One Identity Manager Reviews

Access governance related to audits.   

BAAN, AX, AS400, AD, Exchange, Footprints, several home-grown applications.

We had a relatively small AD (about 5,000 users) but our primary challenge was that all of the legacy systems in place, including multiple instances of BAAN that came from different M&A deals, each with their own configurations and entitlements. 

The short version is that we gained significant insight into the issues of access governance. One of our largest challenges was lacking insight into who had what access and where. For years access had been granted in an ad-hoc manner, mostly as "I need access like Sally" situations resulting in a mess of too much access son nearly every account in our organization.  Implementing an IAM system allowed us to turn this auditing nightmare into praise from our auditors, eliminating fines and cutting operational costs, paying for the implementation within a year. 

Additionally, we found all sorts of questionable activity that we were able to address. Using the built in policy tools we were able to identify those who went around controls and address them both stopping their unapproved activities as well as getting feedback to improve the IAM interaction with the company. The loss of unapproved access also stopped a few cases of potentially criminal activity that came to light because of our new found trove of data but further details cannot be shared. 

The amount of useful data we were able to gain immediately after a basic implementation was exceptional. Within days of installing the product in production and well before the official go-live we were able to create meaningful reports of all sorts and start correcting missing and wrong data as well as access control issues. We had tried system cleanup projects before and had some success but correcting our data in earnest began once we could see everything in one place.  

As the project matured we were able to move more and more out of the hands of IT and into the hands of the LOB representatives. Which in turn both improved the business' view of IT as a whole and allowed IT to focus on other projects and trim staffing levels on low tier work, moving those employees to more important work and helping some of them grow their careers. 

The value gained by taking control of your access data and walking the path towards governance is immense and the progress we made inspired me to pursue a career helping other companies achieve the same success. I would recommend that every company undergo an IAM project especially if they have nothing in place now. 

In dollars: access reviews. In QoL: Entitlement requesting, Approval workflow, and Attestations. 

At the start of our project, IT was considered a burden by most of the company. One Identity's easy to set up requestable items and the associated smart approval workflows gave IT the power to become a hero to the company. Eventually we had lines of business coming to us with requests to integrate more and more into the self-service portal. Then on top of that, the existing attestation cycles allowed us to confidently know for certain that correct access was issued and maintained across the company. 

My largest issue with the product is the ability to customize the web portal. There is a tool that allows this to happen but it is difficult to use (except for minor changes like logo, color scheme, or basic edits, such as displayed columns on an object. Then, to make it worse, the documentation is not helpful at all in describing what pieces do or how to use them. Even after training, I would not be confident in attempting any large change to the portal. 

For certain, this is the area that I think needs the most improvement from the current state. 

I have been using One Identity Manager for six years.

The stability is fantastic. 

Your real stability issues are going to come from SQL and not the product itself. There are redundancies built into any general implementation and always-on availability is expected. If you are already running your SQL in an always-on way, the chance of downtime with One Identity is essentially zero. 

Upgrading from one version to another is the only potential issue. You have to have an outage to perform it. There are ways to make this smooth but it is the one area where stability could be an issue. 

The solution scales very well. I have experienced issues when attempting to scale to the largest companies. However, when we did encounter issues, One Identity did a fantastic job of providing the resources and fixes needed to scale the system to millions of identities. 

The support team could be improved on. The first level of support essentially looks up knowledge base articles and often can't provide the answer needed. This could be skewed because any issue we couldn't solve with our implementation partner was certainly not a level 1 issue. However, even with One Identity knowing that we would have to deal with bad level 1 before we could get someone who could actually help on the line. 

However, to give a positive side, any time there was an emergency they were very quick to get the right resources on the issue, even when it meant waking people up in the middle of the night.  

We did not have a solution in place. This was a greenfield project. 

The initial setup was very, very easy. 

Our complexity all came from integrating outside systems. The out-of-box experience with One Identity was genuinely fantastic.

We used a 3rd party partner of One Identity as well as trained an in-house team to administrate and extend the system.

The partner was extremely knowledgeable and in a couple of cases more so than the vendor. We were extremely happy with the outcome of their work. 

Our ROI is very, very large. 

We eliminated ongoing SOX violations and associated fines.

Additionally, and without including the above, we were able to see savings in IT costs greater than the cost of our implementation within one year. A significant portion of this came from moving our most common help desk requests into self-service. 

The example I would give as the largest of these is Baan. Traditionally, a ticket was submitted, then tier 1 moved it to the Baan team who was responsible for both access and troubleshooting. Baan was significantly understaffed and the turnaround was slow. When they did address the ticket it would require calling managers and attempting to figure out what access they actually needed. Turn around was 2 to 3 weeks PER REQUEST. By defining roles with the business (a huge task in itself), creating self-service requestable items, creating approval flows, and automatically producing formatted tickets to Baan (direct connection to add access was not available to us) we were able to reduce the turn-around time to less than a day. Freeing up resources to do more important work. 

Finally, we were able to change the perception of IT nearly company-wide. While this has no dollar amount attached this is probably the most significant return we experienced. 

One Identity genuinely provides one of the lowest costs for the initial setup of any product while still being a robust suite of tools. Price was a major driving factor in or choice to use One Identity. 

We did evaluate multiple other options before choosing. Hitachi ID, Salesforce (they really do have an IAM offering), Oracle.

My advice would be to implement the out-of-box product and pull in your initial data sooner rather than later. Planning is needed but I assure you that you likely don't know how much of a mess you're in, especially if you have no IAM solution already in place. 

The OOB data collection will help shed light on the issue you have and have yet to discover then you can craft robust solutions to tackle them.

Involve HR, involve your process owners, involve your business unit leads. Ultimately, you want to use a tool like this to empower your business to make decisions and engage in self-service. It may be difficult at first but if you involve them and try to meet their needs you can turn IT from a burden into the hero of your company. 

Work with a partner. While the vendor has great staff and is very knowledgeable, ultimately the partners are the ones who can really help you make the magic happen. All partners have the ability to engage the vendor directly should the need arise. You can save a significant amount of cost by going this route. 

We use it to manage all identities within the company. We use it to monitor users when onboarding and offboarding. We also use it for all the related accounts, such as SAP accounts and AD, to give permissions to our employees within these systems.

We do all the privileged management as well within One Identity Manager, which mainly consists of monitoring and control of users, especially who's changing what.

There are users within SAP, the so-called "firefighters," who need to have a little bit more access to SAP. They are the ones who are allowed to switch down modules, put down the systems, and so on. They require high-privilege access. One Identity helps us to monitor those activities and ensure that we make the changes that are required so the users will have those permissions.

When we have a request from HR for onboarding a new employee, before having One Identity, we had all manual processes. If the user was going to be assigned to a specific application, we needed to contact the responsible person on that team to open multiple tickets, multiple requests. Today, those activities, are completely managed by the Service Desk. That means we have reduced the time it takes for the onboarding process enormously. It used to take two or three weeks to do a full onboarding, but today we can do it in two or three days, providing access to the systems.

The solution has reduced Service Desk calls by 75 to 85 percent. In terms of automation with this system, we now have 94 percent coverage of our users and systems. That means we increase security as well, and not only reduce calls to the Service Desk.

In addition, when it comes to compliance, One Identity is used to cross-reference between the identities and accesses. This has improved the detection time of security events and has helped us with both data protection and compliance. One Identity is a main driver and helper in improving this area.

It's the automation. With One Identity you can have multiple accounts and everything is managed in the same system. You don't need to manage different systems at different times. With just one, you can do everything. It saves a lot of time for us and simplifies things.

In terms of the policy and role management features, through the automation that we have within the system, we are able to simplify those processes. The role management is really a great solution because we assign and define roles within the system and then apply them to the identities that we create for our employees.

It is definitely a flexible solution. The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc.

We are currently on an old system, an old version. We're working on upgrading to the latest version. So when it comes to cloud-IT strategy, for example, at the time we implemented this version it was not yet a consideration. We are now starting to develop this area, and One Identity will play a key role in our cloud strategy.

Most of the issues that we are suffering from today will be fixed with the new version.

The more we have integrations with other systems, for creation of user accounts for different applications, the simpler the scalability and the usability of the system will be. That's what will make our lives easier.

I've seen that in the new version we're going to have connectors related to ServiceNow. That's a huge feature that will be important for us because we're using that system. Salesforce integration, more integration with SAP and with the internet of things would be good.

We also have system devices that we could manage as identities, so that would be a feature to add.

Three to five years.

The system we are using is five years old and we have had no issues at all. It is fully stable.

It's scalable. We grew over the last year. We integrated companies within the group, which included creating more and more users in the system. Scaling is pretty simple. We didn't have to make major changes to the system itself. It was something that the system could support easily, especially from a functional point of view. 

It can scale vertically and horizontally without any problems. With the upgrade, we are scaling up technically, adding more servers, and it's pretty easy as well.

We are working with a One Identity partner. This is really important. One of the most important things to do when going with One Identity is to choose a partner wisely. We are currently working with a partner and we're still evaluating that. It needs to be assessed a little bit better and to ensure that they can support us. It has nothing to do with One Identity support itself. The important thing is ensuring that the partner is able to support requests. That's what we are currently assessing and evaluating.

We are working with IPG because our headquarters are based in Germany. We have a history with them. We are currently ensuring that they are capable of providing the support that we require, and especially provide us the agility and flexibility we need.

The partner is important because the implementation of the systems and the configuration of the systems are done by the partner. It is key for One Identity to ensure that the partners can do the work properly.

We had nothing before using One Identity.

We implemented One Identity in 2015 with the main goal of controlling SAP access and users, especially the privileged access in SAP and the segregation of duties. That's what we wanted to control. One Identity was the best system at the time, with really exceptional out-of-the-box functionality. It was mainly done, at that time, for SAP. It was a risk and compliance issue that was fixed with One Identity.

We are seeing return on investment although I can't quantify it. If we just think about the reduction in the onboarding time which is impacting other teams, that is an area of ROI. And especially with the Service Desk, there has already been a benefit and a return of investment in terms of resources.

The tool is one of the best tools, out-of-the-box. It has great integration, especially for companies using SAP. On the other side, choose the right partner and don't look at only one system, but other systems as well. If a company is looking for a system to control SAP, don't focus on your SAP. Look at one system which is able to manage in general, and with good integrations. One identity is one of those systems.

It is also important to have a defined process. We establish it and then, with the use of the tool, we apply it.

I would rate the solution at nine out of ten. I like the out-of-the-box functionality. You don't need to do specific customizations; you can quickly use the system as it comes. And the solution has flexibility.

We manage companies identities and different legal bodies in it from all over Europe.

With One Identity Manager, we were able to get a lot of processes digital. A few years ago, we started to give all of our colleagues who were working in the retail stores their own smartphones, so they could use some of these processes. For this, it was key to have a good identity management system, where they could do all that. 

Before that, we were using this tool for shared account management. We were able to do that pretty smoothly, and get everyone a personal account, which was pretty impressive.

We have integrated the solution with SAP. All our retailers can order their own goods for their stores and have access rights. Without this, it wouldn't be possible for everyone to manage their own stuff. We are local decentralized. We are only able to do this because we have the role management input and access rights in the SAP systems.

With GDPR, a lot of colleagues in my company were using this product last May. Especially for GDPR, things weren't that clear, so we built stuff that wasn't really necessary. 

This solution has helped reduced help desk calls. We still could get way better; perfect.

It's a huge toolkit, and you can do a lot of stuff with it. You can extend nearly everything, so if you want to build something that may not have been though of by the vendor. You can do this with a partner, as we have done in the past. There is also support for these processes. Compared with other distributors who design their products to certain specification, you can put in your own processes, because not all companies function the same. You can write what you want, and the process should be like that.

The policy and role management features are huge. We have had some problems getting our colleagues onboard using these features. They are used to IT setting up everything. The features in the software are good, but there is a lot of transition you have to do inside a company to get these features working.

The solution is flexible. You can customize everything. You can do what you want in it. Sometimes, it is not unwise to do everything on your own, but you can.

We had to customize some stuff in the SAP system, because over the years there has been a lot of customizing in the Identity Manager. It works well, but some features that we would want or that our colleagues are operating and running with the SAP system, we can't really provide, or we have to develop on our own, with One Identity Manager. SAP works well with it, but it could be better.

I would like them to add some lifecycle management features. 

They could improve the support.

When you look at the connectors to Microsoft Edge, we think that maybe it could work. However, when we build a hybrid environment, you can't really use the tools that One Identity Manager is providing. 

They could make the product more user-friendly. It takes a lot of work to build technical and business cases with the product. The solution is more complex than you think to use.

The API server needs improvement.

The stability is mostly pretty good. Now, we are having some issues with the version 8, where we can get the system to a stage where its not really working anymore. We wonder sometimes, why this box still in the software, and are we the only customers that are using it? Sometimes, we feel as if we are the first one using this product in production. Then, we speak with other customers, and they'll say that they have the same issues. Identity Access Management is middleware and should be top-notch. It can't fail. It has to work on peak performance at the times. When you find errors in the box, then it is a big problem. Even if it's not that important. Our standards are really high for a solution like this.

Before the tooling there were around 80 peoples in IT at the company. Now, we're over 800. In IT and workers everywhere, identities have grown enormously, so there are more help desk calls, but there are now a lot of more identities.

Sometimes, it's really good and fast. Sometimes, you make a service request and don't get an answer. Sometimes, you have to use management to get support for a really urgent problem. So that's not always good. Overall, its pretty good, but when you work with the product, you find bugs, and normally, they're fixed. Sometimes, we don't get a response that we want, and it's frustrating. I also see peak times, where it is pretty slow, then the support is really good and pretty fast.

The initial setup was ten years ago. Back then, we had to do a lot of stuff on our own. Therefore, it was not that easy. I think it never is, because a lot of business policies have to change. 

If you were to take the software, and start with it, in a company where you don't really have anything, then I believe it would be pretty easy.However, in a global company, that is using an SAP system or an AD for around 10 years or longer before you even think about getting One Identity Manager, then it gets really hard.

We have had a lot people over the years, like Computer Center and IGF. Some experienced, and some who were not so experienced.

This solution has helped to increase employee productivity when it comes to provisioning users in our systems. This solution has been really effective with our retail workers. It wouldn't be possible to onboard and manage our 40,000 store employees without it. The management of the solution is pretty automated.

Don't work too much in the beginning. Focus on what's really necessary and important. Forget the luxuries you have. There are old processes that are really great for some people and look like pieces of artwork. However, the maintenance of them is really expensive. So, know what you really need, what is your business case, and what is important for you. Keep it simple and structured. Then, you will be happy with a solution like One Identity Manager. 

You have to understand the concepts of the software. Then, you can be productive and be happy with it.

We were able, with this solution, to go pretty fast from an on-premise AD and Exchange environment to a hybrid setup with a lot of stuff in the cloud. 

Right now, we're not really using the privileged account governance features. It looks promising. In our organization, it looks promising, but we're not going to go there right now because its another responsibility for someone else in the company. So, while it looks good, we don't have the capacity to go there now.

We had several tools over time to try to gain control of IAM, but none of them were capable enough for our needs. We simply had too many systems to work with. We wanted one digital identity for each user and a comprehensive view of each user’s entitlements.

Before the implementation, it was necessary to create user accounts to give access to every single information system and application. A lot of resources were needed for development, implementation, support and control of identities and their entitlements. Employees had up to ten credentials for various applications. Now, our users have just one digital identity for all of our systems.

One Identity Manager provides one digital identity for each of the university’s 20,000 users. It also unifies and automates all processes in staff’s and student’s lifecycle by interfacing with other university systems. IAM is now more transparent to IT, students and staff, and helps reduce risk by automatically controlling access according to a user’s status.

This new approach to IAM has created huge efficiencies for IT, especially when it comes to managing more than 300,000 rights. Compared to the situation we had before, IT staff now spend less or almost no time for managing identities and rights.

We are located in Europe, so GDPR is a must for us. So, One Identity solution is helping  with this topic too.

• It gives the best user experience, enabling us total transparency in user access rights.
• We unified business processes for students and staff at enrollment/hiring/graduation/termination of contract in all organizational units of the university.
• It reduced risks by granting adequate access rights to users.
• The best feature is that HR finally took responsibility of it, so not everything is on IT.
• The policy and role management features are important for identity management.

Improve the implementation of additional One Identity Manager’s features. This we are going to focus on after an upgrade to release 8.1 will be finished.

Generally speaking, the solution has great stability, modularity and scalability. We have not had many stability issues until now. However, my opinion is there is still some space to improve performance. Sometimes synchronizations take too long.

We had several tools over time to try to gain control of user accounts and their privileges. But none of the solutions were capable enough to cover all our our needs. We simply had too many disparate systems to work with. We wanted one digital identity for each user and a comprehensive view of each user’s entitlements. Plus, we needed to ensure we could control those entitlements easily.

We noticed that One Identity Manager was positioned well in Gartner’s Magic Quadrant for User Administration and Provisioning, based on its evaluation of One Identity Manager.

The initial setup was complex. We have a lot of different systems. But, we started step by step with connecting active directory for employees to the IAM system and with data and business processes consolidation. Then, we used the same approach for all our students’ identities and related processes. Many processes we had to redesign, but the main benefit is the processes are much more simplified now. Yes, the journey from introducing One Identity Manager solution to joining all the systems was difficult, but we have reached our final goal.

We have a valuable partner located in Slovenia, who is helping us with analysis and architecture. They advise us with many best practices and are responsible for the implementation and technical aspects of the solution.

This solution helped us to reduce help desk calls. Before the implementation, people were calling because they didn't have access to some systems, etc. After the implementation, we implemented the application access metrics - authenticated users may conduct only previously authorized transactions. Now, all our users have access to these applications when they get their digital identity. Thus, there are no more calls to help desk.

While our journey to find a solution was tiring and we invested a lot of work and knowledge, our expectations have been reached and even exceeded. It's really good to invest time and money in a solution which offers you something that all users, not just IT, can use.

Sometimes, the solution is flexible. However, the customer should sometimes be flexible to the solution, as well.

Those who worked on this implementation now spend less time on user rights, etc. While it lowered their workload with this solution, they are now working on something else.

Our primary use case is to control access to our open source Unix and the app store games. This is a banking organization, so you don't want to give all of the rights to one person.

Using this solution means that our engineers do not need to log in to a domain controller as frequently. Rather, they can log in using One Identity and perform all of the administrative tasks. This is beneficial from a security perspective, and also helps to complete the task in the least amount of time.

It provides Authentication services and integrates Active Directory for open source operating systems.

The most valuable feature for me is the built-in security, which is the best that I have seen. The interface is also very good.

My only complaint about this solution is the price, as I think that the cost of the full user license is a little high.

A feature that I would like to see is a mobile app that provides users the ability to make changes or add users to the Active Directory on the fly.

Three to five years.

I would rate the stability of this product a nine out of ten. This is the only tool that will comfortably help you work with Active Directory in other solutions. 

It is scalable across infrastructures. It works with Windows, open source operating systems, and covers almost everything that you need. We have more than 4,000 users in this solution. Our organization keeps growing, so our base will forever be increasing.

To this point, we have not had to reach out to the solution's technical support.

Prior to using this solution, everything was done manually. Security was at risk of breach and we thought that we needed to be compliant.

The setup of this solution was simple and straightforward. Any admin can do it by looking at the whitepaper.

The process of deployment took approximately one month. However, that is not because the process is complicated or time-consuming. In our case, being in banking, there are a lot of policies and processes that have to be followed before implementing a new solution.

One Identity does what we need it to do, so we do not require any other plugins or packs to run our solution. 

One Identity sells everything that is required to deploy. We directly deal with them and do not use a vendor or a consultant.

There is a one-time licensing cost, and there is also a yearly subscription fee. The fee is related to the number of users and is perhaps $6 or $7 per license per month. 

We did look at other options, but it boiled down to choosing One Identity with no second thought.

My advice is to try this product first and then decide. In organizations with a large footprint of open source operating systems, such as Unix or Linux, security for them is a bigger concern, especially for banking. They should take advantage of using the evaluation version.

Overall, I would rate this product eight out of ten.

We use it to control identity and access management in our company.

It has helped when people need access somewhere. It makes it much faster to grant user access. I used to be the one who gave everybody their rights and it took me a few days per week to do it. Now, it's just pressing a button. It's a huge time saver. I don't have to create the users in AD anymore.

All of the systems that we use are in Identity Manager, we didn't have that before. It was hard to even say what kind of systems we were using. Everybody had their own system. When somebody said, "I need to get access to that system," everybody often answered, "Oh, what system is that? Do we have a system like that?" Now, everything is in the same place and they can access so much more, and it's easier to get access.

The solution has also helped to very much simplify compliance. By law, once a year, we have to check what kind of access our users have. For compliance, they can look at everybody's rights because they can see them from Identity Manager. They can look at what kind of rights and access people have and get reports easily. It was very much harder before when we had to make Excel lists.

It has also helped to notably reduce helpdesk calls. Before we had Identity Manager, people called a lot. Now they don't call that much anymore about needing access to something. They can get access, themselves, from the IT shop.

Nobody has to put people in AD groups by hand anymore. It goes automatically and that's very good.

It's also very flexible. It's quite easy to customize and we have customized it a lot. There are many features already in it that you can choose from but you don't have to use everything. You can use just a few features and leave things out.

I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. 

For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.

It has been stable. We haven't had many technical problems at all. Maybe there have been some small issues, but not anything that has been affecting my work. The performance is okay. It works quickly and is stable.

We speak to our consultants. They are our technical support.

We had something we built ourselves, but it was not integrated with anything. It was mostly just a list. 

When the world is changing and getting more technical, people need more access and we needed the ability to check what kind of access people have. There are all the GDPRs and other things that involve our company. We also thought it would be nice to have some automation for AD. I was literally creating people in AD and giving them rights to different places, putting them in AD groups. It was wasting time and, when a person does it, there are probably mistakes and you're not always sure what's happened. There's no tracking of who did what. Now we can track everything.

That initial implementation was a long process. It took about two years from the time we decided to take the product until we had it in production. There was a lot of fixing and thinking and configuration.

Overall, there were about ten people involved in the implementation, but we have two developers who work actively in developing it at our company. And we have about two-and-a-half people who actually work with it.

Upgrades take a while. The last upgrade we did was from version 6 to 8, when we migrated. It wasn't that difficult. It took time but we prepared properly for it, so it went very smoothly. That migration took a weekend or three days, but the preparations were over the course of many months.

We had a lot of customization in version 6, and we had to clean that up so that version 8 would work smoothly and without problems. Then, we changed our consultants as well, so we had new consultants for version 8. They knew the code better and they told us we had a lot of faults in in version 6 that we needed to fix before version 8 because they wouldn't work in version 8 anymore. We cleaned up a lot of systems and users so that we wouldn't take a lot of garbage with us to the new version.

There were two people who did the migration and they had to learn a lot about how to do it. Then we did testing in version 8 to see how everything was working. In the future, the work involved in upgrading will probably be much less because there won't be that big of a gap. In this case we had to first migrate from 6 to 7 and then 7 to 8. It was a very long process, a big project. I don't think we will do that again. I think we will upgrade with smaller gaps in the future, to make it easier.

We looked at one other vendor, but it was some time ago. It might have been something from Microsoft. I don't think we looked at it that seriously because, as I remember, we decided on One Identity quite fast.

It's very good to have a system that handles access rights and a system that you can automate with a lot of other systems like with LDAP and Active Directory. You can probably integrate it with other things as well. For us, it has been a very nice product and we are very happy with it.

The advantages come with many other things that need to be done to use Identity Manager. It takes time to create things and get new systems and features running and to teach people how to use it.

We've heard about the privileged account governance features. We haven't yet started using them but I think we will soon.

Overall, I would rate it at nine out of ten. There are always things to improve on, nothing is ever perfect. I like the product and I think it's nice to work with, but I don't do that too much technical stuff. For everything I do with it, I think it works fine.

We use it to make requests and show the information that the users have, as well as for attestation.

It saves us time and has increased employee productivity when it comes to provisioning users or systems. It has changed the way things are done, and people who had been doing manual work are doing something else at the moment.

We now have standard processes, the whole flow when a new user comes in; what happens and when. It's always done in exactly the same way. We know that it goes from start to finish in a certain way and we can be sure that it's done in the correct way when it's automated. The master data is always used in the same way.

It has also impacted our cloud IT strategy because we have to be there to manage the user accounts and all, in that environment. That's on-going work at the moment. We haven't implemented or started any processes in production yet.

In addition, it has helped to reduce helpdesk calls, according to the information that we have seen.

For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems.

We are familiar with the policy and role management features and we are using some of them. They are very hard to define, but they are also very powerful in a way. You have to define them clearly before you start using them.

One Identity Manager is also flexible. If it doesn't have a feature that you want, out-of-the-box, you can customize it by creating scripts or modifying the schema. But you usually need consultants to do the job.

This is getting at really detailed functionality, but the system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people. That's an issue for us at the moment.

I would like the ability to have different user accounts and to have a flexible way to order things. For example, if you have a domain with a lot of sub-domains, for the end-user it should be easy to order to these other environments. But you would have to have sub-identities. We have tried to create different kinds of solutions for this.

This version, version 8 has been working fine. Version 6 was horrible for us. The performance wasn't good at all, but our experience now with performance and stability is good. We are happy now.

When it comes to adding other users or a growing environment we haven't had any issues. At the moment, at least, we have been able to add features and functionality, and everything has worked fine.

We have only used technical support through our partner/consultant company. We haven't been in direct contact with One Identity. Everything has been okay. 

We had a solution that was built in-house before we migrated to One Identity. The old solution didn't have the automation features and provisioning features the way that this product does. The old solution was more manual with a lot of built-in scripts. It was hard to maintain or to create extra features.

Our initial setup was about three years ago, but we did the migration from version 6 to 8. That was almost the same. It was a really big project, or it felt like it.

The initial go-live for the product overall was over one weekend, but the work before that took a year. There were ten people involved during that weekend. We had some time-outs during that year though, because there were some other big projects.

The setup was complex because we did a lot of things. It wasn't only our project, because it was HR and the organization. It was not only the technical part, "next, next, next." It included changing the processes and standards in the company overall.

In terms of our implementation strategy, we added a totally new HR program, to get the master data up and running and correct. And then, of course, we had to work on how the organization is defined and have master data for that, and the roles to be used and the master data for that. And we had to get overall processes standardized.

There are two-and-a-half people working on the solution now, doing daily maintenance.

We had a partner, Infragen, do the integration. Our experience with them was good. They did good work and we had good cooperation, overall.

The managers are satisfied when things are automated, when people are coming in or going out, because they don't have to do the work. They just contact HR and it's automated from there. People know that it's one place where you can do everything: make the request, the attestation side, and compliance is also automated and in one place. That's what people want.

Microsoft was one of the solutions we looked at, as well as some small Finnish companies. We went with One Identity because of the features. Somebody had already made the stuff that we needed, the functionality that we needed was there and didn't require so much customization. And the partner that was able to give us the solution was also a factor in our decision to go with One Identity.

Keep the scope small in the beginning, so you don't do too much. Go live and then add more features on the way because, otherwise, it can go on for years, and you never get anything done. Also, don't start to customize features too much. Try to use what comes out-of-the-box and try to implement it that way. Somebody has thought of these things already. In most companies, a lot of these things are probably done in the same way.

I would rate One Identity Manager at eight out of ten. There's always room for improvement, but I'm pretty satisfied.

Our primary use case is for integration to a second system, which will use the role-based access management for the identities and user accounts in the One Identity Manager.

This is almost a complete solution for us. The data input to the second system, which has the role-based definitions, has made things easier. This is even with bubble representation.

The features are open and have a good tabular structure for the data, as well as the connected relational/relative topology.

The support documents and data sheets should be made available to the implementation of folks the product website. There's is less documentation available to the public.
There should be installer version available than a portable/web-portal which will be more useful during the testing.

We did not use a solution previous to this one.

It's costlier than some other products and there is nothing that fits every solution. You have to plan your design in advance based on your needs and user base.

We did not evaluate other options.