide professional services. If the customer has the solution, we end up using it. 

It offers really powerful processes. For example, when a person is joining a company, or changing teams, or leaving, it's easy to create a management flow for the onboarding or offboarding process. It helps manage all of the accounts a person might need to have access to. It integrates with several platforms and has specific connectors that make it very useful. It works with the majority of applications an enterprise might be using, such as Salesforce or various cloud providers. It also integrates well with SAP. 

It provides a unified view of logically connected solutions. It can connect to accounts related to employee identities under governance. It's probably the main reason a client would use the solution. The entire reason to deploy such a solution would be to have governance over accounts and have access to the life cycle of the account. 

The solution is a single platform for enterprise-level administration and governance of users, data, and privileged accounts. 

It can be fairly easy to customize, depending on a user's particular needs. If you are integrating with some very common solutions, it's pretty straightforward. 

The solution offers various business roles to help map company structure, name, and provision. You can tie permissions to specific roles very effectively. You can implement role-based access control.  

We've used it to extend governance to cloud apps. This is important to us. The common trend is to move to cloud applications. Even local clouds afford the same level of permissions. Having a standardized layer in between definitely helps. 

We immediately noted the benefits of the solution. However, it depends on the type of user. Common enterprise users can get quick results. Those responsible for identity access management or compliance see the results quickly. They'll benefit almost immediately. The normal user, however, may not understand the difference. 

You can use the solution to minimize security gaps and close the gaps between privileged and standard users. 

It can help consolidate procurement and licensing. It can help you understand how many users need access to specific applications to help you get better numbers as to what is needed and not overbuy licenses. 

The solution helps us streamline application access decisions, application compliance, and application auditing. You can get reports. It's nice. It helps with visibility and planning. 

It helps reduce footprints and minimizes access from unrelated teams. 

The user interface can be a bit clunky. It could be more modern. 

Its documentation could be better, especially around complex configurations. 

Support could be better as it is part of the user experience of the product itself.

I've used the solution for the past year. That said, we do not use the solution in my company directly. 

The solution is pretty stable. I haven't experienced any major issues. 

It's a scalable product. You can integrate with many platforms, and it works well with the majority of common enterprise platforms. It's pretty scalable overall. 

I've contacted support in the past. There is premiere and regular support, and I've used both. I work mostly on the client's behalf, which I would reach out to would depend on the client's contract. 

Premiere support has more advanced engineers and is more available to the users.

Normal support could be better in terms of the level of service. They should offer more services during the initial deployment and configuration. 

Neutral

I have used competitors in the past.

One of my colleagues handled the configuration and setup process. I've never experienced a deployment. 

If any maintenance is needed, it will depend on the deployment model. For example, if it is on-prem, it would need a bit more maintenance than if it were deployed on the cloud. There may be access and configuration reviews or integrations with other platforms that may be ongoing on occasion. 

Given the fact that you can save a lot of time and headaches around compliance, it is worth paying for this - if you are an enterprise. SMEs may find the cost high, even though they could benefit from the offering. 

We're One Identity partners. 

I'd rate the solution seven out of ten. 

We use One Identity Manager to control what our users access.

Having a single platform helps streamline operations and connect to multiple systems, centralizing information for improved access and efficiency by eliminating the need for redundant software.

The UI is intuitive and user-friendly, so it doesn't require much training.

One Identity Manager has helped streamline our processes. Now we are all synced and data is not lost between teams.

One Identity Manager provides governance helping minimize the gaps within our test, dev, and production servers.

One Identity Manager provides governance helping minimize the gaps between privileged users and standard users.

One Identity Manager helps streamline application auditing.

The self-service functionality of One Identity Manager is arguably the most valuable feature. It allows us to easily initiate access requests for new hires through a user-friendly interface. This information is automatically sent to HR for review. Similarly, for departing employees, the intuitive interface enables us to import their details and trigger the termination process seamlessly.

I would like to have more advanced features and reporting added to One Identity Manager.

I have been using One Identity Manager for four years.

I have not experienced any stability issues with One Identity Manager.

One Identity Manager is scalable.

I would rate One Identity Manager a seven out of ten.

No maintenance is required on our end.

I recommend that organizations considering One Identity Manager ensure it aligns with their use cases and user base before implementation.

My clients use One Identity Manager to streamline and enhance their identity and access management processes. Whether it is a university simplifying student onboarding, or a global corporation managing employees across multiple branches worldwide, One Identity Manager helps them efficiently onboard, move within the organization, and offboard individuals. 

One Identity has transformed our organization, particularly in streamlining the join, move, and leave processes. It has shifted these from being manual or non-existent to around 80% automation, making a significant and beneficial impact. Clients, especially in large enterprises, have experienced drastic improvements with One Identity.

One Identity Manager has helped minimize governance gaps, particularly in the transition from test to development and production servers. This has significantly streamlined our operations and simplified the delivery of functionality for our customers who utilize One Identity Manager.

One Identity Manager has helped establish a privileged user governance stance, particularly in recommending regular reviews or rotations of privileged accounts. This approach is not only for privileged accounts but also for general usage analysis, ensuring unused accounts are closed, and optimizing licensing. Overall, it contributes to a more robust IT governance framework.

One Identity Manager helps consolidate procurement and licensing processes effectively.

The most valuable features are centralized Identity Management, robust Access Governance, and One Identity Manager workflow automation, simplifying user management and compliance.

In terms of improvement, the web portal for end-users in One Identity Manager has improved but could still see enhancements. The training for admins is crucial, and once you gather the knowledge, it becomes fairly easy. However, documentation could be better, especially for new features. It currently doesn't cover everything comprehensively, making it challenging to navigate some aspects. Improvements in documentation would be beneficial.

I have been working with One Identity Manager for four years.

It is quite a stable product. I would rate the stability as a nine out of ten.

I would rate the scalability of the product as an eight out of ten.

As a partner, we have access to a higher level of support, either gold or platinum. The support experience is generally good, and I would rate it around an eight out of ten.

Positive

Compared to Microsoft, One Identity Manager provides more granular and customizable solutions,  and although it can be used for managing cloud applications and user directories, it's primarily made for managing on premise tenents. The downside of OneIM is the documentation and training. 

The initial deployment of One Identity Manager can be straightforward with the right tools and knowledge, especially if using specific deployment tools. It typically takes around two working days for a basic installation. The solution requires maintenance mainly in the form of periodic upgrades to stay current. Other than upgrades, regular day-to-day maintenance is minimal, focusing on ensuring the application is up and running.

We are consultancy specialising on OneIM implementation. We are experts.

When properly planned and executed,  it should be pretty decent ROI

One Identity Manager is fairly priced, especially for large corporations or enterprises.

We use One Identity Manager for SAP integration, but it has some limitations. Managing logically disconnected SAP accounts can be challenging, and the solution feels somewhat incomplete. As a consultant, there is often a need for additional customization to address the intricacies of SAP integration within the broader One Identity Manager framework.

One Identity Manager connects to SAP accounts for identity governance. However, it is not the primary feature our clients emphasize. While useful, it is not the main driver for most organizations adopting One Identity Manager.

One Identity Manager provides Identity Governance and Administration for challenging aspects of SAP, including key codes, profiles, and rules. In a broader sense, it addresses these complexities within the SAP environment.

One Identity Manager is a solid choice for enterprise-level administration and governance. It effectively handles users, data, and accounts. While not perfect for privileged accounts, its integration with a complementary solution makes it a sophisticated option in the on-premise IGA landscape.

The user experience of One Identity Manager is unique, but it is not straightforward for an outsider. It requires some learning, and the navigation can be challenging without guidance. Overall, it is a complex system that benefits from the expertise of consultancies like ours.

Customizing One Identity Manager depends on your expertise. For experienced users, it is straightforward, but for beginners, especially in the first year, it often requires consulting with senior experts. Customization can be simplified with the right knowledge.

I use the solution's business roles to map the company structure for dynamic application provisioning. The business role functionality is crucial for us and our clients.

We use One Identity Manager to extend governance to cloud apps. It is essential, and I would rate its importance around seven on a scale of one to ten. Many customers, including us, find it valuable even if they don't plan to move entirely to cloud servers.

One Identity Manager helps streamline aspects of application governance, particularly in making application access decisions. The effectiveness largely depends on the implementation by the consultancy. If done correctly, it can greatly enhance application governance.

One Identity Manager has enabled application owners and business managers to make governance decisions without involving IT. If implemented correctly, there is minimal to zero IT involvement, allowing them to approve applications, manage access, and handle licenses directly through the One Identity Manager web UI. This aligns well with achieving an identity-centric zero-trust model.

I would recommend One Identity Manager, especially for large enterprises. However, it is crucial to consult with the customer first to ensure it aligns with their specific needs and requirements. Performing a proof of concept could be beneficial to validate its suitability for their environment. Overall, I would rate the product as an eight out of ten.

We provide IT services for several European clients, so their individual use cases vary. For example, one is a research center in Sweden. 

One Identity Manager helps minimize gaps in governance coverage. The privilege governance feature enables us to close the security gap between privileged users and standard users, positively affecting our overall operations.

One Identity Manager is user-friendly and easy to customize. One Identity's business roles enable me to map company structures for dynamic application provisioning, which is fairly important.

The user interface needs to improve.

I have used One Identity Manager for about five years. 

I rate One Identity technical support six out of 10. 

Neutral

I rate One Identity Manager seven out of 10.

The use case is like any other identity management solution: to provision and de-provision software accounts and entitlements for new hires and terminations, and to update name changes, leaves of absence, and those kinds of business cases. The goal of the tool is to automate processes of updating or modifying user access.

One Identity Manager is going to improve your CIS standards, or any other security framework, because it going to help automate account management and entitlement management. It's going to help organizations run a certification campaign and implement role-based access processes.

It also helps consolidate procurement and licensing. You can configure the tool to track cost-center expenses or licenses of software assigned to users' workstations. Typically, One Identity Manager is not used for that purpose, but it has those capabilities.

Another benefit is that it helps streamline application access decisions, application compliance, and application auditing. You can implement a request process for onboarding of any application, meaning a user can request access to an application and it will follow a workflow approval process and the request can be approved or denied. Once access is granted, One Identity Manager will provide access automatically to the target system. You can also define certification campaigns to recertify access for users. On top of that, you can configure segregation-of-duty rules.

In addition, if the application owner has all the information or the criteria to make a decision—i.e. all these users need access to my application, and all these users don't need access—we can integrate that application within One Identity Manager and enable a request engine process for that application. For example, if a new employee needs access to that application, they need to submit a request for access and the approval process will be directed to the application owner. The application owner can approve or deny access for that person. In that way, the entire decision process belongs to the application owner and not the IT department.

One Identity Manager can also help achieve an identity-centric Zero Trust model. You can configure the tool to identify the different departments, call centers, and locations to give them the minimal permissions necessary to perform a task. Furthermore, if you have critical access or entitlements that need to be recertified, you can run a certification campaign against an Active Directory group or Google group or SIP entitlement to recertify that these entitlements in Active Directory, for example, are assigned to these 20 users. You can then ask someone to certify this critical group and determine if all 20 users are still needed. If the decision-maker denies access to some of those users, the tool can remove the access automatically. It definitely gives you that flexibility.

It helps in managing SAP. There is a connector that you configure with the tool and it helps to provision accounts and assign roles or permissions in SAP. If there is a disconnected SAP application and you want to bring it on board, One Identity Manager gives you the tools to do so.

One Identity Manager connects SAP accounts to employee identities under governance. Although each organization is different, what is typical in some organizations is that it is important for them to meet security compliance regulations like CIS controls. They use the solution to meet those requirements.

In addition, healthcare companies have to be HIPAA compliant. One of the HIPAA rules is related to terminations. They need to make sure that every user or employee who is terminated is denied access within 24 hours. One Identity Manager helps you to implement that kind of case. If we connect One Identity Manager with the human resources system, we can read the employee's end date and automatically disable access for that user in less than 24 hours. In fact, we can disable the employee, once we have connected to Active Directory, in five minutes or less.

One Identity Manager doesn't have a privileged access management model but we can create one. A robust solution is based on the Windows platform. To address this use case you need a SQL Database and Microsoft Internet Information Services. If your organization is a Windows environment, One Identity Manager is a good option for your company.

In terms of the user interface, Quest, the vendor, follows up-to-date web standards for development. Currently, they are moving to implement Angular as a framework to implement end-user UIs. As a result, end-users will see a pretty nice website, a web portal where users can approve requests, submit password changes, or submit new requests. Also, if there is a certification campaign running, the web portal is very user-friendly. The manager can log in and see items that need approval or denial. The current version is designed to support mobile, tablets, and web browsers.

We also make use of One Identity's business roles to map company structures for dynamic application provisioning. That is a very important feature because most companies want to implement role-based access. Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments. For example, if you know all the people in your sales department, you can configure a business role so that anybody who is a new hire in that department will get certain accounts or certain access or certain groups in different applications. Doing that in One Identity Manager is a very simple task and it is very well organized.

The product can also be extended to support any of the SaaS or PaaS applications on the cloud. Nowadays, identity manager solutions are focused more on managing of identities and entitlement access on-premises. But companies are moving to the cloud and it has become very critical for solutions to start handling user accounts and permissions in the cloud. One Identity Manager is specifically a product that is moving in that direction and providing connectors to the cloud. It's a gap that needs to be closed and not many providers are investing in that. I've been implementing One Identity Manager for 12 years and I still haven't seen any other company doing cloud identity management, 100 percent. Hopefully, next year and in the following years, more companies are going to start adopting that technology.

And whenever you implement test, dev, and production servers, it will help minimize gaps in governance coverage among them. Using the solution you can connect and configure users in production, but if you configure dev or test instances, you should absolutely be able to handle ID and governance access for those applications.

End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes.

There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.

I have been implementing the solution for about 12 years.

I don't use the solution as an end-user, I just implement it as a consultant for multiple companies. When a company wants One Identity Manager, I gather requirements, do the design, implement the solution, and train people on how to use it.

The product is very stable and performs well for medium-sized organizations with fewer than 200,000 users. For organizations with over half a million identities, there are some performance issues that have been found in previous versions, issues that affect the end-user experience. For example, if you run an attestation cycle or a request for a deployment with half a million identities, the system becomes a little slow in processing end-user requests to refresh a page, because of the amount of data.

Once you go into production and you have a stable system, you have it for a year or two, as long as there is no major issue that you find in your deployment, something that can be fixed in the next release. Typically, customers have the same version for one or two years before they decide to do an upgrade. Going through an upgrade to the next version means a lot of production testing of your current implementation.

The scalability is very good. You can scale the application job servers or web servers. They are very easy to scale. Once you have identified your gap or your need for scaling in your current deployment, it's just a matter of adding a new server, configuring it, and you're done. It's highly scalable.

The only advantage of their Premier Support is that you have an agent from the vendor assigned to your account, someone you can contact for any kind of product updates or fixes. That person will also tell you, "Hey, the next release is coming and these are the new features, these are the hotfixes." You get the added value that if you open a support ticket with them, your Premier Support agent will try to get a response a little sooner than usual.

Neutral

The deployment is in between easy and difficult. On a scale of one to 10, where 10 is "easy," it's an eight. It's not difficult to implement and use the out-of-the-box functionality. I can have a company running in two weeks, including connecting the tool with Active Directory and creating and updating users.

When a company wants more customization, that is when it starts getting more complicated. But if a company is looking for basic use cases and not too much customization, from the start of gathering requirements, though deployment in production and Active Directory, could take three to four weeks. That is fairly simple.

You have the option of deploying the solution on-premises or in the cloud or using Quest's cloud. The solution requires application or database servers in a web server. You can deploy it on-premises or, if you have Amazon or Azure components, you can deploy the solution there. And Quest, as a company, offers cloud services, where you pay for a One Identity Manager instance with the number of users you need, and they will do the installation and configuration for you, and they will take care of all the technology. You then just need to implement your use cases. So there are three options: On-premises, where the customer handles all the servers, in the cloud, where the customer handles all the servers, or through Identity Manager on Demand, where Quest manages all the infrastructure and servers and the customer just implements the business cases.

The number of people involved in an implementation depends. I have led teams of two people and teams of 20 people. I have implemented the solution for companies with 10,000 users and I have done an implementation for a major company with about half a million identities. For that instance, we had 10 dev servers and 20 people involved, including developers, testers, project managers, et cetera.

At the very least, when the vendor releases hotfixes every three or six months, you will need to do maintenance if there is an issue with your implementation that has been addressed in that release. Typically, customers do upgrades once a year to the next version. But the solution doesn't require a lot of attention.

My advice is to review your business cases and try to use most of the out-of-the-box features of the product, instead of asking a consulting company to customize the solution. Adding customizations will add some burden when you need to upgrade to the next version or make changes. They will increase the chances of failure and your progression and smoke testing. Try to reduce the amount of customization with this tool.

When it comes to customizing One Identity Manager for particular needs, it's like any other tool. When the tool is implemented we try to push customers to use all of the functionality. If there is a need to customize, on a scale of one to ten, where ten is easy, customizing it is a seven.

And as a tool, on its own, it does not create a privileged governance stance to close the security gap between privileged users and standard users. It needs to be integrated with another product. One Identity Manager does the user provisioning, de-provisioning, and access requests and management. But if you want a full integration with a PAM solution, Quest has a different solution called One Identity Safeguard. Safeguard is the solution for privileged access management and can be connected with One Identity Manager. By connecting the two tools, you can keep track of the submission of requests with One Identity Manager and the fulfillment of the requests in the privileged access management tool, which is Safeguard.

In terms of the use case, the traditional use case related to IAM is to synchronize the accounts to the user ID.

Most of the time, we connect it to Active Directory, Azure AD, SAP One, and one or two other systems at the first stage of the project. At the next stage, we start to integrate it with other systems.

My company is an integrator and a partner. I am not the final customer. I deliver solutions to our customers. I also have other solutions in my portfolio, but my strength is Identity Management.

One Identity Manager delivers SAP-specialized workflows and business logic.

It provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts.

The user interface is not a big problem nowadays. About 10 years ago, it could have been a problem, but now, it is easy to do proper localization in Portuguese, Brazilian Portuguese, and Spanish. We have multiple language support. Of course, it is not yet 100%.

When it comes to customization, we need to model the business rules for customers. Every customer has different business rules. For a similar use case, you can have different business rules. I split the ability to model that into two categories. There is the ability to do the parameterization, and there is the ability to do customization with coding, which can have some risks.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers.

It also helps to create a privileged governance stance to close the security gap between privileged users and standard users.

One Identity Manager helps consolidate procurement and licensing. One of the valuable use cases that this solution provides is to take care of the licensing for some of the applications.

One Identity Manager helps streamline the following aspects of application governance: a) application access decisions; b) application compliance; and c) application auditing. We can deliver a use case where when a user requests access, the user may receive a warning that the access being requested conflicts with some other access that the user may already have. We can now model the SOD rules to validate a request when it is made. It is very important to be able to use One Identity Manager to do this kind of validation at the time of the request.

One Identity Manager enables application owners or line-of-business managers to make application governance decisions without IT. We can model that kind of personas, participate in the process, and make some decisions in the workflow process.

One Identity Manager helps to achieve an identity-centric Zero Trust model. That is a very strong use case of One Identity Manager. They claim that they are the only vendor that can deliver the Zero Trust model or Zero Trust architecture for identity, but I do not know if they are the only vendor.

One Identity Manager connects SAP accounts to employee identities under governance. The connector from One Identity for SAP is the most powerful one in the market. This connector can touch all the levels of the objects in SAP. It can not only be connected to SAP ERP but also to SAP HANA, GRC, etc. One of the strengths of One Identity Manager is the SAP connector. You can touch a lot of the SAP environment and also have deep granularity.

It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side. There can be more documented templates where you can take a piece of code and deliver a specific use case. I cannot find that in the documentation. Sometimes, you can go to the community, and sometimes, you have to use their support.

If you implement it properly and finetune it, it is very stable.

I have used their Premier Support. It is called PSO. It is very easy to book an appointment. You can use the calendar to find a slot. You can take half an hour or one hour. Once you are connected, the guy knows it is very important. Based on my experience, they were able to provide the resolution and tell me about the button that I needed to hit and what I needed to do. At that time, I asked them why it was not documented, and the answer from the PSO was that for specific matters, they wanted us to contact PSO. 

I prefer not to involve PSO because the prices are huge. We try to avoid it. When I need to involve PSO, it adds value, but it is very expensive. Whenever I involved PSO, I got the answers I needed within the time in which I needed the answers. I would rate them a ten out of ten.

Premier Support has not been an influence in purchasing additional licenses or products from the vendor.

Positive

I never implemented the SaaS model because of the pricing. My experience is for on-prem.

Its implementation is easy for me, but it is very complex for those who are doing it the first time. It is not straightforward. They do provide documentation, but it is not easy. I usually build my documentation and enable my team. After that, it is easy.

For its implementation, one project manager and two more people are required. One is senior, and the other one is of intermediate experience. Sometimes, developers are also required for customization.

We licensed it from a distributor. In Brazil, it is not possible to directly license One Identity. The distributor's name is ADISTEC. We did not take their help with implementation. We implemented it ourselves. They help me with other solutions but not with One Identity because it is very specific. In Brazil specifically, I do not have resources to help me with implementation. Quest in Brazil has a structure only for commercials. They do help with presale but for implementation, I do not have any kind of help. I usually take the help of the YouTube channel, the official documentation, and the community. We are pretty much doing everything ourselves.

The maintenance usually involves changing the logic, roles, or workflows. After the sign-off for the implementation, I also provide sustainability services where I take care of any problems and also contact the vendor. I also help with the environment and sometimes help implement a new connector if it is easy to implement or is a native connector from an API, for instance. I take care of the sustaining phase issues where we are not installing everything again. We are doing a little bit of parameterization. These services are helpful for revenue and important for our business.

Its price is okay. 

Overall, I would rate One Identity Manager an eight out of ten.

Our primary use case was to onboard certain applications for a customer.

One Identity Manager helps minimize gaps in governance coverage among various servers. If you are trying to do an access review, or want to grant access to someone, these generally require a review process. Those kinds of reviews are done manually if there are no governance tools. This tool makes that process smoother. It sends automatic reminders and will automatically discard a request if someone does not approve it. We can even configure it so that if someone has not approved it five times, it can be auto-approved. It streamlines the whole governance process and reduces a lot of manual activity with automation.

It also helps streamline application governance when it comes to application access decisions, application compliance, and application auditing. Previously, these processes required a lot of manual work, but that work has now been discarded.

Another benefit is that One Identity Manager definitely helps application owners make application governance decisions without IT. It sends regular notifications and anyone can see what is pending on their plate. They can take action on what should be a part of their application and what should not be a part of their application, and make informed decisions.

An outstanding feature of One Identity Manager, compared to SailPoint, is the dashboard where they present everything. With the dashboard, the customer can see how the integrations have happened. It is more presentable than what we have with SailPoint. The user experience is good because everything is exposed on the dashboard. They can tweak it a little bit if they want.

Also, using its business roles to map company structures is fairly easy and good, similar to SailPoint. It is handy. This function is very important because today, most organizations rely on RBAC, role-based access control. If a tool offers identity management capabilities, it must also offer role-based access control. Both One Identity Manager and SailPoint offer good role-based access controls. It's easy to configure and use.

I have used One Identity Manager for S/4HANA from SAP, and that was a very complex integration. S/4HANA has a very complex permission structure, and you cannot find the segregation of duty. That means you cannot do policy violations and policy checks. One Identity Manager does not provide a very flexible way to do segregation of duty based on the permission structure of S/4HANA. Doing so is beautiful in SailPoint, which has a more robust way of doing it.

Also, integration with various applications should be made smoother. It is very difficult right now for regular implementers.

Access reviews are another thing that is not that good in the solution. It needs improvement.

Entitlement management is another area where I have struggled a lot, wherein you try to manage the access of users to various applications. It is not that smooth in the solution.

These last three items need to be improved on a very urgent basis.

I used One Identity Manager for about six months.

On a scale of one to 10, where 10 is the best, if I look at the stability equally across all features, One Identity Manager is an eight and SailPoint is a nine.

The solution is very scalable.

I have not interacted with their support.

Onboarding certain applications for a customer was something that gave us difficulty with SailPoint. And the primary driver for switching was cost. SailPoint was very costly and One Identity Manager was a little bit cheaper.

The user experience is good, but the implementer's experience is not that great. As an administrator, when I'm trying to implement a solution, it is a hectic job.

The time it takes to implement depends on the requirements. If you want, for example, to integrate Active Directory, it will take two to four hours because it is an out-of-the-box application and very common. When it comes to complex applications like SAP, HRM, or ERP solutions, they have complex infrastructures. Integrating such applications takes no less than five to six working days.

The number of people involved is based on how big the project is. If it involves implementing 100 applications, you definitely need a team of 15 to 20 people to complete it within one year. But if you only have to onboard five applications with One Identity Manager from scratch, where you have to install the product, it will take six to seven months. With SailPoint, it takes a little bit less time.

We used the help of One Identity partners because we don't have expertise in One Identity Manager. We are SailPoint experts. They were involved in architecting the whole solution from the beginning as well as in customizing it.

The partners struggled a bit because some of the features are not that flexible in One Identity Manager. The product has all the capabilities required, but it is not that implementer-friendly.

In terms of the training that the partners provided to our customers, I was not present, but the feedback from the customers was that it was okay. They understood things.

Overall, the value provided by One Identity Partners was a seven out of 10.

The price of One Identity Manager is cheaper than SailPoint. When we initially suggested SailPoint to some customers they were surprised at the price, so we then suggested One Identity Manager and they went with that.

In addition to the licensing fees, there are costs for customization if you want to build custom modules.

In addition to SailPoint, I have worked with ForgeRock, Microsoft FIM a long way back, and others.

SailPoint has a lot of advantages as compared to One Identity Manager. First, the installation time is very short, and the process is very smooth. Second, it is an implementer's tool, meaning an implementer enjoys developing applications with SailPoint. SailPoint may not be that user-friendly, but it is very implementer-friendly. Implementation is easier with it. And because it is implementer-friendly, implementers can add value to the product, meaning its capabilities can be enhanced based on customer requirements, which is something that is lacking with One Identity Manager. And compared to SailPoint, One Identity Manager has fewer features.

Most of my customers in the region where I work, The Middle East, prefer on-prem solutions. They don't like the cloud. SailPoint and One Identity Manager both have on-prem solutions, so I am focusing my comparison on them.

I have also worked on cloud-based solutions but they have their challenges.

For enterprise-level administration and governance of users, data, and privileged accounts, One Identity Manager is average. Its privileged account management is lacking in capabilities. You have to integrate it with various other PAM tools and only then can it be used for that.

One problem with almost all identity managers today is that the implementation is based on certain information. After that, if certain big changes happen in the organization, you have to reflect all of those changes in the identity management solutions by doing certain customizations or implementation activities. That takes a good amount of time. That complexity is present in almost all identity managers today. It is not very quick when it comes to making changes.

Regarding Zero Trust, that is a buzzword as well as a big word. One Identity Manager alone cannot achieve an identity-centric Zero Trust model. It has to start at the network level through the identity management level, and we have to integrate it with multiple different solutions. We have not achieved Zero Trust for any organization yet.

One Identity Manager is mostly suitable for identity governance capabilities but is not that suitable for access management or privileged account management. If you are evaluating this product for access management or privileged access management, you should not go with it. If you want a governance product, go ahead and use this one.

We are a company in the health sector, with about 50,000 employees from six different health organizations. We use the solution to help automate all the processes around hiring and firing. We have automated as many processes as possible around user accounts and mailboxes, and file and folder administration. And with the IT Shop, customers can request permissions themselves.

Back in 2014, it took us six workdays to get an employee what they needed to do their work. The creation of the user accounts required two days, and the creation of the user mailbox and the assignment of permissions took another four days. Now, we get data from HR when a new hire begins and we have the user account, mailbox, and default permissions for the organization available approximately two hours later.

The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.

It has helped to simplify compliance. We are subject to compliance rules. Using the solution, a manager has the ability to check out which permissions an employee has and to make changes to the permissions.

We have also integrated One Identity with SAP. Every one of our customers uses SAP and we have the synchronization agent for SAP in different landscapes. The integration process between One Identity and SAP is simple. We don't have to do many steps to integrate SAP landscapes. We just have to start a new synchronization process and that's fine. The SAP integration gives us the ability to make rules for SAP accounts and SAP role assignments. And what is very impressive is the way it handles role assignments. We have more than 2 million role assignments for just one of our customer's employees.

Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions.

The solution is also very flexible. We can adjust all the standard processes that One Identity comes with and we can create new processes. We can always change whatever we need to change.

The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified.

I have been using One Identity Manager since 2013. I was formerly a consultant for Quest, beginning in 1998.

We don't have any problem with the stability of the solution. We have problems with the stability of our own processes and the systems that are behind One Identity.

We have 50,000 employees. That speaks for itself regarding the scalability.

One Identity support has been fine. We always have good, professional feedback and solutions, and the communication has always been okay.

Positive

As an organization, we started the deployment with one of our customers in 2010 and completed deployment for all of our customers in 2016. Every system requires different processes and knowledge. We were able to set up some things in a really short time. Others took more time because we needed to learn the system and how it works.

We are a team of four employees who design and customize the whole system. Our company has 80 support engineers on the help desk, and on our customers' sites there are between four and 10 employees who have read-only access for the One Identity system.

We have worked with One Identity and with their partners, including IPG and Devoteam. In 2014, we worked with One Identity in our environment to deploy the IT Shop.

APG provided training for me and my colleagues. It went very well. We were stronger in our skills after the training and it was done very professionally. They also helped us customize the solution for our particular needs, the first time. Now, we understand things and we can customize the system on our own. Their assistance, along with Devoteam, in customizing things was very helpful. They customized the whole system and we learned from them.

We have seen ROI due to the better performance we now have in getting employees working. That is very valuable. In addition, we have the self-service via the web interface. That helps with return on investment because every call to our help desk has to be paid for by our customers, but with the web interface they can do things on their own.

It's not cheap, but the pricing is okay. Other applications cost about the same.

Take your time in deploying the system and know the processes you want to support with it. Knowledge of the processes you want to support is the main thing.