One Identity Manager Reviews

One Identity Manager streamlines our entire identity lifecycle management. It handles onboarding new joiners, assigning and controlling roles with role-based access control, and automates user access reviews twice a year. Additionally, the system facilitates reporting for audits, providing auditors with necessary information on demand. This centralized system acts as a one-stop shop, managing everything from onboarding and role assignment to offboarding and emergency access control.

With centralized user management, data is effortlessly pulled from various systems like SOAR and HR, simplifying user creation and data maintenance. This allows for easy user editing, role assignment based on HR attributes or department affiliation, and streamlined account allocation based on review levels, departments, or the entire organizational structure.

Our Access Control in One Identity Manager is 99 percent automated saving us nearly 100 percent of our time.

One Identity Manager simplifies SAP administration by providing a centralized view of even logically disconnected SAP accounts. It offers a flexible helpdesk approach. We can either leverage its built-in model or create our own UI accessible to specific teams based on their applications. This ensures each team sees only relevant tickets for their area, streamlining access management for disconnected applications.

One Identity Manager can connect SAP accounts to employee identities under governance.

One Identity Manager simplifies Identity Governance and Administration for SAP, a complex system to manage in this regard. It empowers us to effectively manage SAP profiles, roles, and groups, ensuring their proper assignment to corresponding SAP accounts.

The solution delivers SAP-specialized workflows and business logic.

One Identity Manager integrates with its Privilege Access Management solution to provide more granular control. This means we can define different account types within One Identity Manager, such as normal, admin, and privileged accounts. By assigning privileged access only to designated accounts, we can restrict access and permissions and enhance overall security control.

One Identity Manager offers a user-friendly experience with an intuitive interface. It even provides a webshop for end users, allowing them to easily request new roles or accounts in various systems with a simple two-click process.

Having the right resources makes customization a breeze. While understanding customer needs and translating them into technical specifications requires some processing upfront, One Identity's suite of tools simplifies the actual back-end work. From drag-and-drop interfaces for workflows and reports to scripting and C# coding supported by existing SDKs, customization options cater to all users.

This dynamic application provisioning solution uses business roles to map our company's organizational structure. In other words, access to applications is determined solely by our assigned role within the company hierarchy. This role-based approach ensures users only receive the permissions they need based on their specific function, preventing unnecessary access.

One Identity Manager streamlines our cloud governance by providing a centralized platform to manage user access permissions across all connected cloud applications. This eliminates the need for individual provisioning for each app, ensuring efficient authorization control.

We have significantly improved our compliance posture with One Identity Manager. Previously, auditors identified numerous findings during manual audits, requiring extensive time and resources to address. With One Identity Manager, we've automated the onboarding, offboarding, and joiner processes, achieving a 95 percent closure rate on audit points. This centralized solution streamlines the auditor experience, allowing them to efficiently obtain information from the IAM team, saving both the organization and auditors valuable time.

We have minimized inconsistencies in how our governance policies are applied across test, development, and production environments.

One Identity Manager helps us create a privileged governance stance to close the security gap between privileged users and standard users by managing those accounts separately. This segregation prevents unauthorized access, as standard accounts cannot hold privileged rights and vice versa. This clear separation helps to close the security gap between these user types.

One Identity Manager streamlines our procurement and licensing processes, allowing our initially large operations team to focus on more strategic tasks. By automating license management for connected applications like SAP and Azure Active Directory, the solution eliminates the risk of human error – forgotten access removals for unused licenses are a thing of the past. Now, licenses are automatically assigned and reclaimed based on user activity, ensuring efficient resource allocation. This means new hires receive immediate access, and vacated licenses become readily available, freeing the operations team from manual license management headaches.

One Identity Manager streamlines application access decisions by automating the provisioning and de-provisioning of user access based on HR data. This eliminates manual intervention and delays for both HR and department personnel. When an employee changes departments, their access permissions are automatically updated in the identity management system, granting them the necessary tools to perform their new duties immediately.

It also streamlines the automation of identity and access controls, making it easier to implement a zero-trust security model where every user and device is verified before granting access.

While our audit processes were once cumbersome, requiring auditors to chase down reports from individual SAP administrators, everything is now centralized. One Identity Manager stores all application and database information in a single location, streamlining reconciliation efforts.

One Identity Manager stands out for its extensive functionality. It allows us to perform nearly any customization a customer might require, unlike other products with limited customization options. One Identity Manager's wide scope for tailoring configurations makes it a versatile tool. It can connect to various target systems, including Active Directory and schema-based systems like REST APIs. This makes One Identity Manager a great fit for our organization's end-to-end needs, from user provisioning and auditing to onboarding new joiners. It seamlessly fits all our requirements.

Transitioning from legacy technologies, like for a seasoned web designer moving to Angular, can be challenging and requires dedicated learning. To ease this shift, One Identity Manager could provide reusable components, similar to other systems, which would streamline the learning process and allow for greater customization.

I have been using One Identity Manager for almost ten years.

Offers a user-friendly experience with an intuitive interface and makes customization a breeze

I would rate the stability of One Identity Manager ten out of ten.

One Identity Manager is highly stable when used with its built-in features, but customized scripting introduces an element of user responsibility - any instability caused by custom code would be due to how it's written, not the software itself.

I would rate the scalability of One Identity Manager ten out of ten.

You only need premium support if your One Identity software is outdated. Standard technical support, which comes with your license, covers the current version and usually the one before it.

The technical support offers a good experience. They provide a portal to submit issues, collect all necessary information, and have an L1 team address them. If the L1 team can't resolve the problem, they typically escalate it to the L2 or L3 teams for further assistance, demonstrating a commitment to finding a solution.

Positive

We migrated from Oracle Identity Governance to One Identity Manager due to licensing costs, limited functionality, and Oracle's decision to retire the product.

The deployment took one week and required five people.

VMDH assisted us with the initial setup, and for any future support, we can contact One Identity directly or reach out through their authorized partner.

One Identity Manager has positively influenced our ROI in terms of security and compliance. 

One Identity Manager is cost-efficient. The license is based on the number of identities we have.

We use a One Identity partner, VMDH for our licensing.

I would rate One Identity Manager nine out of ten.

We have 3,000 front-end users in our organization. While we only have a single instance of One Identity Manager, for redundancy purposes our servers are spread across different data centers. This means if one data center experiences an outage, the application can fail over to the remaining servers in another location, ensuring continued functionality.

One Identity's partner, VMDH did a good job training our staff on the solution.

Six years ago, VMDH provided us with initial assistance customizing One Identity Manager. We have since developed our expert team and now primarily rely on them for our One Identity needs. We only contact VMDH in critical situations when we require immediate help from One Identity experts. In such cases, we typically reach out to One Identity directly, but if there are delays, we will then connect with them through VMDH.

One Identity's partner was on standby in case we required any post-implementation support.

The customer service we received from the One Identity partner was good.

I found the One Identity partner to be valuable, rating them a nine out of ten.

One Identity Manager is designed for low maintenance, requiring infrequent patches and updates to keep it running smoothly.

One Identity Manager offers a unified approach to identity and access management. It eliminates the need to cobble together multiple products from different vendors for functionalities like Identity Access Management or Privileged Access Management. This saves your organization's time and resources.

Hybrid Cloud

One Identity Manager has been integrated and in use for two years. The primary focus is on integrating One Identity Manager for other customers, particularly mid-sized financial institutions. The implementation targets unifying user access across internal applications, cloud platforms, and third-party partner systems.

While specific details cannot be shared due to NDA agreements, one organization had multiple identity systems: one for internal employees, one for external employees such as contractors, and another for partners. This fragmentation caused inconsistent access, security vulnerabilities, and slow onboarding and offboarding processes. One Identity Manager was implemented to consolidate these systems, resulting in significantly faster operations.

One Identity Manager's best features include fast setup with the ability to be configured locally for direct database access. The solution provides specific procedures for onboarding and offboarding, and supports the use of custom connectors.

One Identity Manager has positively impacted the organization by reducing account creation and access approval times from days or weeks to minutes or hours through automated workflows. Self-service access requests are routed through a central portal with defined approval paths, which minimized manual work and accelerated onboarding. Governance functions such as attestations and access reviews are now enforced consistently, which was not the case previously.

One Identity Manager can be improved in the areas of documentation and training, both of which are severely lacking.

Three years have been spent working in the current field.

One Identity Manager is genuinely stable, particularly the LTS versions.

One Identity Manager's scalability performs comparably to other One Identity products and scales effectively from very small organizations to large financial companies, including major banks and other large entities.

One Identity Manager's customer support is good. Response times average four to five days, sometimes extending to six days, but the support team has been genuinely helpful in addressing cases in a timely manner.

A different solution was not previously used, as the customer specifically requested One Identity Manager.

Specific details regarding pricing, setup cost, and licensing cannot be shared. However, One Identity is quite affordable, particularly with partner status.

Other options were not evaluated before choosing One Identity Manager.

One Identity Manager is the industry standard for valid reasons, which demonstrates its quality. It is backed by a large and reputable company and is genuinely easy to learn and implement. The documentation is adequate. One Identity Manager's onboarding and offboarding processes are considerably faster than previous methods, resulting in significant time savings that translate to cost savings. The overall impression of One Identity Manager is positive, and a rating of 8 out of 10 reflects the value and effectiveness of this solution.

On-premises

Our primary use case for One Identity Manager is focused on automatization and digitalization, specifically in introducing identities with appropriate permissions across various IT systems.

One of the most valuable features of One Identity Manager is its availability as an on-premises solution and as infrastructure-as-a-service in the cloud. Additionally, the reporting capabilities, powerful synchronization engines, and workflows, including the SAP connector, are highly beneficial. The solution provides an identity-centric approach which supports achieving a Zero Trust model, and it significantly reduces operational costs by allowing the same number of support team members to manage a greater number of systems.

The user experience has been a concern in the past, particularly with the web interface, but improvements are expected with the transition to Angular. The support from One Identity is very poor. The response is often delayed and lacks actionable advice, such as suggesting updates without confidence in their effectiveness. It is crucial for them to expand their support team to match their product's success. More comprehensive testing and detailed best practices in handbooks could enhance problem resolution.

We have been using One Identity Manager for quite some time, starting with their former product, ActiveEntry, since 2007.

Deployment is complex due to numerous prerequisites that must be met. Installation takes longer than expected, but after a solid design and documentation, it works well.

Customer service and support for One Identity Manager are poor. Despite thorough pre-case activities, responses are often delayed, inadequate, and lack confidence in solving issues. The current support team is overwhelmed by the product's success, and more personnel are needed to improve service.

Negative

The initial setup of One Identity Manager requires a solid design and documentation. It is not a tool to be used without thorough planning. The primary installation is complex, with many prerequisites and conditions that must be addressed. Successful deployment requires careful consideration of all design and documentation steps.

It is difficult to quantify the exact return on investment, but we have observed significant benefits in terms of operational efficiency. The same team can now manage many more systems than before, which is a remarkable advantage.

One Identity Manager is positioned as a premium product. It falls between middle and high in terms of cost, approximately a six to seven if ten is expensive.

More tests incorporating different use cases and scenarios would be beneficial. It would be advisable for One Identity's testing processes to include real-world feedback and use cases, allowing for more thorough and robust product improvements. I rate the overall solution at least eight out of ten.

On-premises

I have been in various roles. I have been a developer, an operational manager on this One Identity tool, and also a product analyst. We have used it in various phases.

I'm an official partner. The consultants I work with have provided me with a consultancy license, and the clients have their own licenses, but we work with our own licenses. Whenever there is a vendor bug or something is needed, we use our license to raise a ticket on behalf of our client. 

The consultancy that I work with has been One Identity's Partner of the Year for the last five years. We have offices in Europe, the Middle East, Asia, Africa, and the Americas. In Europe, the Middle East, and Africa, we have been the top partner for the last three years, and in Asia-Pacific, we have been the top partner for the last year.

We have a license program with them. When we sell the product, it's a partnership between One Identity and us. They get a share of the profit, and we get a share. The client pays the full price of the product. 

One Identity is cost-effective compared to the market. It offers functionalities and features at a very low price relative to ForgeRock or SailPoint. The first advantage you see is the heavily reduced cost. 

There are also some other aspects. For example, it provides a lot of functionality out of the box. You don't need to spend money on external developers to customize or do some special configuration that requires a person for additional maintenance. Other than that, there are some additional security features like attestations and approval features that are intuitively made inside. 

These features give you an advantage immediately, and in the long run, they simplify the audits. You don't have to be around the auditors every time to explain things. You give them a specific account to use for the audit and allow them to play around with the tool. 

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. We have four or five environments. Based on that, there are configuration parameters with which you can segregate between every environment. It's quite easy and configurable. 

Depending on which modules you install, it helps to close the security gap between privileged and standard users. In Identity Manager, there is a module called Application Governance. If you install that module, you get that functionality or features, but many clients prefer a custom implementation. IGA is not supposed to provide PAM-related functionalities. That's why they sometimes push clients to take a bundle of IAM and PAG solutions together, which is One Identity Safeguard.

With Safeguard, you can cover your privilege and identity access management. In fact, you can control the access governance of who has what access in your PAM environment through the Identity Manager itself. They are interconnected, but Identity Manager can't independently give you this functionality. 

One Identity Manager helps us consolidate procurement and licensing. Who has what permissions and their validity is well maintained. Most of them get attested every three or four months, depending upon the configuration. You can see which licenses are needed. In fact, in the newer version, since version 9.x, they have a new field showing when the license was last used or how actively it is being used. 

Sometimes, if it senses that it has not been used for one year or one and a half year based on the configuration parameters, it will send an email that we have not used it for this much time, so we will remove it. It will remove it with no questions asked. So it is quite smart enough to handle those licensing decisions.

The solution helps streamline application access decisions. Every application has the necessary groups and entitlements assigned to it, so you can independently streamline their workflows. It's a highly customizable tool that lets you group together workflows for, say, 10 Active Directory applications because they are all in the AD domain. You can assign a single workflow for them. 

However, if you want every application to have a different workflow or access management, you can assign that. From inside the application governance module, you can assign the privilege level and how privileged or sensitive the accesses are. Depending on that, it will provide the threat and fraud level or what approvals might be needed. So all these are quite intuitive and smartly managed.

The application compliance is handled quite well. It isn't great because it tends to create performance issues in the system. Compliance issues are calculated reactively and proactively. There are two types of SODs: prevention and detective. It's smart enough to detect it, but this can lead to performance issues because of the size of the system you are working with. This is something that has to be done by the manager. You can make your system digest the performance degradation to keep the SOD at an expected level.

Application auditing is pretty much what is called attestation, and it's mostly provided out of the box, but a lot of customization is possible here. In most cases, I have seen customization being done also here. Depending upon that, you can configure it in various ways. You can have multiple attestation policies attesting various things, or you can have a single attestation policy handling multiple things. You can configure and schedule it accordingly and define the approval workflows of those attestations. If an attestation is rejected, what should be the action? If it's missed or raised, no one decides how it should be handled. These are well handled.

Many governance decisions can be made without IT intervention. Most things are pretty self-explanatory in the web portal. You get an email or a notification on the web portal. At most, what happens is that people get so many notifications because they are a backup owner for so many things that sometimes too many notifications come down to them. Other than that, I haven't seen anyone complaining that they don't understand what they need to do when it comes to approval.

My favorite feature is the ease of customization. You can change, optimize, and update it at your convenience. I haven't seen that in many other products available.

We use One Identity Manager to connect to SAP IDM. SAPconnect target systems are integrated into One Identity Manager, and we've made several SAP connections we have made with One Identity Manager. The solution connects with Snow, which you can use to manage your disconnected systems. 

Most clients I have worked with prefer a custom approach. So some prefer Snow, some prefer some other IDM tool with which they want to manage their disconnected systems. So, yeah, you can say yes and no, to be honest. Like, yes, there is a functionality that has been provided, but it's not very matured enough. So that's why I believe clients tend to be a little customized on that front.

One Identity Manager connects SAP accounts to employee identities under governance. That's completely autonomous. Once the target system connection is made, the product is available in the IT shop web frontend. You can order it from there. One Identity Manager handles it by itself. You can customize, but usually the vendor has created an out-of-the-box functionality to do all these operations.

The solution provides IGA for the aspects of SAP that are more difficult to manage. With One Identity Manager, the good thing is that you can customize. In most of the clients I have worked with, the T codes or different custom SAP tables were later introduced in a greenfield project, you don't see these custom tables more often. Out of the box, the SAP connector gives you around 32 to 36 tables in the SAP target system that are more generic tables, but there are custom tables about the T roles or the special attributes. You can customize your connector accordingly, so there is an XML parser provided in the sync editor. You can use it to achieve all those operations.

I'm unfamiliar with SAP-related workflows because clients don't have any specific SAP workflow. They have their own workflows, and One Identity Manager is configured for various product approvals. That's how they are managed. If you want to create a customized workflow, whether it's SAP HANA or any other product-specific workload, you can easily create it.

One Identity Manager provides a connection with Snow, where you can manage your disconnected systems. Most of the clients I have worked with prefer a custom approach. Some prefer Snow or another IDM tool to manage their disconnected systems. There is functionality that has been provided, but it's not mature enough. I believe clients tend to be a little customized on that front.

It connects SAP accounts to employee identities under governance. It's completely autonomous. Once the target system connection is made, the product is available in the IT shop web front end. You can order it from there and everything. One Identity Manager handles it by itself, so you don't need to customize it, but the vendor is given an out-of-the-box functionality to do all those operations.

One Identity offers a single platform for enterprise-level administration and governance of users' data on privileged accounts. The good thing is that much of the functionality comes out of the box. You don't need to customize if you don't want. In a greenfield project, this tool is optimal for those purposes. If the user number is around 1 million or under that data scale, it's a good tool to run on from the IGA perspective. With One Identity, they don't want to focus on IGA. They want to expand the horizon of cybersecurity. There are native tools like Safeguard and others. You can even integrate your PAM accordingly with your IGA and IAM.

There are two types of interfaces in One Identity. One is the phased-out interface, which was known as a web designer. This is getting phased out with Angular now. Angular was one of the lagging points where the user interface was not up to the mark with the out-of-the-box functionalities. Many customers had to customize heavily to get a level of intuitiveness. Now, Angular's web portal has been notched up. You get AI suggestions, IntelliSense, and lots of fraud detection out of the box, like threat level. It's been improved in the recent version, and it's been working phenomenally well.

Business roles are used extensively, and custom implementations are done over business roles. The number of cloud apps I would be telling is a little less because their Starlink connector still hasn't matured enough. It's still not a high-performance tool, but it has the capability to do so.

Nowadays, every organization has almost at least a few apps in the cloud. It's important even if the organization is heavily based on on-premises infrastructure. With this tool, you get so many things that work with this cloud infrastructure, it doesn't let you down completely. When you compare the performance of this with a native PowerShell connector or SAP connector, for example, you feel that the performance could be enhanced a little bit. It's something that is becoming mature in the latest versions. I'm confident they will improve it further in the upcoming versions.

One area for improvement is zero trust. Besides that, performance is a big factor. I've heard from multiple clients that One Identity's front end is not so performance-optimistic. It depends on how you have configured and deployed the system. At the end of the day, I would say that's something they need to improve.

Still, whenever a critical bug is released, they address the defect pretty quickly compared to any other competitors in the market. At the same time, there is a problem with support. They have limited knowledge about things that may affect their tool. You are deploying this tool in a client's environment, and multiple things would impact it, like proxy servers, load balances, other infra technologies. 

Because their company is so focused on just their tool and related technology,  they can't support you much. At times, it becomes frustrating. While you are paying a little less than your competitors, you expect some support, compliance, or expertise from the company. If a certain load balancer is unable to handle your tool, you should know what load balancer would be perfect or what configuration you should use.

We have used One Identity Manager for five and a half years. 

I rate One Identity Manager eight out of 10 for stability. 

I rate One Identity Manager nine out of 10 for scalability. 

I rate One Identity support seven out of 10. I have done multiple tickets. I am in touch right now because I'm in the middle of an upgrade for a major client for One Identity. I have been closely in touch with them. At times, there are things that can impact their product, like load balances that are part of the product when you deploy it in a matured environment. 

In those cases, they can't support you much because they just say that load balances or these things are not something we support. You have to get the support from the necessary vendors they have, and those vendors say, "We are the load balancer. We don't support your tool. You need to go back to your vendor." 

You're between two things. At times, it seems like a big company that is not very new to the market should have the basic knowledge or idea of how to get these things up. There are performance issues for so many clients of One Identity, but they can't give you a concrete answer. They can tell you that there is an infrastructure issue, but they lack the knowledge of the infrastructure issue, that knowledge is quite lacking in them. I would say that is something they need to improve.

We don't use the premier support. There are two types of support: one support is between the partner and the firm, and another is between the client and the product company. For the premium support, One Identity provides certain employees, developers, or consultants from their own company. It's the most exclusive contract you can have with them. 

The second type of support involves giving you the product, the support portal, and some sort of knowledge. Then, maybe you can hire someone from them for a limited period of time. The predominant work that you need to do with the product, like deployment, maintenance, development, or bug fixes, you do via some partner companies like us. 

Neutral

I have used SailPoint Identity. One Identity Manager is much better. One Identity Manager is better on a smaller scale of employees. It can handle a scale of half a million or one million, but beyond that, SailPoint is a better tool.

Deploying One Identity Manager is easy and standardized. If it's a greenfield project, the initial deployment should not be difficult if you know your stuff. A proper runbook would be helpful. In our consultant's company, we usually share these runbooks with new consultants who join and who will deploy it into a new client's location. 

These come in handy. Otherwise, it can be a little tricky, especially if you are upgrading an existing environment. At that time, it depends upon what sort of data situation is present in the database that you are upgrading. It can become tricky if the consistency checks are not matched or there are some weird data scenarios. Otherwise, it's quite a smooth process.

If it's a standardized deployment, one person is more than enough to handle it. The deployment has two parts. One is the database upgrade, which takes between 30 minutes to two hours. Then, there's the app and web server installation. If it's an upgrade, you can upgrade it in 10 to 15 minutes, but a new installation takes 30 minutes. 

The pricing of One Identity Manager is competitive. Compared to its competitors, One Identity is priced quite brilliantly. ForgeRock and Sailpoint cost about 1.5 times, making One Identity quite economical. 

I rate One Identity Manager nine out of 10. 

On-premises

We utilize One Identity Manager for several key processes. Primarily, it manages the entire employee lifecycle, including joiners, movers, and leavers, for identity management. Additionally, we use its attestation module to conduct bi-annual recertification campaigns, validating existing access rights. Recently, we expanded its use to manage cloud entitlements, including EntraID.

We manage user and access management  for over 20 SAP systems using One Identity Manager and do not handle any disconnected SAP accounts.

One Identity Manager governs SAP accounts by linking them to employee identities, ensuring access is managed throughout the identity life cycle. This direct link enables automated processes, such as terminating SAP accounts and associated assignments when an employee is terminated.

One Identity Manager, certified by SAP, delivers specialized workflows and business logic through a dedicated connector for SAP R3 and native support for HANA systems, enabling direct connection to HANA databases. It offers numerous out-of-the-box templates for SAP, automatically loading schemas for users, roles, and assignments upon SAP module activation. While most use cases are covered by these templates, customization is possible for specific needs.

With a tool like One Identity, our organization can manage accounts across multiple target systems from a central identity management solution. This centralized data allows for flexible governance reporting, including custom SQL queries and pre-built reports, to validate information. Governance practices vary between companies but often involve specific access controls, timely re-certifications, and validations by data owners. For example, some companies implement frameworks with defined views, access levels, and re-certification processes to ensure data integrity and security.

The ease of customizing One Identity Manager depends on the user's skill set. Compared to three similar products, One Identity Manager is more straightforward to customize, particularly when modifying VB.NET code or writing SQL statements for reports. While some coding knowledge is necessary, the tool's predefined templates and SDK samples offer helpful references and starting points.

The user experience of the legacy web portal is unsatisfactory due to limited customization options and occasional slowness, especially during backend processes like attestation. However, One Identity is moving towards an Angular-based portal in version eight dot two and newer, which offers greater flexibility, customizability, and improved performance. This new portal may provide a more satisfactory user experience overall.

One Identity Manager helps manage the company structure for dynamic application provisioning. Our IAM system reads the company and department structures to automatically assign entitlements. Based on this structure, users are created, and permissions are assigned.

The business role functionality of One Identity Manager is crucial for businesses, especially from an audit and SOC perspective. Whether utilizing One Identity, SailPoint, or another tool, a solid IAM solution should include comprehensive audit trails, streamlined request processes, detailed approval workflow history, and other essential functionalities to ensure compliance and security.

We have begun extending governance with EntraID and are evaluating the Starling connector which provides access to many other SaaS-based applications.

Over the time we've used One Identity Manager since 2017, it has significantly improved our organization by automating the joiner, mover, and leaver process across all target systems. No more manual account management tasks are needed, which include account creation, updates, or termination when a user leaves the company. It has substantially reduced manual role assignments and made processes fully automated. The major benefit is the attestation process, conducted once or twice a year based on requirements, which ensures no unauthorized or unwanted accesses are left unchecked. It also provides clear reports on user statistics, such as active users, new joiners, and leavers.

We initially started with a small scope but have since expanded to connect numerous systems, automating the mobile egress process. Tasks like account creation, updates, and termination are now fully automated through IAM solutions, eliminating manual intervention. This automation also removes the need for teams to assign roles manually. A significant benefit is the ability to conduct periodic access attestation campaigns, ensuring only authorized users have access. One Identity Manager facilitates this process and provides comprehensive reporting, giving management clear visibility into user activity, including the number of active and inactive users, new hires, and departures.

One Identity Manager helps minimize governance gaps across our testing, development, and production environments. We utilize a three-tiered setup with a transport mechanism to move changes from the development environment to the quality assurance environment and finally to the production environment.

One Identity Manager enhances privileged governance to mitigate security risks associated with privileged users. A custom solution within the One Identity framework allows users to link multiple secondary identities to their primary identity for tasks requiring elevated privileges. This framework provides a robust privilege access management system within the One Identity environment.

One Identity Manager streamlines application access, compliance and auditing. It supports the SOX audit process conducted twice or thrice yearly. For applications connected to the One Identity Manager, governance is managed through the IAM solution itself. Instead of checking the target system, administrators use the One Identity Manager to validate requests, approvals, denials and assignment periods for connected applications.

One Identity Manager empowers application owners and business managers to make independent application governance decisions, eliminating the need for IT involvement and siloed teams. Once applications are onboarded to One Identity self-service model allows users to request roles and the defined approvers to approve them, streamlining the process and removing complexity for application owners. They no longer need dedicated teams for identity and access management or manual user access reviews for compliance requirements as One Identity Manager automates these functions. This simplifies operations and centralizes control, improving efficiency and reducing administrative burden.

Zero Trust is a broad security framework with varied implementations. Currently, our Zero Trust implementation focuses on identity and access management, specifically for privileged roles. To prevent unauthorized or accidental access, a three-stage approval process is required for privileged role requests. This ensures that multiple stakeholders validate the access, embodying the Zero Trust principle of never trust, always verify. While this is just one aspect of Zero Trust, it significantly enhances our security posture by preventing unauthorized access to sensitive systems and data.

Having worked with SailPoint and other identity management tools, I've found One Identity Manager to be quite handy, especially after seven years of experience with it. The framework is robust and flexible, allowing companies to easily adopt and extend the schema as needed. Unlike other tools I've used, One Identity Manager offers a high degree of customization. Even if the out-of-the-box templates or processes don't meet our company's specific requirements, we can readily adapt them, modify them, and build our own processes and templates.

The One Identity Manager web portal needs simplification. While a new Angular portal was introduced with version 8.2, the knowledge base lacks sufficient information and resources. Even with an Angular developer or a One Identity specialist, a knowledge gap exists due to the combination of AngularJS and One Identity schema expertise required. This makes it difficult to find resources that can effectively utilize the portal, highlighting the need for a more user-friendly interface.

One Identity Manager currently offers Long Term Support only for version 9.0. All other versions have a two-year lifecycle with extended support. For organizations managing a complex environment with numerous connected systems, users, and assignments, upgrading every two years is impractical. Extending support for regular versions by one or two years would benefit clients in this situation.

I have been using One Identity Manager for almost seven years.

One Identity Manager is stable, although there have been bugs. Sometimes product versions are released with many bugs, which affects stability. There is a need for extended support for regular versions, especially in large-scale environments where upgrades every two years are not feasible.

I would rate the stability of One Identity Manager eight out of ten.

I would rate the scalability of One Identity Manager nine out of ten.

We sometimes face delays in response from the technical support of One Identity. While we use premier support, the experience can be inconsistent, prompting us to sometimes engage technical and success managers for faster resolutions.

Neutral

We used SAP IDM before switching to One Identity Manager. The scope with SAP IDM was limited due to its inability to connect multiple systems except Active Directory and SAP system. We looked for a solution that provided greater flexibility in terms of cloud adoption and custom connectors, which SAP IDM did not offer at that time.

While the technical deployment of One Identity Manager can be completed in approximately one month, the true challenge lies in its organizational integration. Developing and connecting the system to existing infrastructure is a complex process that can take several months. Furthermore, ongoing maintenance and onboarding of new applications require continuous effort, making it an ongoing project rather than a one-time deployment.

We worked with a partner for customization but not for training. The partnership was effective, and we continue to engage with them for custom developments that are not handled in-house.

The return on investment was evident in the company's decision to automate processes using the One Identity Manager solution. Previously, separate application teams with dedicated personnel performed specific tasks, leading to higher costs and inefficiencies. With the implementation of the One Identity Manager tasks became automated, resulting in significant cost savings and streamlined processes.

One Identity Manager is fairly priced.

While we evaluated several solutions, we ultimately decided on One Identity Manager for its long-term benefits and flexibility compared to other tools.

I would rate One Identity Manager eight out of ten.

I would recommend One Identity Manager to companies, especially those that might lack prior expertise in identity management. Its predefined framework and comprehensive set of templates make it adaptable and easy to implement.

Our system is distributed across multiple locations globally, with various components and load balancers deployed in each location, including our disaster recovery sites. We have over 50,000 users.

One Identity Manager requires maintenance across its various components, including the tool itself, the database, the job server, and the web component. This maintenance ensures the environment remains operational and efficient. Maintenance requirements vary by component. For instance, web nodes undergo weekly restarts and cache clearing, job servers require service restarts, and other servers need periodic cache cleaning. Different elements have different maintenance schedules: weekly for some monthly for others, and weekly for the database. Overall, maintenance plans are tailored to the specific needs of each component.

On-premises

My main use case for One Identity Manager is to develop projects from the start that begin from the base installation, including employee lifecycle management such as Joiner Mover Leaver, attestation, access request, and integration with target applications such as databases and Safeguard. I also completed integration with Safeguard, HR systems such as SuccessFactors for cloud applications, and worked with Starling as well.

The integration with target applications is mainly for API applications that we configure with custom scripts to read from the APIs, then save the data either directly to the database or to CSV files. We then have a sync project to read from the CSV file so we can leverage more features from the sync project, including logs, simulation, mapping everything, and previewing the data that will be stored.

I believe the sync project is a great feature that allows us to preview everything before it gets stored in our database. There is also a feature that helped one of my teammates significantly, which was the limited process that could be triggered for job queue.

We use the sync project every day. The job queue is valuable when anything needs to run a process that would execute without a workflow closure or would run against a huge number of rows, which was very useful in some cases. For customers in the Middle East, they are requesting to have the portal in Arabic. One Identity Manager does not support Arabic yet in the web portal. In some cases, we have had to add the localization files ourselves and edit the entire Angular web views, which is a real challenge. The last version 10 does not support Arabic language for the web portal, and I think that would be very useful for the tool if it could be supported.

One Identity Manager impacts my organization positively. We use it for most of our customers that we configure the tool and install it for.

One of the improvements concerning One Identity Manager that I mentioned before is that we need to add the Arabic language for the web portal and APIs.

The Arabic language is the main thing that affects me directly with my customers right now.

I have been using One Identity Manager since day one.

I chose a rating of seven for One Identity Manager because I think it is related to performance. When we try to read a huge number of records, such as from SuccessFactors HR with the Starling connector, the sync project sometimes lags. This occurs even though it is not a huge number of employees—only 800 users. The sync project could take several seconds to open a single record, and the process itself takes a considerable amount of time to finish.

Regarding One Identity Manager support, I think they need to be more accountable. When I describe a technical issue and raise a case with it, they take several days to clarify things that are already clarified in the description I added to the case. When it comes to scheduling a session with support, it takes a long time. However, I think that should be the second solution because it really helps to have direct contact with support to share the screen and show everything from the inside of the environment, rather than just describing things in words.

Neutral

I think that implementers should take deep training from One Identity before they dive into it because there are a lot of features in One Identity Manager, but not all users or implementers know all the features that One Identity Manager is capable of. My overall rating for One Identity Manager is seven out of ten.

We use One Identity Manager for classic identity management tasks like provisioning and de-provisioning. It is employed for user requests and identity governance. It supports a comprehensive setup that includes user access, requesting functionalities, and identity governance measures.

One Identity Manager has improved our organization by providing a centralized identity management solution. It allows us to connect various systems like Active Directory, SAP, and cloud applications, offering a more comprehensive and streamlined view of user identities and access. 

As an administrator, I can see the benefits immediately on deployment because now I have a visualization. Compliance officers also see the benefits quickly. However, for the people I supervise, it's hard to adjust to the idea that everything you do is exposed. Application administrators aren't happy because I can see what they're doing. 

The stakeholders and senior leadership will see the impact only if the people below them can produce good reports. Many reports are out of the box, but you have to deploy them, and people must subscribe. The benefits are immediate for people who deal with the product daily. 

One Identity Manager helps minimize coverage gaps among test, dev, and production servers. The transport feature lets you move whatever you did in development into the test and production. Let's say you need to develop a new workflow in a developer environment. You can move every object related to that workflow to the test and, ultimately, to production. All of that is smooth and clean. 

One Identity helps you streamline application access if there is a policy. A policy can be implemented through the policy engine if a company has a policy. How can they do this without a policy? I won't decide who's supposed to access what for the company. Anything related to access controls starts with the policy and ends with the implementation. It's easy if the company has a policy. 

Application compliance is the same story. Someone has to define what it is. One Identity does not provide tons of compliance already implemented in the workflow. There's no preset for SaaS or HIPAA compliance. 

It can tell you who is a member of an AD group, but it doesn't tell you what application this AD group controls. This information is supposed to come from an application owner, who can say you need to be a member of a specific group to access this application. We can see what happens inside the application if it allows us to do that, but we cannot audit if that person has any business in the application.

One Identity Manager helps us achieve an identity-centric zero-trust model in conjunction with a combination of something like OneLogin or any other access management product. We can control what's happening, but we cannot apply it to the application layer until we have an access control product. 

One of the most valuable features is the ability for business people to input their knowledge about business processes directly into the product. It's a good tool for anyone familiar with business or technical administration. The shopping cart capability for requests and the catalog features were also initially valuable.

It's the best product for providing an enterprise view of logically disconnected SAP accounts. Sometimes, it's doing better than the SAP IG, which probably got discontinued or will be. One Identity Manager helps us connect SAP accounts to employee identities under governance. It is critical because there's no such thing as just SAP, and you want to centralize. You have Active Directory, SAP, and all the cloud applications. Every product has its user accounts, and One Identity allows you to connect them all in one place.

One Identity Manager provides IGA for the more difficult-to-manage aspects of SAP. It lets you do many different things and go as deep as you want. The solution has a whole library of specialized SAP workflows for provisioning. 

You can build a customized web interface that you can do whatever you want with. The out-of-the-box interface for administrators or anybody else can take a little time to understand. It depends on the user's maturity. You must understand what's happening before touching the product. If you have experience using Identity Manager or similar tools, it's highly intuitive. It has so many features that it takes time to adopt, but that's not because it's difficult. 

The business roles are fundamental to role-based access controls. If you don't know how to build roles, it's very hard to do. One of the advantages of this particular product is that you don't have to be a technical person to build the role. You can log in as a business owner with a newly created project and add entitlements, users, or criteria. You can do it manually or using a formula. It's easy to do without any code. 

The client application should transition to a web-based interface to improve administration flexibility. Improvements are also needed in the analytics, peer comparison, and recommendation features, as these areas were added later and require more development. More flexibility in the portal is needed for multi-tenant environments.

I have been using One Identity Manager since 2009, back when it had a different name, Active Entry. I've seen the product evolve over time.

One Identity Manager is a very stable product. The only potential issue could arise from database management, particularly with MS SQL clustering, but with competent support and management, this is not a problem.

One Identity Manager is highly scalable. Its ability to deploy agents across various locations and integrate seamlessly into multi-country operations ensures it can grow alongside business needs without issues.

I rate One Identity support nine out of 10. Premier support offers fast responses, which is critical for banking operations to minimize downtime. The professional and quick handling of issues adds significant value to the investment.

Positive

I have used Oracle, Fischer, SailPoint, Saviynt, and Omada. Omada is particularly notable for its governance capabilities, while Saviynt offers speed in implementation and support. SailPoint is dominant in the market, particularly for compliance capabilities.

If there is no existing database, you must install and configure SQL, which can be time-consuming. However, with a database, the installation is fast, taking about half an hour.

One Identity Manager is priced in the middle range but offers good value due to lower implementation time compared to competitors. Total cost of ownership is crucial where the main expense is in implementation, not licensing.

Other solutions considered were Oracle, Fischer, SailPoint, Saviynt, and Omada. IBM was not used.

One Identity Manager is not for beginners due to its extensive functionality, so it requires prior experience or maturity in identity management to fully utilize its capabilities.

On-premises

My main use case for One Identity Manager is company-wide identity and access management and administration. I use One Identity Manager for company-wide identity and access management by implementing data-based automated creation of user accounts and access management.

From my point of view, the best features that One Identity Manager offers are its synchronization in the web portal. I find the standard connectors particularly helpful in the synchronization in the web portal.

One Identity Manager has positively impacted my company by minimizing manual effort. The minimization of manual effort has specifically affected my team by providing time savings, efficiency, and data integrity.

Since it is company-wide, an estimate of how much time my team saves with One Identity Manager is rather difficult, but it definitely has a very large impact.

From my point of view, One Identity Manager could still be improved with a cleanup of legacy. In terms of cleanup of legacy, I would like to see improvements to the form framework, among other things.

I have been using One Identity Manager for four years in the company.

In my experience, One Identity Manager is stable in day-to-day operation, and I would rate it eight out of ten.

I would rate the scalability of One Identity Manager as very high.

The customer service of One Identity Manager is something I would rate six out of ten.

Positive

I have not previously compared or used One Identity Manager with another solution.

Before deciding on One Identity Manager, I evaluated One Identity Active Roles, which was functionally limited to AD administration.

I would not like to add anything else about the features of One Identity Manager. My advice for others who are considering One Identity Manager is to definitely invest in training courses and watch One Identity Manager's YouTube channel online, as the product and this solution are very powerful.

I found this interview to be generally good, but there were some questions where the AI engine got stuck, and I think that could be improved for future conversations. I have rated this review with an overall rating of eight out of ten.

On-premises