One Identity Manager Reviews

• GUI
• Reporting capabilities

Allows the delegation of permissions related to identity management and also visual representation of the configuration as opposed to having to go through loads of scripts which was the case with our previous solution.

Job server engine -

• Performance
• Loadbalancing

One year.

Not yet.

Not yet.

More than one job server cannot be allocated per target/source system which can be a performance bottleneck,

Customer Service:

Good.

Technical Support:

Good.

Previous solution was an in house written application. We switched due to support reasons as well as outdated technology and a lack of functionality.

Configuration and implementation is a complex process as we had complex requirements, but could quite easily be done in a simple way.

We implemented via a combination of an in house team and a vendor partner. Their level of expertise was very good.

Yes we chose Dell One over Oracle IDM, IBM, NETIQ, and MS FIM.

Have a team of dedicated staff for the implementation who are given enough time to understand the many dimensions of the tool.

We use One Identity Manager for workforce identity and access management. We have implemented basic controls like joiner, mover, and leaver processes for our employees. 

We are integrating our most critical and important business systems and applications into it, handling the access management to those systems using One Identity Manager. 

I like the solution since it is very flexible, and I can basically do everything that I like and need with it. 

I appreciate its automation capabilities a lot. Through automation, we have been able to reduce the number of service requests and tickets to our vendor. We have also managed to reduce the cost quite drastically in that sense. 

Additionally, by automating the access reviews, we have saved considerable time for our business leaders, even talking about several full-time equivalent savings concerning access review automation.

It works well at an enterprise level. We use it as a centralized platform for the whole identity.

It is a flexible system and we can customize it the way we want.

We use the business roles to map company structure for dynamic application provisioning. This is a very important aspect of the solution. 

We use the solution to extend governance to cloud apps and this is very useful for us.

Through automation, we have been able to reduce the number of service requests and service tickets towards our vendor, and we have been able to reduce the cost quite drastically. By automating access reviews, we've been able to save quite a lot of time - up to several FTEs. When we launched the system, we had quite a wide scope and saw results immediately. 

The solution helps us achieve an identity-centric zero-trust model. As you are getting your identity only through a centralized system and also getting all the accesses attached to that identity and all the accounts attached to that identity through one system, then it is possible. We also handle access to any system through that one solution. When we do that, we have a full picture of the identities and what kind of accounts and entitlements they have. Having the full picture and having the governance of the whole entity when it comes to access management allows security to be tight. Also, the controls that we have in place then, for example, joiner, mover, leaver, that helps in maintaining that zero trust principle.

In regards to the front end, the portal that is offered to our users needs improvement. There is room for improvement on that side, particularly in user experience. It is not as intuitive as I would like. If there is something to improve in One Identity Manager, it is the end-user experience. 

The database structure is quite complicated. I don't know if it can be improved or if it can. It will probably be a long journey. The most important thing is to think of our customers, and then the user interface is the part of the system that needs some improvement.

We can customize it, however, we need skilled resources to do so. There aren't as many skilled people in the market.

We launched it in October 2023. However, we started implementing it in 2021.

We rely on vendor support, and I would rate it as ten. We mainly receive support through their partner. 

Positive

We did quite a large comparison when we chose this system, and I see that there are systems in the market which offer the same functionality. However, there are also a lot of systems that are more restricted in the functionality they offer. There are maybe a couple as large and with as many capabilities as One Identity Manager. One Identity Manager is one of the top systems in terms of capability offering. That's the reason why we chose it for our company's purpose.

Our experience was complex, however, it was not due to the system. It was due to the wrongly chosen partner who didn't have the needed skills to implement it properly. 

It also depends on the scope of what needs or is wanted to be implemented as the minimum viable product. I wouldn't say that it's complex, however, maybe not easy either, so maybe something in between.

We implemented via a partner. They are the ones doing the customization if we do any currently. Our partner organized the training, however, the training was given by One Identity itself.

We have been reducing costs and saving several full-time equivalents by using automation.

I would rate the solution overall as eight out of ten based on the bad user interface.

On-premises

We use this solution to enable a lifecycle for all the accounts we have in our Active Directory. One Identity Manager helps us enforce rules and renewal periods. It assists in tracking useless accounts to ensure that we do not retain people's accounts once they leave the company. We are extending the solution, highly customizing it to associate almost every object in our Active Directory with an identity. Every identity has a lifecycle and specific rules enforced by One Identity Manager.

The benefits are significant for us. We had no real central governance before implementing One Identity Manager. Being a large organization operating in 60 countries, it has helped us regain control over Active Directory. By enforcing rules, processes, workflows, and account lifecycles, it aids in cleaning our Active Directory and enforces strong workflows in user management.

One of the best features of One Identity Manager is its high level of customization. Since deployment, the solution has been tailored extensively to fit our specific needs. Its out-of-the-box capabilities are commendable, allowing for evolution and integration within an on-premise environment. For us, being able to customize the product to our requirements has been incredibly valuable, turning it almost into an in-house solution.

The new portal is in a specific technology that is more difficult to program. While it is a specific decision, the customization will become harder. A real SaaS solution could be provided rather than an on-premise product deployed on One Identity Cloud. Although we are not the target for this kind of improvement, a pure web-based SaaS solution could be beneficial for smaller companies.

The solution started deployment in 2018. My personal experience as a Functional Analyst with the solution is approximately two and a half years.

I was not part of the company during the initial deployment. However, it was relatively easy because it came out of the box. Upgrading is more challenging due to the extensive customizations we have, but this difficulty is more related to our use of the solution rather than the solution itself.

We have not experienced many issues with the tool itself. The problems we face are more related to our database consumption due to the high number of users. In terms of stability, I would rate it highly.

We have not needed to increase scalability much, and One Identity Manager supports a large number of users effectively. I would rate its scalability as strong since we have not experienced any significant challenges.

The technical support could be improved, particularly for architects with advanced knowledge. I have heard that the forums, moderated by One Identity experts, are helpful. Although sometimes support can take time, we have not raised any serious alerts about the quality of support from One Identity.

Neutral

We had no Identity Management solution before One Identity Manager. Compared to our previous situation, the solution provides significant benefits in terms of automation.

The initial setup was straightforward as the solution came out of the box.

We are working with a consulting company that provides specific support and resources for us, but they are not direct partners of One Identity.

One Identity Manager saved us approximately thirty to forty percent in terms of time, money, and resources compared to our pre-deployment setup. It significantly improved our control and management efficiency.

We have a global ELA, which means we do not have licensing issues. The price is correct and the relationship with the sales team is excellent. They are open to discussions whenever savings are needed.

I have no other experience besides Okta. Okta is more of an out-of-the-box solution with less customization opportunity, while One Identity Manager is a full product.

I would recommend One Identity Manager due to its customization capabilities. It allows you to adapt the solution to your specific needs. However, for smaller companies without high-level expertise, a pure SaaS solution may be less intimidating. I would rate One Identity Manager at a seven out of ten overall.

On-premises

We use it for identity management and governance. We are a large financial institution; therefore, we use it for identity management and all the cases surrounding that, such as segregation of duty, attestation, extensive provisioning, and life cycle management.

The largest improvement we have seen is the depth of how many applications we have covered. We have about 4,000 applications connected to One Identity Manager, fully managed from there. That has definitely grown over the years, including the ease of connecting those applications. In the end, what we want to achieve as an organization is not a nice technical solution, but our goals are being in control of our accounts, being in control of our entitlements, and being in control of what entitlements are assigned to whom and why, and proper substantiation for that. To be able to achieve that, we need to have a large range of applications that we actually manage. That is something that has become easier and grown over the years. I would say this is the biggest improvement. Moreover, better processes have been introduced surrounding the data so that we do not just connect the applications, but at a data level, we actually achieve the control we want by ensuring everything in those applications is monitored and kept in control.

The SAP integration goes in-depth into the SAP tool, enabling us to get all the information we want from there. It connects SAP accounts to employee identities under governance, which is very important. It saves licensing costs by cleaning up and ensuring SAP accounts are associated with actual employees. We want a SAP account associated with one person.

It provides IGA for the difficult-to-manage aspects of SAP, such as T Codes, profiles, and rules. It provides profiles, profile limits, and field values.

It offers a single platform for enterprise-level administration and governance of users, data, and privileged accounts. It is very good, especially when you are looking at the enterprise backend. On the platform side, it is very good. However, the frontend usability, at least for our organization, could still be improved a little bit. That is not so much for the admin perspective; that is for the actual end-users in our enterprise. That is partially also due to the fact that we are still using some of the older portals because we have been using the tool for a while, and we have not had a chance to migrate to all the latest versions. It is very good for enterprise management, but our end-user experience could still use some fine-tuning, tweaking, and improvements.

We can easily customize the solution for our needs.

We use the solution's business roles to map company structures for dynamic application purposes. That is very important for us because it is one of the ways where we can remove the complexity for end-users. We can automate things while still providing a good control framework where we can say we are in control. Being a large enterprise, we have a complicated structure, so we need a good model that allows us to accommodate that complicated structure. With the business roles, we were able to do that.

We use it to extend governance to cloud apps. This extension is important for us because, as a large financial institution, we have to meet a lot of compliance requirements. That does not stop with our on-premise environment; it also applies to our cloud systems, so we need to manage those.

It helps minimize gaps in governance coverage among test, dev, and production servers. We also have a lot of our dev, test, and acceptance environments connected to the solution. It allows us to manage those as well based on the production user's life cycle. We have no issues there.

It helps consolidate procurement and licensing a little bit. We do not manage our procurement or licensing in the tool. We have our own procurement tools for that. However, when we know, for example, that there are limits to the amount of licenses we can give out, we use the tool to ensure we do not pass those limits. We use it more as an enforcement tool or safety valve to ensure we follow the guidelines set by procurement on how much we can do.

It streamlines application access decisions, application compliance, and application auditing. We use the segregation of duty framework. We use the attestation framework. It is one of the core pillars for the regulatory and compliance set where we show we are in control of our identities, accounts, and the access they have. We can show that we meet all the regulations in regular reviewing that ensure that no toxic combinations or toxic pairs are assigned.

It helps achieve an identity-centric zero-trust model. We are currently using it for one body, and we are looking into extending it to machine identities. For our current human employees, we are in the identity-centric model. We also have multiple sources from where identities come. We have a lot of subsidiary companies. We have a lot of statements of work or external contractors, and sometimes people come in from multiple sources at the same time. It also allows us to consolidate that to see that it is actually the same identity.

It helps create a privileged governance stance to close the security gap between privileged users and standard users. For the management of privileged accounts, we use another solution called CyberArk Privileged Access Management, and we do have a close automated connection between One Identity and CyberArk where we use One Identity to decide who should have access to which privileged accounts and why. CyberArk is a tool that we use to actually hand out access to those accounts and monitor usage of those accounts, etc. The governance part of who can use which account is managed from One Identity, and then the actual usage is done through CyberArk, and that integration works well for us.

What I like the most is the flexibility or configurability. It is not like you are writing huge lines of code. It allows us to handle our very complex enterprise use cases, and we have many of those. We have a lot of scenarios where we need to do things internationally or slightly differently per country, or need to comply with specific regulations. It gives us a lot of flexibility to meet all those needs while also being able to accommodate our enterprise processes. It allows us to shift the tool to work for us instead of needing to change the organization to follow a piece of technology.

Their support could be enhanced.

There is an area for improvement when it comes to intuitiveness. It has the ability to manage everything and does that fairly well, but that also causes a risk of drowning end-users in complexity. One Identity technology probably has the best way to handle the complexity that you want to tackle as a large enterprise. It can handle any complex use case you can think of, but that is also the thing they should improve on. They should keep it simpler for end-users, even though they are handling that complexity. They should handle all the complexity, but keep it simple for the end users, so the part they need to improve on is keeping it simple for the end users.

I have been using it in some way, shape, or form for 14 years. At my current place of employment, we have been using it for 8 years.

I would rate the stability a nine out of ten.

I would rate its scalability an eight out of ten.

In terms of the number of users, there are two sides. The number of people who request access would be about 50,000, and there are about 300 or 400 people who do specialized things. That ranges from the actual technical team supporting the solution to people doing more complex business role management and things like that for their pillars within the organization.

We use their premier support. That has differed over the eight years. At the start, it certainly did add a lot of value. At a certain point, about one and a half years ago, One Identity underwent some reorganizations and their support level went down and was not up to our expectations anymore. We have had some serious conversations with them about that. They reacted well because support has picked up back to where we expected it to be. The advantage for us with premier support is that, as a large enterprise, we can always run into specific problems, and, at that point, someone who knows all the ins and outs of the product looks at it and helps us resolve those.

Premier Support has not been an influence in purchasing additional licenses or products from the vendor. However, it has definitely been an influence in using the product for this long and not switching to a competitor.

About two years ago, I would have rated their support a nine out of ten. Given the issues we have had, I would rate it a seven out of ten, hoping it will climb back up to that nine.

Neutral

We have a hybrid deployment model. Technical deployment or technical setup is very straightforward. Integrating it into your entire landscape when it is as big as ours and managing everything is obviously complex. I do not believe that is necessarily due to technology; that is due to the sheer volume of data and applications you need to connect.

From starting the setup to the full global rollout, it took about two years.

It does require maintenance. It primarily includes the occasional cumulative update packs being deployed. The second thing is that we have a constantly changing environment. New applications come in, and other applications are deprecated. We acquire companies. We spin companies off. They are, on the one hand, business-as-usual cases. On the other hand, they do require changes in the system. When you are, for example, suddenly onboarding 5,000 new people because you have acquired a new organization or need to integrate another directory service, then obviously that has some impact.

Our partner is Intragen. Our partner was originally AspisID, and they were acquired by Intragen during the eight-year period.

They helped with the implementation, although it was company-led. We led the implementation, and they provided expert resources. They definitely helped with the speed of the implementation. Some of the things they implemented were good for the initial implementation, but over the eight-year period, it has had some rework, which is not surprising.

We got the training from One Identity themselves which was good. Our partner provided on-the-job training but did not provide specific, in-depth training like a specialized training course or anything.

Our partner was involved in helping us customize the solution for our particular needs. Our experience on the whole was positive. Especially on some very detailed use cases, some choices were made which were good in the short term. In the long term, we have had to revisit them. What we are really happy with is that all the customizations they have done have proven to be very upgradable. Customizations that were done seven or eight years ago are still able to work in the current versions of the product. The customizations were done fairly well within the One Identity framework, but for the specific banking use cases, we are currently revisiting some of those.

The customer service we received from our partner has been very good. They have provided good value. They have definitely helped us move forward. They were originally AspisID and were acquired by Intragen. We have the advantage that they have local people, which always makes for a good collaboration. Their nearshore team integrates fairly well into our organization. They do their best to help bridge the cultural gaps. Due to the way they work with the nearshore team, they have been able to provide the resources we want, which we found to be tricky in the past with the IAM market.

That is a tricky estimate to give. Our primary reason for having the tool is not just a return on investment; without technology like this, we do not see a good way to meet our mandatory compliance requirements. Having a technology like this, whether it is One Identity or another, is almost a given to be able to keep a banking license when you are at our scale. Without it, we would need thousands of additional people. That is hard to translate into a return on investment, other than as a multiple of hundreds. That is just not the way you would tackle that problem.

I am aware of the cost. For us, it is quite cost-efficient. We have a good enterprise license agreement, and we are very happy with what we get for the price we pay for it.

I would compare One Identity Manager fairly favorably to other vendors on the market for identity management governance. We have recently done another RFP and decided to extend our contract, primarily because we have a lot of complex use cases, and the fact that the tool can tackle those fairly well is important for us.

I would recommend One Identity Manager to other users, but I would ask questions like, 'What are the users? How big are they?' For other enterprise organizations, I would definitely recommend it. For smaller organizations, like mid-size businesses with a few hundred employees, I would only recommend it if they are in a heavily regulated space. 

I would rate One Identity Manager a nine out of ten.

Our primary use case for One Identity Manager is focused on automatization and digitalization, specifically in introducing identities with appropriate permissions across various IT systems.

One of the most valuable features of One Identity Manager is its availability as an on-premises solution and as infrastructure-as-a-service in the cloud. Additionally, the reporting capabilities, powerful synchronization engines, and workflows, including the SAP connector, are highly beneficial. The solution provides an identity-centric approach which supports achieving a Zero Trust model, and it significantly reduces operational costs by allowing the same number of support team members to manage a greater number of systems.

The user experience has been a concern in the past, particularly with the web interface, but improvements are expected with the transition to Angular. The support from One Identity is very poor. The response is often delayed and lacks actionable advice, such as suggesting updates without confidence in their effectiveness. It is crucial for them to expand their support team to match their product's success. More comprehensive testing and detailed best practices in handbooks could enhance problem resolution.

We have been using One Identity Manager for quite some time, starting with their former product, ActiveEntry, since 2007.

Deployment is complex due to numerous prerequisites that must be met. Installation takes longer than expected, but after a solid design and documentation, it works well.

Customer service and support for One Identity Manager are poor. Despite thorough pre-case activities, responses are often delayed, inadequate, and lack confidence in solving issues. The current support team is overwhelmed by the product's success, and more personnel are needed to improve service.

Negative

The initial setup of One Identity Manager requires a solid design and documentation. It is not a tool to be used without thorough planning. The primary installation is complex, with many prerequisites and conditions that must be addressed. Successful deployment requires careful consideration of all design and documentation steps.

It is difficult to quantify the exact return on investment, but we have observed significant benefits in terms of operational efficiency. The same team can now manage many more systems than before, which is a remarkable advantage.

One Identity Manager is positioned as a premium product. It falls between middle and high in terms of cost, approximately a six to seven if ten is expensive.

More tests incorporating different use cases and scenarios would be beneficial. It would be advisable for One Identity's testing processes to include real-world feedback and use cases, allowing for more thorough and robust product improvements. I rate the overall solution at least eight out of ten.

On-premises

We use One Identity Manager for access management and provisioning, as well as onboarding target system applications. It focuses on identity management and providing access. 

We use different tools like Web Designer and Synchronization Editor, and we do implementation, customization, and configuration based on our requirements.

I can see many benefits, including granting the right access to the right people at the right time. It helps with enhancing security, validating identity types, and assigning initial rights based on the defined processes. Users follow request workflows inside the system to access, which is validated for correctness.

We use One Identity Manager to manage SAP target system applications. We generally use the SAP connector. We create the SAP onboarding project in Synchronization Editor. It is like a bridge between One Identity Manager and the target SAP system applications. It is able to meet our requirements.

It has had a Windows-based UI, and they are also moving to a web-based portal. One Identity Manager helps manage identities and accounts, and we can also see the pictorial representation of the identities there.

We do a lot of customization. It supports customization based on our needs. However, when it comes to Web Designer, customization can be a bit challenging.

We have onboarded 30 to 40 applications, including SuccessFactors, ServiceNow,. We are about to complete SuccessFactors' integration with One Identity. Previously, we used to get the identities in the form of a CSV file where the data was inserted inside One Identity to create the identities of new joiners and do the onboarding. It is now connected to the SuccessFactors application. It is also integrated with ServiceNow. If any incidents get raised, they can be routed to the respective operations or engineering teams for resolution.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers.

One Identity Manager helps streamline application access decisions, application compliance, and application auditing. We have dedicated teams focused on compliance and auditing.

One Identity Manager has helped us achieve an identity-centric Zero Trust model.

In One Identity Manager, I appreciate the Synchronization Editor for onboarding different target system applications. We have various connectors that allow customization. For instance, the Windows PowerShell connectors can connect to different services such as RESTful services, SOAP services, and Windows services. I like how data flows from the target system applications to One Identity. We explore technical aspects, write functions in PowerShell, and connect with APIs. 

Another interesting feature is attestation, where we review and re-attest existing employees' rights. We create attestation policies, workflows, and schedules.

A major area for improvement is Web Designer. If One Identity Manager advances this, it will greatly benefit all customers. Web Designer is based on legacy Microsoft technologies like ASP.NET and HTML. I believe future improvements will resolve performance issues.

I have been using One Identity Manager for the last six years.

It is stable but need more improvements.

It is scalable. I would rate it an eight out of ten for scalability.

We use their regular support. Could be rate 7 or 8 out of ten.

Positive

We do not handle the initial setup, but from what I have heard, it is not complex.

In terms of maintenance, mostly it requires monitoring and health checks to ensure everything in the infrastructure is working properly.

I would definitely recommend One Identity Manager. It offers many opportunities for technical learning, implementation, and customization. One Identity Manager is a good solution for identity and access management, provisioning, and other IAM aspects. 

I would rate it an eight out of ten.