One Identity Manager Reviews

I use One Identity Manager for IAM processes, governance, and policies. 

I use One Identity Manager to help manage SAP. The integration requires knowledge about the structure of the data. If you know the structure of the data, manipulating it is straightforward. With PowerShell scripts, you can connect to the SAP table you want and modify data based off of triggers in your database or processes.

The solution provides IGA for the difficult to manage aspects such as SAP T-codes, profiles, and rules. It depends on how complicated the architecture of the SAP is and the rules that govern it, but you can set those rules in your One Identity Manager and trigger those changes based off of those rules. You don't have to do any work in SAP; you can do all the work in One Identity Manager and trigger the change in whatever environment you want.

I use business roles to map company structure for dynamic provisioning. The business role functionality is important because it helps with the segregation of duties, the SODs. I can create business roles, assign privileges, and provision those business roles to identities, which is essential for managing privileged access.

I use the solution to extend governance to cloud apps. The extension is important to my new client because they want to manage everything in One Identity Manager without using different tools for cloud solutions and identities. Since they already manage their identities in One Identity Manager, provisioning cloud services becomes easy, allowing for seamless assignment of cloud functions to business roles.

The solution helps minimize gaps in governance coverage among test, dev, and production servers, but I don't think it's optimal out of the box. You have to manually create those environments on different servers. It would make sense to have a feature for creating a test environment on one server. It can test scripts, but I think it's not robust enough.

The solution does streamline application access decisions, compliance, and auditing. We have attestation policies that apply to every identity, and One Identity Manager gives you the ability to audit your data, delivering compliance and auditing power. The solution has helped achieve an identity-centric zero-trust model.

The best features in One Identity Manager include the new Angular portal, which is the best improvement they made by removing the old portal. This feature gives you access to customize and create endpoints, APIs, and now it makes sense because you can expose and create endpoints from your tables and other target systems can use them and add or remove from your database and trigger processes with APIs. That's a very cool feature because it makes the identity more robust, and you can integrate as many things as you want to integrate to One Identity now. It's a very good addition.

The solution provides a single platform for enterprise-level administration and governance of users, data, and privileged accounts which is quite strong. I recently started a project where we're trying to integrate the management of nonhuman identities, such as Azure Functions and various other devices. I believe One Identity is very effective for managing these types of applications because it treats everything as an identity. You can also apply and request specific business rules for these identities. Overall, I find it to be a very robust solution for managing these kinds of applications.

For basic tasks, it's acceptable, but when there are complexities and building on those complexities, it becomes slow because One Identity Manager doesn't do parallel processing; it processes in series and in batches. That's a drawback because with a heavy database and many processes, it becomes slow, which isn't ideal for user experience.

There are many areas in One Identity Manager that have room for improvement. I don't prefer that One Identity Manager uses series processing where everything is in a queue; it has to process in order, which means there are too many layers involved in processing a single piece of information. If they could simplify that and make processing faster, it would be perfect. The database queue process doesn't make sense, and it's annoying waiting for processes to finish before another starts. Also, when upgrading, they should be more considerate; with the transition from One Identity Manager 7.0 to 8.2, many functions were phased out, requiring extensive upgrading of numerous scripts.

I find it pretty difficult to customize the solution because you really need to be an expert. If you have about one year of experience, you can't do much with One Identity Manager. You need many years of experience to customize solutions effectively.

I've been using One Identity Manager for almost five years now.

I'll give it a ten for stability. It truly is reliable. It's a solution you can depend on because you have your own on-premises solution as well as your own cloud solution. This means there's no interference from One Identity, such as unexpected automatic updates to your system. The way you deploy it is precisely how you have it set up. Therefore, I give it a ten; it’s very stable.

Regarding scalability, I would give it a ten because, with the new features added, you can integrate with many applications, and it's really scalable depending on your needs.

I've used both regular support and partner support, but recently, I haven't had to use it because I have experienced people around me, so I just ask them for guidance. Based on my experience, I would rate support as a two out of ten. I would rate it so low because support often lacks experienced technical personnel, resulting in long wait times and unhelpful solutions. They sometimes ask random questions or read from scripts, which can be frustrating. After a while, I didn't need support anymore because I had knowledgeable people to assist me.

It should be done properly. They need to hire technical experts and pay them accordingly. I believe the issue is related to budget constraints, which is why they avoid hiring experienced professionals. They should focus on bringing in technically skilled individuals who understand the tools and technologies involved. It’s important to have knowledgeable support staff rather than just hiring random people with only six months of experience.

My different clients have different models. They have the cloud model. They have the on-prem model. It just depends on their needs.

Overall, deployment is easy. Installation is straightforward. Deployment can take an average of a day to set up an instance.

The solution requires maintenance due to frequent bugs with new versions, and it takes time to apply updates. We often comment on bugs in the community platform, but it would help if they addressed them more consistently.

One Identity Manager is not cheap at all, which is a significant drawback for small to mid-sized companies. Only large enterprises can afford the licensing fees, and the pricing needs to drop. They could consider developing a mini version for smaller companies, similar to Microsoft's approach.

I have many partners because I worked with different companies including For Rivers, IT-Consult, and now Staffice. My experience with the partners has been positive. They did really help me out, especially IT-Consult. They helped me with trainings with their own customized training platform where they teach you how to use the tool in three months, where you can create your own processes, work on attestations, onboarding new systems, new target systems, handling sync projects, basically almost everything.

My clients are mainly large enterprise businesses. Most One Identity Manager clients tend to be large enterprises who can afford the costs. 

I can't recommend it to a small company because of its costs, but I can recommend it to big companies. However, the training materials are the worst I've ever seen; they don't provide practical learning, only theory. While it's a good system, it requires a lot of money to hire experts for maintenance. 

I can't rate One Identity Manager compared to other solutions because I'm biased; I still feel it's the best. I would choose it over CyberArk any day due to my experience.

I would rate this solution a seven out of ten.

I configured One Identity Manager's Sync Manager tool and connected using that tool. One Identity Manager synced the data from different platforms, after which we arranged access management through access request forms. We defined workflows and policies based on these requests and created reports using Report Editor.

Business roles represent one of the important use cases I worked with. When you have a workflow, there should be approval policies in place. For example, if certain reports or functionalities should only be visible to the HR department, we define business roles and give access to those particular people. This allows us to segregate the duties of different teams and departments, providing particular access to each department.

One Identity Manager was utilized to achieve what was called an identity-centric zero trust model, which was built by an One Identity partner. The concept involves not trusting anyone and validating everyone who comes to the tool. We implemented something around this, although I was not heavily involved in that particular aspect.

Managing business roles and assigning them from business users is what I appreciate most about One Identity Manager. This is a simplified process that we can manage easily in the Manager tool. The primary drawback of One Identity Manager is the customization of the WebGUI.

One Identity Manager provides everything in a single place, which is beneficial. Before One Identity Manager, we used to manage every certification, onboarding, and syncing of data between platforms separately, which was difficult. Having everything in one location gives us a better understanding and allows us to maintain data more effectively. We can maintain entitlements properly, reduce duplicates and redundancy, and have better overall organization.

The primary drawback of One Identity Manager is the customization of the WebGUI. The customization uses web scripts and drag-and-drop for elements and configuring elements, which was somewhat complicated for a few colleagues. They received training initially from One Identity representatives, but found it was not easy to understand. In comparison, I am using SailPoint in my current organization, and it is less customized than One Identity Manager. It is not that easy to define the GUI in One Identity Manager. Apart from GUI customization, the other tools are fine, and configuration and building everything is straightforward.

When we configured all the platforms including ACF2, RACF, and AS/400 initially, we attempted to integrate with Active Directory after HSBC's huge data set was processed. We encountered some issues while doing the Active Directory integration because of the large data volume. Jobs might process for a long time or there could be timeout issues. This was the major concern we saw in the initial stages. As of now, this appears to be resolved. There is not much drawback remaining. One Identity may have enhanced several things.

Overall, I worked on One Identity Manager for over five years now.

In the initial stages, we did not see any issues when working with less data, such as with RACF, AS/400, and similar platforms. However, when we connected with Active Directory, we noticed some lagging issues while syncing data or submitting requests. After fine-tuning and making adjustments to the data, it began working properly.

One Identity Manager is good regarding scalability. It has separate tools for everything, which allows us to scale to whatever extent we need based on requirements. One Identity Manager is a scalable application.

I contacted technical support for One Identity Manager when we had issues with the request center and the access request manager WebGUI. In the initial stages, we experienced some issues with concepts called cart items and separate items. To understand the process and resolve these issues, I worked with customer support.

One Identity Manager's Premier Support was used initially because in the first couple of years, the response was very immediate and they could easily solve issues. After that, the company may have implemented some licensing policies, and we transitioned to using a ticketing tool. Whenever we found issues, we submitted a ticket, and they responded based on the timeline.

I do not remember the specific details that stand out in Premier Support, but the service was very quick. Whenever issues arose, the response was immediate and they solved them quickly. They assigned resources who worked with us, and we were able to resolve issues very quickly. I would rate the support at a nine out of ten. The support was good, though it sometimes took time to resolve issues.

Positive

The initial deployment of One Identity Manager is very straightforward. Syncing data is straightforward as we need to map the columns between the target system and One Identity Manager. However, it is not that easy, as we encountered some difficulties with version mismatches. One Identity provided support that helped us achieve everything. In the initial stages, they supported us for a couple of years, and we were able to achieve all syncing of data and everything with their help. It is an easy process but not without difficulty.

We managed the solution ourselves with One Identity Manager. Initially, during the first couple of years, One Identity Manager provided solution partners. After two years of contract, they departed. From that point forward, we have been building enhancements and maintaining the project ourselves. If we encounter issues, we raise tickets and move forward.

We continue to perform maintenance on One Identity Manager with ongoing enhancements. Since we work for a bank, we continue getting enhancements and maintenance. Some jobs fail in the job editor, so we need to perform maintenance and address whatever issues we encounter.

My use case for One Identity Manager is mostly for identity management and application onboarding, including joiner, mover, leaver, and application onboarding through the IT shopping cart and role-based access provisioning and privileged account provisioning, along with all the aspects including recertification.

I use One Identity Manager to help manage SAP, and it has the best SAP connector in place, allowing me to manage their identities through provisioning SAP roles, SAP groups, SAP authorities, and all the systems. It also connects with SAP GRC and performs segregation of duties very efficiently with the SAP application, enabling various types of implementations we can do with SAP.

One Identity Manager is a very robust tool with plenty of out-of-the-box features in the identity and access management space, and it is very easy to customize and fits for very complex platforms. 

For multinational companies or those with various locations managing their identities and applications, it is very easy and very robust in nature. 

It also helps streamline aspects of application governance, including access decisions, compliance, and auditing. 

It has a module called access recertification or attestation for recertification and a robust segregation of duties engine, as a governance platform that collects data and provides a variety of dashboards for management.

One Identity Manager provides IGA for difficult-to-manage aspects of SAP, and I can manage by assigning profiles, roles, and groups. There's also a role-in-role concept where I can assign a role to another role.

One Identity Manager delivers SAP-specialized workflows and business logic. For example, if my SAP solution is integrated with SAP GRC and I want to request a segregation of duties check with GRC before provisioning an SAP role, all those tasks can be done in One Identity Manager.

It is easy to manage and provides a single platform for enterprise-level administration and governance of users' data and privileged accounts, but one must know the product. Learning One Identity Manager takes some time, around four to five months, but once learned, managing applications such as SAP or Active Directory becomes easy.

One Identity Manager helps minimize gaps in governance coverage for test, dev, and production servers, and it provides internal deployment tools that make it straightforward to manage code across different environments.

One Identity Manager could be improved by offering a more low-code experience, as it still requires a fair amount of coding knowledge. Compared to other cloud-based tools, the learning curve is quite steep; it can take six months to a year to master, while similar tools may only require one to two months. Earlier versions also lacked robust web UI enhancements and API support, but recent updates have shown notable progress in these areas.

I have been using One Identity Manager for around 15 years, starting in 2010.

The solution is scalable; I would rate it a seven to eight out of ten. It is suitable for medium-level enterprises, but a user base exceeding one million may require heavier infrastructure.

I would rate One Identity Manager's technical support at around 9.5 out of ten. Compared to my experiences with other tools, their support is exemplary.

Positive

Most of the One Identity implementations are on-premises. They also have a now the popular approach is being in hybrid approach is getting popular now.

One Identity Manager is easy to customize, however, the person customizing it needs basic .NET programming and SQL skills. With these skills, anyone can customize it according to their needs.

During the patches or during the core deployments, it does not require any downtime.

I've looked into SailPoint and Saviynt. One Identity Manager is comparatively faster to deploy than SailPoint, although not as fast as Saviynt since Saviynt has a more low-code approach. 

One Identity Manager is highly customizable and allows for extensive UI and backend modifications, which tools such as Saviynt do not readily support. SailPoint allows for similar customizations on-premise but not on the cloud version.

The solution is identity-centric, and we consider it as identities linked to an account structure for each application, linking all the accounts to the identities. 

I recommend One Identity Manager to other users as the license comparison with the market leader SailPoint is very favorable, and it offers all the functionalities at a lower price. 

For medium-level organizations, One Identity Manager rates as a nine out of ten. For larger organizations facing performance issues, it would rate around an eight out fo ten. On a scale of one to ten, I rate One Identity Manager a nine.

I work in the operations part with One Identity Manager, specifically with incident management. On a day-to-day basis, I work with the Manager, Object Browser, Job Queue, and Designer and web designer. These are the most commonly used tools. My work involves administrative tasks such as provisioning, de-provisioning, and ILC.

Currently, I use One Identity Manager on demand. I have seen many companies, and even after joining my current company, I can observe calls from different projects where everyone is using One Identity Manager as an IGA solution. I can see it has good demand in the market. However, I could say it is about 50/50 because many people are preferring cloud solutions nowadays.

One Identity Manager handles a very large amount of data, which is one of the good things about the tool. Everything is customizable and easily customizable, which is another strong point. For every configuration, a different tool is available. For example, if I need to set any configurations, I can do it in the Web Designer. I can use Object Browser for SQL-related tasks and mostly for database management.

One Identity Manager has role-based access management. For instance, if I need to work with different applications, I need a specific role. I need to request that role from the application, such as an admin role or any other role. It will be processed in the back end, and I can check everything in the Manager tool as well as Object Browser.

One Identity Manager has business rules such as internal administration, external administration, and security admin. I have seen those kinds of business roles in my project. These are utilized through birthrights. Some roles are assigned during joining itself, while a few business roles are assigned based on a request and are approved by the managers as well as the product owners based on role and demand in the project.

Business rules in One Identity Manager are administrative in nature. One Identity Manager provides users for administration roles, and roles are provided during joining and based on role and demand in the project. Different criteria are available, and based on that, business roles will be provided.

One Identity Manager minimizes gaps through the Manager application, which is part of everything including governance, audits, certifications, and attestations, all available in the same application.

Application-related information is all available in the Manager tool in One Identity Manager. For a specific application, there are different groups or different roles. Everything is audited and has attestations. Attestations occur yearly or twice yearly for compliance purposes with different applications.

As an owner, I receive attestations yearly or twice yearly. For example, if user A has a specific role, I verify whether that role should be with that user. During the request itself, it goes to the product owner at the last approval level. After approval, we have attestations, and that governance part is covered for every role based on product owner approvals.

Privileged users are different from other users in One Identity Manager. Privileged users have specific configurations and are provided with different roles to access only specific applications. Privileged users are not treated as normal users. That part is also covered in One Identity Manager. From my project point of view, I did not see that much privileged user solutions because we have other tools in place to manage privileged access management. However, based on my previous experience, I can speak to this capability.

One Identity Manager is an IGA tool with everything available in the same tool. For example, Identity Lifecycle, attestation, certifications, and role-based access management are all available in one tool. Everything can be customized based on customer requirements. Everything can be managed in the job servers as a separate process, so there is no dependency for different jobs inside the processes. Each job works as a different process. One Identity Manager has a Designer application where I can customize everything based on requirements such as jobs, different application connectors, and different tables. The web application is built in Angular, which is another feature that can be utilized for better user experience.

User experience with One Identity Manager is somewhat difficult compared to cloud SaaS solutions like Saviyent and SailPoint. As an on-premises tool, it is comparatively harder to explore, and lagging sometimes occurs while loading data from the backend. These are the minor drawbacks regarding One Identity Manager user experience. However, I can see there are many improvements, and they have introduced a new version with some improvements, but my project has not implemented it yet.

Comparing One Identity Manager with other tools, the customization is very simple. I have a Web Designer tool where I can connect with different applications, create connectors, create customized processes, or create different tables. Everything is possible in the Designer, and documentation is also available on One Identity Manager's website.

From an improvement point of view, the user experience and UI are somewhat lagging. That is one thing One Identity Manager should improve. Additionally, there are many tools in this space, so I have to check each tool for different purposes, though I am not sure how that could be improved. One Identity Manager runs thousands of jobs daily. Sometimes jobs get stuck and processing is slow, though not every time. One Identity Manager could provide a solution to improve that performance as well.

I believe One Identity Manager should focus on cloud solutions. Everyone is nowadays preferring cloud solutions, so that would be another improvement. Moving some of the things to the cloud would definitely improve the performance of the on-premises solution.

I have worked with NetIQ and Saviyent before One Identity Manager.

I started working with One Identity Manager approximately three months ago.

I do have premier support for One Identity Manager.

With premier support, I can see they are directly connecting with our team and providing tool training from One Identity Manager people. They come to our company and provide trainings based on new requirements. That is a good thing. If a new feature comes up, they provide us approaches to implement in our solutions.

I have previous experience with SQL and database management. I was working with NetIQ, which is also a legacy tool. I wanted to switch to a different tool with a different project. I had SQL knowledge before that. If someone has SQL-related knowledge, it will be very easy to work with One Identity Manager, and there will be many opportunities. Because of the opportunities, I chose One Identity Manager. In NetIQ, there was nothing like SQL. One Identity Manager has IGA, but NetIQ did not have that many opportunities at that time. I also have experience with .NET. One Identity Manager has a VB.NET solution, which was another factor in my decision based on the opportunities available.

I have been involved in a few implementations of One Identity Manager. I can see it is a long process. I have to create a transport, create a package, and build in Jenkins. There are many things involved, and it is not a straightforward process in One Identity Manager. Deployment is definitely a complex thing in One Identity Manager, and it is longer than other tools.

I did not get a chance to work with partners because I am still in the learning phase with One Identity Manager. I am exploring the tools in my project. However, in the future, there are platforms available to connect with One Identity Manager partners, and I will connect for sure.

I did not work on SAP implementations with One Identity Manager.

I have not seen cloud implementations with One Identity Manager in my project. However, we do have plans to implement some cloud solutions in the future. We have Entra ID with our projects, and that is the only cloud solution I have seen so far.

I do not have knowledge about zero trust models.

Privileged accounts are not managed in One Identity Manager. I am just creating those accounts, but they are completely managed in a different IM solution. For PAM, there are different applications managing those responsibilities. Currently, I am not working with those privileged users.

Since I am very new to One Identity Manager, I am still on the learning curve and exploring different things. One Identity Manager is a very huge platform with many tools, and the architecture is quite complex.

I give One Identity Manager an overall rating of eight out of ten.

The JML process, which stands for Joiner, Leaver, Mover, is my main use case for One Identity Manager, where we focus on synchronizing between different directories.

In our environment, the synchronization works by having different Active Directories in different countries, and we are reading based on a predefined extension attribute, user, and security groups.

Regarding my main use case, we solve the governance and compliance part.

The best features One Identity Manager offers for us come from the sync projects, which are our way to keep data from different sources in one single place, giving us the possibility to simplify the process and to have a clear overview over the products and data.

One Identity Manager has positively impacted our organization by adding more visibility on what we have, what we need, and what compliance features or compliance requirements we need to fulfill while allowing us to provide audit records on time and in a very useful way.

The main functionality that I expect from One Identity Manager is to include more possibilities to use a custom interface and a more user-friendly interface, as this is one of the major topics. There are a few other things which I think could be easier to implement, and another feature which is really helpful.

These are my main pain points regarding additional improvements that One Identity Manager needs.

Regarding the reporting and analytics features in One Identity Manager, the analytics and reporting part is a place where improvements are really helpful, making it more user-friendly.

The performance and speed of One Identity Manager in my environment show that they consume a lot of resources, so the speed depends on the resources assigned for each component.

We started working with One Identity Manager around nine years ago.

In my experience, One Identity Manager is stable, and it can be easily added back to the system.

The scalability of One Identity Manager is quite good, but the growth can be quite expensive.

One Identity Manager's customer support is satisfactory, as they provide us support every time we open an incident or a ticket.

I previously used an in-house solution, and the reason for switching to One Identity Manager was that the cost for maintaining and implementing new features in the in-house product was over the price for implementing a new product.

My experience with pricing, setup cost, and licensing is that this is something where every company decides in the first phase of the project when they decide to work with One Identity Manager, and it can be improved.

Implementing One Identity Manager in my environment was quite difficult because it requires specialized persons.

I have seen a return on investment with One Identity Manager, as the number of resources required increased, but the main benefit for us came from being compliant with the regulators, where we fulfill a lot of regulations with the product.

My experience with pricing, setup cost, and licensing is that this is something where every company decides in the first phase of the project when they decide to work with One Identity Manager, and it can be improved.

Before choosing One Identity Manager, I evaluated other options, and it was a discussion with ForgeRock, but ultimately, One Identity Manager was chosen.

I find the integration capabilities with other systems or applications work really fine with the standard products.

I find the role-based access control and permissions management in One Identity Manager meet our requirements, as they are standard implementations and are really fine.

I would describe the upgrade and patching process for One Identity Manager as difficult when upgrading from version 6 to version 8, but quite easy from version 8 to version 9; now we are planning to upgrade to version 10.

I find the documentation and training resources for One Identity Manager quite helpful for specialized persons, although I still consider the trainings to be too expensive.

My advice for others looking into using One Identity Manager is to ensure they have the capabilities, resources, and knowledge to do whatever they want before they start.

I really want to have access to more documentation and data regarding One Identity Manager.

I would rate this review a 7 out of 10.

One Identity Manager serves as our centralized identity governance and access management solution across the organization, primarily used for managing the complete user life cycle including onboarding, role-based access, provisioning, and offboarding.

In daily work, we use One Identity Manager for onboarding new users where access is automatically assigned based on their role. Recently, it helped us quickly provision access for multiple users without manual intervention, saving time and reducing errors. It also ensures proper access removal during offboarding, improving overall security.

Apart from life cycle management, we also use One Identity Manager for periodic access review and compliance reporting. It helps maintain visibility over user access across the system and ensures policies are consistently enforced. Overall, it adds strong control and governance to our environment.

One Identity Manager offers strong automated identity cycle management, which reduces manual effort, and it provides role-based access control and self-service access requests, making access management smooth. The compliance reporting and audit capabilities are very useful for governance, and its integration with multiple systems, both on-premises and cloud, gives complete visibility and control.

The automated identity life cycle management makes the biggest impact for our team, as it significantly reduces the manual effort in onboarding or offboarding while ensuring users always have the right access. This improves both efficiency and overall security.

One Identity Manager has improved our efficiency by automating user provisioning and reducing manual effort, and it has strengthened our security by ensuring proper access control and timely offboarding. It also made audits and compliance reports much easier and more streamlined.

One Identity Manager would benefit from enhancements in flow customization and faster performance in large environments to make it more efficient. Overall, it is a strong solution with great potential to evolve further.

From a user experience perspective, a more intuitive and modern user interface would make One Identity Manager easier for new users to adapt to quickly. Additionally, while support is generally good, faster response times in complex cases would enhance the overall experience. The current support and documentation are already quite helpful.

I rated it nine because it already delivers strong identity governance, automation, and reliability in day-to-day operations. To make it a perfect ten, a more intuitive user interface, a faster initial setup, and slight improvement in performance for large scales would make the experience even smoother.

I have been using One Identity Manager for the last three years.

One Identity Manager is stable.

One Identity Manager is highly scalable and works well for enterprise environments. It can handle large user bases, even millions of identities, and support both horizontal and vertical scaling as needed. Overall, it performs reliably even as the organization grows and adds more systems.

Customer support for One Identity Manager is generally good and responsive, especially for standard issues. The support team has strong technical expertise and provides helpful solutions when needed.

We were using a more manual and partially automated access management approach earlier, and we switched to One Identity Manager to achieve better automation, centralized control and management, and strong governance. It also provides more scalability and improved compliance compared to the previous setup.

The initial setup cost might be slightly high, but it is justified by long-term value and automation benefits.

We have seen the return on investment after implementation with around a 60 percent reduction in manual effort for access management, and onboarding times have decreased significantly. It also reduces the dependency on additional resources for routine tasks, and audits are now faster and more efficient, saving both time and operational cost.

The pricing and licensing of One Identity Manager are reasonable considering the features and capabilities it offers for enterprise use.

We have evaluated a few other identity governance solutions such as SailPoint and Microsoft Identity Manager. However, we chose One Identity Manager due to its strong automation capabilities, flexibility, and better fit for our hybrid environment.

Once properly configured, One Identity Manager becomes a very efficient and reliable solution for handling identity governance at scale.

We have seen around 60 to 70 percent reduction in manual effort for user provisioning and access requests. Onboarding time has reduced significantly, and access-related errors have also decreased. Additionally, audit readiness has improved with faster report generation and smoother compliance checks.

I would recommend clearly defining your identity and access requirements before implementing One Identity Manager. Invest time in proper initial configuration and role design, as that makes a significant difference later. Also, leverage automation features fully to get the best value and efficiency from the solution.

One Identity Manager is a powerful and reliable solution for identity governance and access management. It has helped improve efficiency, security, and compliance in our organization. With continuous enhancement, it can become even more user-friendly and impactful. I rated this solution a nine out of ten.

I am currently working with One Identity Manager, and I was previously working with it before I switched to SailPoint, but now I'm back working with One Identity.

In my previous organization, I was working with One Identity Manager in a personal capacity and we were also switching it to other customers to use it as a specific tool for their IAM operations. Currently, it serves as our in-house identity lifecycle management tool.

We use One Identity Manager for governance purposes, whether it involves the governance side of things, identity lifecycle requests, or anything similar. We utilize it for multiple purposes.

We have a couple of vendors for One Identity Manager, but we also work directly with it. We usually take support from a couple of outside vendors.

One of the best features in One Identity Manager that I really appreciate is its high customizability. When I was one of the vendors customizing the demo, it allowed me to tweak things according to our requirements, which I find not available in other IAM solutions.

The advantages of One Identity Manager include its high customizability and the existing workflows that cover a wide range of processes without having to start from scratch.

We have the SAP module in One Identity Manager. We would be using a central account to connect SAP accounts to employee identities under governance.

Being a central account for SAP is important because it helps to remove a lot of discrepancies and makes life easier, especially since SAP is integrated into almost all large-scale organizations.

One Identity Manager does deliver specialized workflows and business logic for SAP.

We do have support from One Identity, but I'm not sure about the Premier Support.

One Identity Manager definitely helps to streamline application governance aspects such as application access decisions, application compliance, and application auditing.

Streamlining application governance enables us to find gaps and manage risks associated with accounts, whether they are privileged or non-privileged, according to our policies.

One Identity Manager does help minimize those gaps in governance coverage among test, dev, and production servers.

There are different roles for the test and dev environments, making the governance aspects manageable.

One Identity Manager has helped us achieve an identity-centric zero-trust model, which aligns with one of the four IAM principles.

I rate it at seven because although for a user there is a front end that is simple, the back-end has so many tools that it's quite complicated. I prefer SailPoint or Saviynt where everything is in a single view, making it easier to work with.

Customizing One Identity Manager for my particular needs is complicated.

The customization can be a double-edged sword. While we can customize everything, it complicates things, and sometimes it leads to problems in the future.

I'm looking forward to the improvements with version 9.2 launching the Angular portal, as the previous Web Designer was problematic. I would appreciate a clearer approach to customization.

I understand that the customization is quite complex.

Instead of having multiple tools for backend and users, I would like to see a single screen solution in One Identity Manager.

I would like to see more specificity regarding timelines for missing features being requested, as One Identity Manager needs to improve in that area.

I have been working with One Identity Manager for close to almost three years.

I'm not sure if our One Identity partner helped with the implementation because we have been using One Identity Manager for more than ten years. Everything is implemented, and we are just upgrading, but I would not say they help us with any implementation.

I'm not sure if One Identity Manager provides IGA for the difficult to manage aspects of SAP, such as T-codes, profiles, and rules.

I'm not working on that part of SAP connectivity, but I understand that the integration of SAP is essential in any IGA tool and it should be simple.

I ask questions to the tech support team and they provide solutions.

I rate the tech support at six. I would have rated it seven, but since I rated One Identity Manager at seven, I give them a six.

I'm not sure if One Identity Manager helps with procurement and licensing since I haven't worked on that side of things.

The onboarding process was different for me since I worked as an engineer and developer, but generally, it's straightforward for others.

I would appreciate clarification regarding how I assess One Identity Manager for providing an enterprise view for managing logically disconnected SAP accounts.

I don't have insights into return on investment with One Identity Manager. A business person would be more suited to answer that question.

I have a rough idea that One Identity Manager is comparatively cheaper to implement than other tools, but I don't know the exact pricing.

I have experience working with other identity management solutions such as Saviynt.

The key differences between One Identity Manager and competitors are that others being based on Java give them a competitive edge, while One Identity Manager is shifting to Angular but remains based on .NET. Other tools have single screen solutions, making navigation easier, while One Identity Manager's interface can be slightly slower.

It is mainly an identity governance tool. It is being used to collect, for example, any new employee records or employee records in general from HR systems, such as Oracle, SAP, and Workday, and then push it downstream for systems such as Active Directory, Exchange, etc. This is the main functionality of it. 

The other functionality for it is to have a request platform, such as a web portal, for requests for access, approval, and user-based grants and reviews.

It helps the organization to simplify its control over enterprise access and makes the new joiner's process easier. In a small organization with 40 to 50 users, it is not a big deal. You can have one IT guy who is responsible for creating an email account, Active Directory account, Azure account, etc. It will take him one or two days to do it, but in a big corporation with more than 500 employees in different time zones, doing that is a big challenge. One Identity, and IGA products in general, excel at onboarding and offboarding employees with the linking and synchronization with the HR system. This is what they are best at. They remove the complexity because you have your Active Directory created, updated, and disabled on time, and there is no issue with that.

There is one fabric for identity lifecycle management, and the access is based on that identity lifecycle management. This is applicable to the whole market for identity governance. It is not just One Identity. You have SailPoint, Saviynt, and others. All of them are good in this aspect. They do improve the organization like that.

We can customize it to integrate with any system or application, and we can go deeper in analyzing people's access, creating roles, dynamic roles, and RBAC. They have a very strong RBAC offering, which is a role-based access model offering. If you structure it right, you can do an RBAC with One Identity. I use it for two customers. One is in the Middle East and one is in Europe. I represent the client side, and mostly I see a robust onboarding and offboarding operation with this product. It is very good for both experiences. It is a very structured way of doing things. Movements across the departments and things like that can be handled. It is quite customizable. It is quite good.

When it comes to intuitiveness, the clients using IT Shop people are complaining. I have had a client in the Middle East, and then I have had a client in Europe. They all say that IT Shop is not intuitive. It is the same feedback. One Identity is trying to make it better with Angular, but there is a fifty-fifty split. One aspect is how the vendor has designed the portal and the other aspect is how you structure the request and approval process. We are as guilty as the vendor. The vendor has a bad portal, but most of us also have a bad way of thinking as clients. People are not advised well because the adoption and the usage should be driven by the vendor. Instead of doing that, the vendor is just selling. If you talk to a partner, they might advise you, but if you have the wrong partner, you are in trouble. So, people complain about the intuitiveness of the portal, but they are confused because the process is being showcased in a very bad way.

To customize IT Shop, they had a strange tool called Web Designer. It is one of the seven tools or seven clients they had. It was not easy to find anyone worldwide who knew how to handle it. You can find developers who have One Identity skill set, but only one out of ten of them would know how to handle the designer tool. In case you need to customize, it was a tough journey. That is why One Identity flipped the narrative by saying that they are going with Angular. We need to run Angular, and they have the REST API. I told them that this is a bad approach because they are assuming that clients have Angular developers, but some clients or some small clients do not have Angular developers. Some clients might have Angular developers but they are assigned to all business units. They are asking us to start hiring an Angular developer or rely on a partner, but is their partner certified to do Angular or not? To me, they did this conversion without any proper thinking or from a very narrow perspective.

I do not have complaints about the backend of this tool. Frontend is a major issue. Their roadmap has no consideration for the clients. In the CAB meetings, I have seen how they manage relationships in general. The company mindset is a bit strange. They look at big clients for feedback and opinions, but they do not look at small and medium businesses. They do not care about hearing us, but when it comes to big companies, you see their engineering team circling around them. They have this cultural problem in the company. They are not only selling the products to just a few big companies worldwide. They are selling it to everyone, but there is a lack of inclusiveness. They assume that all the clients have the same technical skill sets to operate this tool, but that is not true. There is an issue with their roadmap and way of thinking. I have also provided this feedback to the head of the company, Mark Logan, during a cab meeting. I told him that they need to fix how they collect feedback and maintain customer relationships.

We use business roles to map company structures for dynamic application provisioning. It is very good for that. It works very well. If you implement it right and you are advised very well, it can be magic. It can make people very happy about the tool in the company, which was the case when I was working in the Middle East for my first employer. If you do it wrong or are not advised well about it, it can lead to disaster, which is the case with my new employer where I have been working for two years. We have reached a point where we have 50 roles with the same entitlements, and people do not know which one is which. It is not the fault of the tool. The lack of advice on how to structure and design it well can lead to issues. It is not a technical issue. From a technical perspective, it is very flexible. It can do whatever you want. Partner implementation is the main issue.

It can help minimize gaps in governance coverage among test, dev, and production servers, but I have not seen it in practice. Some people do it where you can connect One Identity to One Identity Manager with a direct connection. You can have that. That is one option. The second option is something called transport packages, so it has a good change management label and transport package solution. They have a partner called Intragen, which is a Dutch partner, that created a new product called Deployment Manager. That product does the release management process and testing for CI/CD to a very good level and in an automated fashion. You can buy a product like that and hook it up to One Identity. The tool has the framework to handle this. It is okay in that sense. From a change management and release management perspective, the product has principles. It is not lacking there, but it needs modernization for complete CI/CD.

It is very good at helping you streamline application compliance and application auditing if you know how to integrate applications. Most IAM programs or projects focus on users and users in groups, but handling single entitlements or a cluster of entitlements is a different board game. However, I cannot say that it is a One Identity problem. One Identity is customizable, and it is equipped to do that. You can do that. It is an investment issue rather than a One Identity issue.

The best feature of this solution is its flexibility to be customized. It is like a framework. You can customize it very far from its core functionality, and it will still work.

The second best thing about the product is that it is rich in concepts of orchestration and event-driven architecture. It works well if you have a development team. For a team that has developers with VB, .NET, or C# skills, it is a very good product.

Another thing that is good about this product is its stability. In general, it is very stable. It does not go down that easily. It does not crash frequently. Especially since version 7 or 8, accessibility has been a very good factor. These are the main aspects that make it one of the best products.

In terms of providing a single platform for enterprise-level administration and governance of users, data, and privileged accounts, One Identity is not yet there. One Identity recently bought OneLogin. They already had Safeguard and One Identity Manager. They have started integrating these three tools. I am also on the customer advisory board (CAB) of One Identity, so I have more insight into these things. I know that they started to integrate OneLogin and One Identity just recently. OneLogin is their access management tool. They use it for authentication and for SSO. It is a competitor for Entra and Okta, whereas Safeguard is competing with CyberArk, Delinea, and BeyondTrust. One Identity has indeed done good integration between their three products. However, the platform is not unified. You still need three URLs, which is not optimal. They are going there, but it will take them time.

The second thing they are not yet good at is their SaaS offering. They are behind in the market. They started with something in Safeguard, but it is a pretty basic offering. It is still a new baby. They have Safeguard On Demand, but it is just a hosted PAM solution. I did PoC for Safeguard twice. This is how I know this, but I have not used it. As PAM, Safeguard is a good product, but it is not a full-featured PAM like CyberArk or BeyondTrust. They are lacking in that aspect.

The integration between One Identity's products is similar to BMC's integration. I used to work with BMC products such as BMC Remedy ten years ago. I used to be an ITSM or Control-M guy. When BMC integrated its products, the integration was not well done. It was like two different entities trying to integrate with each other rather than one company giving you a fully-fledged platform. The same thing is happening with One Identity Manager at the moment. They are selling it as a unified platform, but in my opinion, it is not yet good. It is also not bad. There are things that I can take from it, but there is no complete picture. The problem nowadays is that vendors are getting into each other's areas. For example, CyberArk used to be just a PAM provider, so people would integrate with it, but now, CyberArk wants to do the identity bit. It has now become a competitor for other vendors, so they will stop integrating with it. SailPoint, at some point, stopped integrating with CyberArk. SailPoint and CyberArk's integration was good. This is what is happening in the market or between vendors. All of them are getting into each other's area. If you happen to buy another product from a competitor, you need to integrate it on your own. There is no integration plug-in concept between them. This is a bit hard for companies that already have a PAM and they want to buy a new IGA, for example, or vice versa.

They are trying to shift towards an Angular-based platform for their web portal or for IT Shop. That has been very long overdue because they did not modernize their web portal for almost three versions. They are doing it, but there is no feature parity till version 9.3, which is the upcoming version. This is a problem. For example, data governance is not included in 9.2 if you want to upgrade, but if you do not upgrade, you lose support. They have these issues with the roadmap in general. They give you options, but they are not always the complete options. To me, it seems that this company is going to suffer in the long run.

Another issue is that for admin requests, we have to configure the tool at least in seven different clients, which is unacceptable. We are in 2024, not in 1981 or 1985. Having seven clients for the same tool, or more, is just unheard of. To me, that is a very old design idea. I am on the newest version 9.2, and I am still doing that. To me, that is a big problem as an admin. 

The relationship with the customers is extremely bad. That is not a technical problem. That is a company problem. They tried to fix that, but it seems they failed. They do not have the personnel. They have a hiring problem. They now rely on partners. They are a type of company where the partner is more of a vendor to you as a client rather than the company itself. If you want to pick any solution by One Identity, you need a very strong partner with you. If you do not, you will struggle with this product's adoption, roadmap, vision, and implementation. We struggle a lot as a client. I have been there. I have seen that. It is not easy with them. One Identity is based in Europe. Our account manager at One Identity resigned in May and till now, just to show how bad they are, we do not know who our new account manager is. We are in August.

Their Starling Connect roadmap or flagship is a failure. We had to withdraw from using it with SuccessFactors, for example. It had a lot of stability issues. Now, my understanding is better, but it caused a bad implementation, so we are not using it. They are not investing a lot in enhancing or extending Starling Connect. They are using Starling Connect as a propagation gateway to SaaS apps so that you have One Identity Manager on-prem talking to Starling Connect which is handling all SaaS apps. However, the roadmap for Starling Connect is not clear. Now that they have bought OneLogin, OneLogin can do that as well as an IAM tool. You can now bring any IAM or CIAM tool such as Entra, Okta, or OneLogin. They can be your propagation gateway. OneLogin and Starling Connect are competing products, and they need to unify them. They cannot have both products doing the same thing. When I discussed this with the head of engineering from their side, they were still defending having Starling Connect. I do not understand why because if you have a proper IAM such as Entra or Okta, that is your propagation gateway. That is it. You can do everything you want with it. You can merge the functionality, and that is it. You do not need Starling Connect. To me, this is confusing. You use a propagation gateway like Starling Connect because it has ready plug-ins to connect to SaaS apps and you do not need to create a custom connector every time. If you look at the number of apps that One Identity supports with Starling Connect, there are not more than 50, which is not a lot. There is a big difference when you compare it to Okta Marketplace or Entra Marketplace. You will immediately understand the difference. OneLogin's marketplace is better than Starling Connect, but OneLogin was not a part of One Identity before, so they had their own marketplace. Overall, the Starling Connect roadmap does not make sense to me.

They need to remove the dependency on VB.NET for backend development and they need to unify the front end. If they are selling it as a unified product, they need to give me a unified UX. This is something I have mentioned to Mark Logan himself. This is how ServiceNow won over Remedy. Having a unified UX and being able to turn on or off a feature is better than trying to connect three or four different products with different contracts. To me, the main thing is that they need to modernize their application. Once we do that, making it SaaS is doable.

I have been using this solution since 2018.

It is very stable. I would rate it a nine out of ten for stability.

I would rate it a six out of ten for scalability.

About 25% of the company uses this solution. If the company has 4,000 people, at least 1,000 people use it. It is quite a well-known product. It is not just a niche one. It is a mainstream product. People use it. We have 30 branches all around the world, and all of them use it. We are hosting it centrally in Switzerland.

I use their regular support because their premium support is useless to me. Their support, in general, is useless most of the time.

Negative

The main thing that makes this solution stand out as compared to others is the ability to customize it, especially when it is on-prem. It is cheap from a licensing perspective. Once you pay, it is very cheap to operate if you have a good development team. It is also extremely stable. At the backend, it is well-designed. However, it lacks AI. When you go SaaS, you can put AI and all of that stuff, but if you are on-prem, you do not have AI.

It is deployed on-prem. Its deployment is complex.

By design, it is well-engineered. The idea is that the database pushes everything, so you need to focus while updating or installing the database. If the database is installed correctly with schemas, it has DLLs. Whenever you install a client, it distributes to the connecting client, so it is designed with this centric approach. However, sometimes, you end up with situations related to encryption, a missing component, or a missing instruction that you did not account for. 

Recently, I upgraded from version 8 to 9, it took 14 hours of work to do an in-place upgrade. It was not a migration. That is too much. We had a team of five people including developers. It was not easy. It took us two months to do the upgrade. It is always like that because you need to do complete testing. A small problem with One Identity is that they remove a functionality but do not tell you about it, so you need to test. If you are giving me this product that can be customized, I will use the methods that you have. If you change how a method behaves and do not tell me, I get into trouble. Only a very strong partner would know about all this. With a small partner, you will have an issue.

It does not require much maintenance or patching. That is not an issue with One Identity. You do not need to restart it once a month. It is very stable. From time to time, you might have some issues that require a restart but not all the time. It is not like some Java applications that require a restart every month.

On-premises, it is cheap. It is way cheaper than others. The cost of the hosted one varies. They do offer a hosted one, and its cost varies, but it is not that expensive. You have a license for employees and a license for support.

The problem is that people try to compare it with an IAM solution such as Okta or Entra, but they are different products. It should not be compared to them. The only ones you can compare it with are SailPoint or Saviynt. In my head, the rest are not even IGA products. SailPoint is much more expensive to operate than One Identity. If you go SaaS, SailPoint is way more expensive, but that is the whole point of SaaS. SaaS is more expensive anyway.

I would recommend this solution only if you have a very strong partner. Otherwise, do not go close to this solution.

We use One Identity Manager to manage SAP, but in our case, we have connected with CUA, so we have one single point of interface with SAP. That helps a little bit to make the management less complex. If we did not have CUA, we would have had to connect individually. CUA is straightforward. We connect to it. We push through CUA, and we sync everything. We have thousands of roles.

It provides IGA to some extent for the difficult-to-manage aspects of SAP. At the moment, with CUA, we do clients, profiles, etc. They recently added something called behavior-driven governance on SAP. We have not used it, but we can basically check if someone is using his account in SAP or not, and then we can do a user-based access review for his access. We can see what he used within SAP, which is good. We can also do combinations where if we have this role, we should not have that role in SAP, which is very good.

One Identity gives you a lot of features, but you need a proper program to drive it. If you do not know how to use it, you will stay at the basic level. Technically, the product is well-capable, but the caveat is that it is a framework product. You need to have a development team. You cannot just do it with a normal admin. You need a development team for this product.

Versions 9.2 and above have something for assisted approval. I have not used it, but from what I have read, you can see who in the same team has the same access. It will tell you whether it is an anomaly or a common request. The same thing is there for user baseline reviews. That is a good thing.

Overall, I would rate this solution a five out of ten.