One Identity Manager Reviews

The primary use case for One Identity Manager is for managing identities.

One Identity Manager helps with role-based access and compliance. These are the two main advantages of One Identity Manager. In addition to identity governance, One Identity Manager supports attestation, filtration, and auditing.

One Identity Manager is very customizable. We are able to customize it as per the customer's requirements. However, when you have a lot of customization, it requires a skilled resource with a coding background. I would rate it an eight out of ten from that aspect.

It has enabled application owners or line-of-business managers to make application governance decisions without IT. Each application or role is tagged with an owner, and this owner has the privilege to manage.

We use business roles to map company structures for dynamic application provisioning. This capability is very important for us.

We have integrated the solution with AWS. This integration is very important because the infra of the organization is managed on the cloud.

One Identity Manager is very customizable to meet customer requirements. We can write custom code as per customer requirements.

Role-based access is also very valuable.

The implementation of the tool and management on the infra side is a bit difficult. They can simplify implementation and management, making it easier for more customers. Other market tools have better implementation capabilities.

I have been using One Identity Manager for three and a half years.

The stability of One Identity Manager is very good. I would rate it a ten out of ten for stability.

I would rate it a seven out of ten for scalability.

Our clients are medium-sized businesses, but we have had organizations with 1,00,000 users.

I would rate their support a seven out of ten. There are other vendors in the market that provide better support. We use regular support.

Neutral

I have used other vendors like SailPoint. One Identity Manager stands out in customization compared to SailPoint, but SailPoint is better in terms of implementation.

The initial setup was mostly straightforward. Only in certain areas, it was complex.

The deployment duration depends on the organization and the customization they want. It usually takes three to four months for a standard deployment without any customizations.

It requires maintenance on a regular basis. Mostly, it requires monthly maintenance.

I would recommend this solution depending on the environment and customization requirements of users. I would recommend it only if it meets the requirements of an organization.

I would rate One Identity Manager an eight out of ten.

We utilize One Identity Manager to manage the employee lifecycle, provision user accounts, administer numerous systems, and maintain a web portal.

One Identity Manager's ability to consolidate tools helps simplify the administration process.

I would rate the UI nine out of ten. The performance and appearance have improved since the new portal was implemented.

With my experience and the help of the user community, customizing One Identity Manager is not difficult.

The business roles feature is easy to use.

We see the benefits of One Identity Manager within weeks of deployment.

One Identity Manager helps minimize governance gaps between test, development, and production servers. An administrator's experience typically correlates with increased ease of use.

One Identity Manager simplifies the process of determining application access. Integration is straightforward for standard systems like Active Directory or Exchange, but connecting custom web applications requires developing a connector, which is time-consuming but manageable for experienced programmers.

One Identity Manager is more reliable than other identity managers. The most valuable features are the behavior, configuration, and customization options.

Using dynamic business roles can degrade the performance of One Identity Manager.

I would like to have better documentation for configuring other Microsoft systems.

I have been using One Identity Manager for almost four years.

One Identity Manager is stable. If it crashes, it is due to human error, not the solution itself.

One Identity Manager's scalability depends on the use of other Microsoft systems, such as SQL and Windows servers.

The deployment is straightforward. The deployment takes between one and two hours and requires one engineer. The overall implementation requires a team consisting of an architect, an analyzer, one or two programs, testers, and an engineer.

We are integrators who implement One Identity Manager for our customers.

I would rate One Identity Manager nine out of ten.

In most cases, the customer doesn't need to do any maintenance.

The primary use case involves overseeing comprehensive identity and access provisioning, along with managing the onboarding and de-provisioning processes for users. This includes orchestrating the creation of new projects, conducting simulations, and ensuring synchronization between a core solution and other target systems.

We utilize One Identity Manager to assist in SAP management. When connecting to an SAP target system, the synchronization of data is facilitated. Following the data sync process, all users can be reviewed within One Identity Manager under the SAP user tab. Furthermore, this tool allows us to publish data seamlessly from One Identity to various target systems.

Identity Governance and Administration is particularly beneficial for addressing the complexities associated with managing SAP, especially when dealing with aspects like transaction code (t-code) profiles and rules. It's important to note that while One Identity Manager doesn't specifically handle t-codes, it does provide functionality through the manager for managing files, rules, and other relevant features associated with transaction codes.

I haven't observed specialized workflows or specific business logic for SAP in One Identity Manager.

One Identity Manager serves as a consolidated platform for enterprise-level administration, offering governance over user data, privileged accounts, and related aspects. It's particularly effective in managing privileged accounts. By incorporating the manager, administrators can easily assign resources, facilitating the seamless management of admin accounts. The available features within the manager enable the creation of special identities, such as admin accounts.

The user experience with One Identity Manager is excellent. It's highly user-friendly, with well-organized features that make exploration intuitive. Everything, including account definitions, is easily accessible in the manager module. You can efficiently check the status and associations of objects, such as which projects or other objects are linked to a specific one.

Customizing the manager to meet our specific needs is crucial, as there are some limitations tied to factors like database performance. These limitations are often dependent on the volume of data being imported or synchronized. It's important to note that the platform's performance can be impacted when dealing with a high volume of data, potentially leading to degradation in performance.

I've utilized the Business Roles feature to map company structures, and it's a highly valuable tool as it allows you to define a set of rules for various markets. This feature facilitates logic and rule sets associated with market specifications. Under the business roles section, you can easily identify how markets can request access through IT software products and sales tools. Each business role is linked to specific SAP roles, creating a layered structure. This functionality simplifies understanding of the connection between SAP roles and business roles. If you're searching for a particular SAP role, you can efficiently locate it within the corresponding business role and vice versa. The platform also makes it easy to check mappings, and if new business roles need to be created, the process is streamlined within the Manager.

The Manager aids in reducing governance gaps among Test, Dev, and Production Servers. By synchronizing data monthly from the production system to the development and sandbox environments, this approach effectively minimizes any potential gaps in governance coverage.

It assists in streamlining decisions related to application access.

It does not include features for application compliance and auditing. Application auditing is not a capability provided. We do have Application rules in place, and for auditing, we utilize the attestation feature available in the Manager. However, it's important to note that managing the entire application is not within the scope of the tool.

In the Manager tools, my favorite feature is the ability to obtain a comprehensive overview of any user efficiently. The portfolio view simplifies this process, eliminating the need to check through Tableau or other tools. Another significant advantage is the quick and easy creation of mappings, roles, and IT configurations for various products within One Identity Manager. This feature stands out as a valuable and time-saving capability in the manager tools.

In our Governance and management tool, One Identity Manager plays a crucial role in connecting SAP accounts to employee identities. This integration ensures that all identities are linked to their respective employee profiles. This connection is of utmost importance because if, for instance, a login is enabled for a specific user, maintaining a consistent ID becomes essential. With One Identity, this process becomes seamless, allowing the replication of related attributes across all relevant systems and ensuring a cohesive identity management approach.

I would like them to enhance the search functionality to enable faster processing when looking for objects. Ideally, the system should automatically identify relevant entries and promptly present the results, eliminating the need for users to input search criteria each time they look for specific objects.

I have been using it for the last six years.

I would rate its stability capabilities eight out of ten.

I would rate the scalability abilities nine out of ten.

Whenever we require support from One Identity, we initiate a service request, and the support team is readily accessible. They typically respond within twenty-four hours and effectively assist us with any issues we encounter. The support from One Identity has been reliable and responsive. I would rate it eight out of ten.

Positive

The initial deployment was straightforward and smooth, mainly due to the clarity provided in the installation guide. Following the step-by-step instructions outlined in the documentation from the One Identity solution made the deployment and setup process very simple.

With the assistance of an architect, I managed the deployment process by completing just the configurations for the initial installation of One Identity. Maintenance during deployment is essential, especially when there are significant changes and script modifications aimed at improving performance. System maintenance is a necessary step in ensuring optimal functionality, and we routinely undertake these tasks.

The system lacks the capability to empower application orders in the line of Business Management to independently make governance decisions for applications without requiring IT involvement.

It did not assist us in realizing an Identity-centric Zero Trust model.

I recommend that individuals working with this system should possess some knowledge of Microsoft SQL and be familiar with server configurations. A good understanding of SQL servers can simplify the process of comprehending and managing cloud repairs. I would rate it nine out of ten.

We use the solution for managing identity access in a production company with nearly 6,000 users and more than 10,000 employees.

The main benefit is that it makes it easier to comply with GDPR. It makes it much, much easier. Also, it helps with data privacy and everything. It reduced the workload on the help desk and other departments that deal with user access and provisioning providers for users.

The solution offers good integration with other environments such as SAP and Active Directory, et cetera. We are managing access and managing all the provisioning of user access and accounts.

We manage the product to help manage SAP. The solution is okay for providing an enterprise view for the management of logically disconnected SAP accounts. It is quite complicated since SAP has quite a structure for these roles and accesses, however, it is quite manageable in One Identity and it is well supported with proper support from our external provider. We finally managed to make it perform. It is now working well.

One Identity Manager connects SAP accounts to employ identities under governance. This is important. We had it implemented before only based on requests without active-active connection. There were quite a lot of non-matched users, and what happened a lot was that we would have users who had left the company and were still active in SAP. So now when a user leaves the company it’s not an issue. Also, the SAP account is already provisioned. This ensures data protection and the privacy of users and everything.

If I were to assess One Identity Manager for providing us with a single platform for enterprise-level administration and governance of users, data, and privileged accounts, I’d rate it highly. From a rating of five, I’d rate it 4.9.

The solution's user experience and intuitiveness are good. It’s extensive. 

How easy it is to customize really depends on the level of desired customizations. There are some customizations out of the box while others require quite a lot of coding. In that case, I’d suggest a person uses support or gets external support.

You do need to learn it. It’s not something you get from the beginning. It’s not like Windows. It is more complicated. You need to know a few things from the back end, however, as you learn it, it becomes easy.

I've used the solution for four or more years. 

I'd rate the solution nine out of ten. 

Our company hosts our on-premises application with this solution. It is not a complete SaaS product but rather a hosted environment in their tenancy. 

We have an internal team of four administrators and site developers who manage the solution and provide support to 2,000 employees. Our operational model includes contracting with professional services for new development, managing releases, and deployment. 

The solution is a typical, conventional IGA but the tool itself offers many options for customization. Some other products are easier to implement but don't have the same customization capabilities. 

The product must include SaaS in the future. 

The use of the administrative tools is cumbersome because too many are required for configurations. For example, the solution requires master usage of eight different client tools so it is excessive to manage the product. A small fix or deployment requires opening three or four different client tools that are not intuitive or easy to use.

The user experience and interface need additional improvements. Version 8.2 included improvements to the GUI and the inclusion of Angular JS which is better. However, the interface for 8.5 is a bit basic. 

Mastery of VB.NET is required to develop using the solution. Most developers use Java or .Net and VB.NET kills the vibe. We have to use VB.NET internally when working within the solution and that really needs to be modernized. To be honest, no developer is interested in learning VB.NET because it is a substandard language compared to newer options. 

I have been using the solution for six years. 

The solution is very stable and we rate it a twelve out of ten. However, reaching that stability is torture. 

We had issues and bugs because of customization requirements and it took us a year to go live. Too many custom processes cause issues even though the end result is stable. Gathering things to implement and install takes time. In our case, the implementation document for us to go live was 500 pages and that was a bit terrifying. 

The solution is scalable and the database is the key element in integrations. Everything connects to the central database which is a benefit because then the database becomes the central configuration management tool. If you upload DLL code to the database, it pushes it to other components. It is a well-designed central configuration approach. 

This approach can be a bit of a drain on performance because everything is connected to the central database. It is important to keep on top of database health with the solution.

Support needs to be better because this is a framework-style product and your own developer needs to be able to work efficiently with theirs. Sometimes a problem is in the development code, not the core product functionality. It takes too much time, as operational support to investigate and find the root cause. The solution offers amazing functionality for the framework, but if you didn't write the code yourself you are in trouble. 

For example, if a third party writes code and then their involvement ends, an issue in production that needs support won't get it because the third party's code error is an unsupported area. 

If your company's active management processes are not aligned with ISO or NIST standards, a lot of customization is required and this is the best solution. For ITSM, this is also the solution to use. 

If your processes are aligned then other solutions are appropriate. For a product like SalesPoint, the solution might be ServiceNow. 

The initial setup is very complex and I rate it a four out of ten. 

Deployment depends on the project scope. If the project is smaller, you can connect with Active Directory and auto RMS on the same day. However, if you want joiners, movers, or leaders to go live, it becomes more complex. 

The pricing is good and I think more money is made out of selling professional services than the product itself. 

Developers who have worked with the product won't need the assistance of professional services. It is easy to implement once you are accustomed to the product. 

Someone new to the product would need 20-30 days of services a year and in that scenario, it is expensive to develop and maintain. 

I rate this solution a six out of ten. 

We do employee lifecycle management through One Identity Manager with the source being SAP. We do not just do human accounts, like SAP accounts, but we also do non-human accounts, e.g., service accounts, shared mailboxes, distribution lists, and mail contact objects. We also use the API feature of One Identity Manager to provision from ServiceNow. These are its core functionalities.

We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.

One Identity Manager has helped to increase employee productivity. This is because we provision the right accesses as part of user onboarding, then the user is ready to go. We send the initial login information, and everything is through the system. This has saved 60% to 70% of the onboarding time. The process is smooth.

One thing that I like about the product is it comes with a lot of out-of-the-box features. There is the occasional scripting here and there, but there are some out-of-the-box samples that you can follow. So, it has been pretty good. We have been able to work well with it.

I have found One Identity Manager to be flexible. It is mostly configurable. We get most of the features out-of-the-box. If not, we have some samples that we can follow, then model the system, accordingly.

As far as GDPR is concerned, our company is located across the globe. Based on user requirements at any given location, we have been exposing only those attributes. In that way it has been flexible so we can comply with GDPR.

In terms of the policy and role management features, I have a mix of opinions. In terms of role management, it is okay, but I would like to see the product go more towards attribute-based access management. Regarding the policies, it has been okay working for our environment so far, but I would like to suggest some improvement along the front of synchronization. That would be nice.

One Identity Manager has had a little bit of an impact on our cloud-IT strategy. Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions.

If there could be some connectors for more things, like a Cosmos DB connector, then that would be helpful.

It is a great product. I don't know why it is not so marketable in the US and not used as much in the US as opposed to the EU. Sometimes, I feel like it is very hard to find people because the solution is not as popular in the US. If you need to find new resources, it becomes tough since some people are hesitant to learn a product that is not well-known. It is hard to find some people with exactly this experience because it is not so popular in the US.

I have used it for five and a half years.

We haven't had any stability issues.

So far, we haven't had issues with scalability. We are a global company, so we have dedicated servers for certain operations. The solution has been holding up well.

We have 20,000 to 25,000 users using One Identity Manager. We have roles ranging all the way from a user to the help desk. Then, we have a threat management team role, security operations role, and site administrator role. 

We work directly with support. They are very prompt. I would rate them as eight or nine out of 10. They will help us based on the level of the ticket that we raise. Since their response has been very prompt, we basically have had no issues. 

Initially, we had issues and brought it up with their management. Since then, we can count on them if we have any problems.

Before One Identity Manager, our company had a homegrown solution, but it did not hold up well. Earlier, non-human accounts were not managed with the legacy accounts. With One Identity Manager in place, we have now come a long way in terms of management. It has become the global system for our corporation in the past five and a half to six years. It has held up well. We are planning to expand it further.

Previously, I have worked with other solutions all the way from SAP Identity Management to Oracle Identity Manager. The maintenance and staff required to maintain One Identity Manager is a lot less compared to Oracle. For example, anybody can learn One Identity Manager easily. If anybody is not able to learn the product, it is really suspicious. One Identity Manager also has a lot of out-of-the-box features.

The initial setup was straightforward. We started with version 6. Now, we have upgraded all the way to version 8. It has been okay so far, except for one version change from 6 to 7.

The deployment time usually depends on the change. The initial deployment or an upgrade to an existing new version will take about a day to a day and a half from scratch.

We plan everything from scratch, from building the server, getting the data, and onboarding and synchronizing the users. Therefore, we have everything setup for day zero and forward with a solid implementation plan.

Initially, when this was owned by Dell EMC, we had Dell EMC Professional Services for the very first feature. After that, we have been working mostly by ourselves. We have been partnering with IPConcepts in-between for the last couple of years, as needed. Now, IPConcepts has merged with IBM Works.

It has been a good experience working with IBM. We have worked with them over the last four years. When we needed to engage with them, there weren't any issues.

We have had pretty good people on our team so far:

• For deployment, one or two people were needed. 
• For maintenance, our team is very small. We have two or two and a half people at all times. 

Now, we are looking to augment the team as the system grows. As we are growing, we need more functionality and to automate a few things. Until they are automated, we need an in-between stop-gap in terms of resources.

We pay yearly and per active user. One of the reasons that we chose One Identity Manager is because of the pricing. It is reasonable and affordable compared to other products which we considered before choosing this solution for the company.

Unless you are buying a new connector, you won't need to shell out more money for the solution.

My company had to choose between SailPoint, IdentityIQ, and One Identity Manager. SailPoint IdentityIQ is heavily based on Java, whereas One Identity Manager is based on mostly Windows and PowerShell scripting. Our company is a big Microsoft shop, so it only made sense to go with One Identity Manager.

The simplicity of One Identity Manager is good. That makes it easier to adapt. Sometimes, I wonder why it is not so popular in the US.

There is definitely a learning curve for One Identity Manager. This is true for any solution, including One Identity Manager. However, the time that it takes to learn is different compared to Oracle products, where it takes much more time compared to One Identity Manager.

This solution should be considered by companies (based on their needs).

The biggest lesson learnt: If you are going with One Identity Manager, don't go with Oracle Database on the back-end.

The privileged account governance features have been good. I have actually led the project management for our customer advisory board session where we have looked for connectors for Cosmos DB. Using Graph API, we have been able to do pretty much anything that we want.

We connected SAP through a database.

We have plans to increase usage. It is our corporate-wide solution for identity governance, as of today. Our usage will increase because we plan to digitize the enterprise with mobile and the cloud. We see the need growing for this. That was the reason for my previous comment about having more Azure capabilities with their integration with Cosmos DB.

I would rate this solution as eight out of 10.

We primarily use the solution for background management. It's used for provisioning and license management. 

The solution has helped a lot with compliance. We can review access and have recertification alerts that make governing very easy. 

It's very easy to roll out. They do have various defaults available, so you have a variety of rollout options.

It is very easy to handle complex requirements. It provides a very good user experience.

I like the user interface. I'd rate it three out of five.

The solution provides an attributes-based setup, a dynamic role setup, and many other features for enterprises. It provides a single platform for enterprise-level administration. 

It has an easy user experience. It's great. From an intuitiveness standpoint, I'd rate it three or four out of five. It tries to make it easy for administrators to fulfill requirements, even if it needs to be customized. 

The customization is top-notch. It's the best compared to any other tool we've used. It fulfills a lot of needs. I'd rate the level of customization three out of five. 

While I haven't really used the solution's business roles to map company structure for dynamic application provisioning, leadership has used it for this purpose. My understanding is that it is quite good.

The product does help minimize gaps in governance coverage for test development and production servers.

It's helped us to achieve an identity-centric zero-trust model.  We are able to set up dynamic rules centrally. 

The interface can be a bit complex for an administrator to manage. I've used it for a long time; however, for a bit, I was confused. They need to work to make it easier to understand more quickly.

I've been using the solution for a year and a half. 

The solution has great stability. I'd rate it eight out of ten. 

We had 20 to 30 resources involved in the solution. The scalability is very good. I'd rate the scalability seven out of ten. There are some slight challenges, moreso related to human error; however, beyond that, scalability is great.

Technical support has been responsive enough. We do use premium support. You get a great response time and it helps us manage things very smoothly. It also offers support for many different regions. They've helped a lot with integrations. 

Positive

I have used different solutions in the past, including CyberArk. This solution, however, is great for identity governance. 

There was no problem with the deployment process. It took around a week to implement - maybe less than that with planning in place. It usually takes about two weeks to deploy.

The product is fairly priced. 

I'd rate the solution eight out of ten. 

I'm a customer of the vendor. 

I install it for other companies, and one of them uses it for custom processes.

Previously, one of our customers didn't have a way to manage their cases, so we created a custom solution for everything. And the best thing is that it's totally secure since it's based on the roles in the customer's Active Directory. It's based on the kinds of roles or groups they assign. It's about what kind of permissions a user has in the IT shop. For example, there are two big groups. One of them has access to critical information, and the other only has permission to read some information. With One Identity Manager, we were able to separate these roles and what each role can do.

And the fact that One Identity Manager helps consolidate procurement and licensing makes things easy.

In addition, it has definitely helped achieve an identity-centric Zero Trust model. If someone is entering the company, we need to make sure that they have the correct permissions, the exact information, and access to that information. It's a must.

The best feature is that it's customizable. For example, we can create any kind of product or custom service within an IT shop and customize it the way our customers need it. For the customers, it's the best. They are happy with it.

We can create a custom policy for a company. We can use a business role for access to a given product and determine what the next process is. For example, if someone requests access to something, the custom policy will show it to the supervisors at each location or redirect it to the user who is responsible.

Also, we use the solution's business roles to map company structure a lot. That's one of the parts that the customer really needed. They wanted a custom role for each of the cases they were creating. They wanted to assign users directly to a business role, and these roles can be assigned to other users in the directory. The business roles feature is critical.

One Identity has another model called Data Governance Edition. It's a very good solution for controlling and applying the concept of CIA (confidentiality, integrity, and availability). It's the best solution for that. We use One Identity Manager with Data Governance. There are shared folders, and a lot of people have access to them. With Data Governance, if someone requests access, based on the kind of permissions they have, Data Governance helps us make this kind of decision.

The user experience is good, but it can be improved. There are a lot of features in the administration part, and they need better documentation. For example, they need to explain the main reason for a feature, and what the tables are in the database. It needs better documentation about all the features that are in the solution.

They have a lot of documentation, not only about the installation processes, but also for the development side. For example, in the new IT shop that is using Angular, there are a lot of functions—more than 1,000—that don't have any information about what they do. The documentation is really important. 

Also, the documentation for the Data Governance Edition must be improved. 

In addition, when tasks are running in a tree, there should be an order. For example, if we have five tasks in a tree, we should be able to say this one is first, and the next is number two, then three, four, five. 

And it's important to have compatibility to use gMSA, group Managed Service Accounts.

I have been working on One Identity Manager for seven months.

It's stable.

It is scalable, for sure.

We use their standard support. They are nice and they are always on the edge, helping us. It's great support.

Positive

We did not have a previous solution.

The main solution takes about six months to deploy. When there are customizations, it takes more time. The amount of time depends on the kind of customization. I don't have an exact number, but we have a sprint every two weeks, and we do our best to deploy what the customers request. Our clients are enterprises.

For deployment, on our end, we require five people.

In terms of maintenance, the main solution is standalone, and there is no maintenance. Once it's running, there is no problem. But maintenance is necessary when a customer wants something else, a customization or a new product.

Our clients have definitely seen a return on investment.

The pricing is okay.

I totally recommend it. If you want to implement life cycle and governance, for sure, it's the best solution.