One Identity Manager Reviews

One Identity Manager serves as my primary solution for user lifecycle management, role-based access control, HR-driven identity management, and provisioning and de-provisioning. When a new employee joins, One Identity Manager automatically creates the account and access. When they leave, the access is removed automatically, which maintains security effectively. Role-based access control assigns access based on employee roles and responsibilities rather than manually assigning permissions, which simplifies access management for large environments. Automated provisioning ensures that user accounts and access are provisioned automatically, with access removed or granted based on requirements, reducing manual work significantly.

The best features One Identity Manager offers include central identity management where all user access is managed from a simple and unified platform, reducing complexity and providing great visibility. Strong automation based on user provisioning, onboarding, and de-boarding of employees is another valuable feature. One Identity Manager also provides an audit and compliance-ready environment with detailed logs and reports that help during audit times, which we are using for auditing purposes.

One Identity Manager has positively impacted my organization by significantly reducing the time required for audit preparation and completion. It has improved compliance by ensuring all access is properly approved and tracked. Security has increased, and we now have a compliance-ready environment with improved efficiency. The time for audit completion has been reduced by almost seventy to eighty percent.

One Identity Manager currently offers comprehensive features and is working well for us, providing great features with security and visibility. In some areas, customization could be improved so that clients can customize features based on their business needs.

I have been using One Identity Manager for more than four years.

One Identity Manager is stable.

One Identity Manager's scalability is excellent with no challenges.

The customer support for One Identity Manager is supportive and good in their technical expertise.

I have only used One Identity Manager.

I have had an extremely positive experience with the pricing, setup cost, and licensing because we are receiving very good support from the vendor team.

We are a partner with this vendor.

For return on investment with One Identity Manager, we have seen less effort needed in managing user provisioning or de-provisioning, reducing manual effort by fifty to sixty percent and saving significant time for the IT team. Our audit completion time has also been reduced.

I have had an extremely positive experience with the pricing, setup cost, and licensing because we are receiving very good support from the vendor team.

I did not evaluate other options before choosing One Identity Manager.

One Identity Manager is a reliable solution that is working perfectly for us. My advice for others considering One Identity Manager is to ensure you have a skilled implementation solution resource involved in the project. The solution is powerful and requires proper configuration and understanding, so good planning is key to success in solution deployment. I would rate One Identity Manager eight out of ten overall.

One Identity Manager's main value to my organization is its flexibility and depth of customization, as it seamlessly integrates with a wide range of on-premises and cloud systems and supports strong automation for joiner, mover, and leaver processes. The automation features I use help to reduce manual effort, improve consistency, and strengthen our overall security posture. I also appreciate the reporting and auditing tools, which are particularly strong, provide clear visibility into access rights, and support compliance initiatives.

A specific example of how I use the automation features and reporting tools in my day-to-day work is through configurable workflows that reduce manual effort, improve efficiency, and ensure consistency in access management processes. One Identity Manager provides detailed reports and dashboards for visibility into identities, access rights, and compliance status.

One Identity Manager is used to centrally manage digital identities and access rights across my organization.

The best features One Identity Manager offers include identity lifecycle management, access provisioning, role-based access control, compliance reporting, and auditing across IT systems. Out of these features, I find myself relying on user lifecycle management the most because it helps automate joiner, mover, and leaver processes by provisioning, modifying, and de-provisioning user accounts across connected systems.

Regarding access provisioning and de-provisioning, it manages access request approvals and enforces access policies for applications, databases, directories, and cloud services. For privileged access governance, it governs access to high-risk or privileged accounts by enforcing approval workflows and monitoring usage.

I also appreciate the integration across IT systems where One Identity Manager integrates seamlessly with on-premises and cloud platforms such as Active Directory, Azure AD, SAP, databases, and custom applications.

When it comes to reporting and auditing, One Identity Manager provides detailed reports and dashboards for visibility into identities, access rights, and compliance status, which helps us make data-driven decisions easily.

Since we started using One Identity Manager in my organization, we have seen operational efficiency gains, including faster onboarding and de-provisioning, help desk cost reduction, and improved compliance and audit efficiency. We have also seen a reduction in security risk. The help desk cost has been reduced greatly, as automating password resets, self-service access requests, and lifecycle events cuts down on help desk tickets and support labor by fifty percent. One Identity Manager has reduced risk through strong identity governance that helps prevent over-privileged access and orphaned accounts, lowering the likelihood of data breaches. We have been able to save a lot of money—over the past four years, we have saved approximately one hundred thousand dollars.

One Identity Manager can be improved because implementation and administration require specialized knowledge, and deployment efforts can be significant.

The user interface prioritizes functionality over simplicity, and effective use of the platform typically depends on well-defined processes and trained administrators.

I have been using One Identity Manager for four years.

For any organization that is looking for frequent reporting improvement in efficiency, lowering error rates, and faster compliance outcomes, I advise that you should consider One Identity Manager, which delivers measurable financial value.

Since we started using One Identity Manager, it has been truly helpful. It has led to fewer help desk tickets and faster service delivery in my organization, enhanced security and compliance, reduced risk and audit burden for IT, and improved time to productivity for our employees. I would rate this product a nine out of ten.

One Identity Manager simplifies user operations and provides security features, including automatic blocking of inactive accounts and timely access revocation.

My user experience with One Identity Manager involves using Identity Access Management to provide security, compliance, and visibility. We have implemented RBAC, where we define roles and responsibilities based on job functions or permissions. We have SoD (segregation of duties), ensuring that no single user has permissions that could lead to conflicts or fraud. The benefits include reduced security risks, lower costs with SSO solutions, enhanced user experience compared to other solutions, and improved compliance with regulations.

Customization for One Identity Manager is based on client inputs. We can detail and break down the inputs for customization, including user interface customization, where we include manager and launch pad features. For example, we implemented the Genesys application for the service desk, where we can monitor daily calls, frequency, and agent performance. This implementation helps showcase to customers our multiple checks and background processes internally. We provide recording sessions to users for review and daily improvement. Configuration parameters come under several aspects based on system behavior. One Identity Manager provides default parameters for particular solutions, allowing an overview of the tool.

In my experience, the best features in One Identity Manager are under SSO (single sign-on), where we can save passwords and don't need to authenticate each time when accessing applications. This extends to the creation of privileged IDs and account creation in AD. 

Perhaps support could be improved. The knowledge base articles and wiki resources we currently use may not be applicable in every situation, as they often depend on the specific inputs or problems presented by users.

I have been using One Identity Manager for six years.

It is stable. 

We provide solutions for enhancing access governance with One Identity Manager, including identity verification and improving system security procedures. This includes designing and implementing IAM solutions for legacy systems, cloud migrations, and multifactor authentications. We implement MFA solutions for applications with larger audiences. We manage roles and responsibilities in IAM technology and conduct risk assessments to identify potential vulnerabilities. The identity verification process comes as an automatic solution, streamlining user onboarding and offboarding in the organization.

Our clients are enterprises. We have more than 50 specialists.

We use their regular support. I would rate their support an eight out of ten.

Positive

For identity access management, we have used multiple tools. When I was working on a banking project, we used a right modeling tool and Sphere and AD to create users in AD and Nsphere, which is an internal tool of a particular project. Whatever we handle in AD and the right modeling tool reflects in Nsphere, which serves as a portal where all users are displayed, and we can see which level of access is required for a particular application. Being in the banking sector, we have an N-3 approval format. Based on approvals, such as line manager approval, we make changes accordingly. We worked with privileged IDs where particular users want different sets of privileges for their accounts. For example, with my particular account in the banking sector, I can give third-party users access to my entire bank for read, write, and edit capabilities. For some users, I can give only read access, allowing me to segregate the privileged IDs and privileges for users who can access my application or banking portal.

In another project for insurance, we used applications in SAML and OIDC. For OIDC applications, we asked the end user to provide the client ID and based on that, we shared the configuration directly to their email IDs. They could copy-paste the same configuration to make the portal easily accessible. With SSO and One Identity Manager implementing that configuration for OIDC applications, they can easily access their portal without multiple authentications. Through single sign-on, users can sign in once and access the portal without passwords.

From my knowledge, One Identity Manager makes customer operations easier compared to other solutions. When customers have different applications or solutions but want to migrate to One Identity Manager, it's because of enhanced security and the convenience of the SSO process.

The setup is somewhat tricky because providing on-premises ID access requires following specific justifications and naming conventions, with different sets of servers to be added for users. We must be conscious while providing access to servers. For instance, if a user requests access to 10 servers, we need to evaluate whether they truly need all server access and can segregate permissions for cost and security reasons after consulting with line managers.

The cost is handled by customers, but it doesn't seem to be very expensive. It seems fairly priced.

We use One Identity Manager for business roles, implementation capabilities, SSO bypass, and automation deployment with guidelines. The licensing helps consolidate procurement when generating audit reports. We follow basic steps such as end-user satisfaction and improvement in regulatory functions to reduce business risk. We implement changes according to the system lifecycle and role-based access control. 

Privileged users receive separate access, enabling them to access cloud applications. With a privileged ID account, users can access CyberArk, Entra, and Office 365 to manage licenses. One Identity Manager provides good security through SSO and MFA implementations. While there can be dependencies during new configuration creation, we work to provide better user satisfaction and support. 

I would rate One Identity Manager a ten out of ten.

My use cases for One Identity Manager are mainly related to JML processes, Joiner Mover Leaver processes, similar to other standard IAM systems. I see that since One Identity Manager provides an on-premises setup, it is selling more in the market compared to One Identity Manager cloud solution, which I observe is rarely used.

The use cases we see often require segregation of duties, especially within the SAP module, which One Identity Manager handles well, allowing for compliance rules and multi-step approval workflows for critical roles.

I did use it for managing SAP and had a good experience overall, but there were instances when roles did not get assigned and I had to troubleshoot rigorously. My experience was not completely flawless, especially during audits where certain roles were missing or were unexplainable.

Managing profiles in SAP is not an issue, but synchronization of derived roles has been problematic.

One Identity Manager includes a history database, but it lacks a proper dashboard for visibility, making it difficult during audits to determine who triggered role assignments or clarify issues.

As a practitioner, I see that One Identity Manager handles segregation of duties within the SAP module well, allowing for compliance rules and multi-step approval workflows.

One Identity Manager provides an on-premises setup, which is selling more in the market compared to One Identity Manager cloud solution.

One Identity Manager is a complete governance tool, but its pricing remains reasonable when measured against other vendors.

What I dislike most about One Identity Manager is the upgrade process. For instance, if I'm migrating from one version to another, I've experienced issues where old hotfixes break. Unlike Microsoft which smoothly integrates hotfixes, One Identity Manager requires me to redeploy older hotfixes even after applying a new upgrade. Another challenge is seeing many clients still using older versions that rely on the deprecated Web Designer. Migrating to the latest versions is complicated due to the complete overhaul required.

There is also a lack of clear communication or documentation from One Identity Manager regarding upgrades and deprecations, which complicates the process further.

I believe that One Identity Manager is not currently providing all-in-one capabilities effectively. It does have options for privileged account management and categorizing human identities, but it lacks visibility for non-human identities and CI/CD pipelines or cloud workloads.

I find that the user experience and intuitiveness of One Identity Manager are quite confusing. The navigation is not straightforward and requires assistance from someone experienced with the tool. Configuration settings are scattered across different areas, which complicates things and contributes to a steep learning curve, especially for new users. The documentation lacks clarity and thoroughness, making it difficult to follow procedures without proper guidance.

I have worked on One Identity Manager since the year 2022.

I see technical challenges with the cloud version, the SaaS version, especially in a hybrid setup because I often encounter issues connecting to on-premises devices. It is often more stable to have a solution on-premises that can send data to the cloud.

I have contacted technical support multiple times and found their emergency coverage reliable. They respond promptly for severity one issues. However, after an upgrade, without involving their paid support, resolving issues can proceed at a slow pace.

Negative

Since the start of my career, I have worked in the identity and access management domain, with experience in various products from Microsoft to SailPoint and Saviynt.

The initial deployment is not easy.

It requires specialized knowledge. As a techno-manager, my team has engineers familiar with the tool due to extensive experience. However, training someone to deploy in a short time can be challenging as they often require support from SMEs who know the tool.

When it comes to pricing, I find it relatively cheaper compared to competitors in the IGA space.

There are pros and cons to One Identity Manager as a product. From a strategic partner perspective, there are always pros without cons. My team functions both as integrators and sellers, as we have our managed service, allowing us to sell it to our customers. 

One Identity Manager serves as my central identity governance and administrator IGA platform for managing user identity and access across the organization.

In my day-to-day role, I work extensively with One Identity Manager to manage identity and access operations across the organization, including creating new user accounts based on HR inputs, assigning roles and access during onboarding, and immediate deactivation of users during exit.

I use One Identity Manager, a central platform for identity lifecycle management and access governance across the organization, for managing access requests through approval workflows, ensuring users get role-based access RBAC, and performing periodic access reviews.

The best features of One Identity Manager are user lifecycle automation, role-based access control, strong governance and compliance, powerful workflow automation, integration capabilities, high customization and flexibility, scalability, and stability. The biggest strength of One Identity Manager is its ability to combine automation, governance, and compliance in a single platform.

The implementation of One Identity Manager has had a significant positive impact on both security and operational efficiency, impacting areas such as faster user onboarding, reduced manual efforts, improved security posture, better compliance and audit readiness, centralized visibility and control, and increased operational efficiency, moving us from a manual identity manager to a fully automated, secure, and compliant system.

After implementing One Identity Manager, we achieved clear, measurable improvements in identity and access management, with user onboarding reduced from two to three days to a few hours, faster access provisioning for new employees, immediate off-boarding security, and 100% instant de-provisioning of access for leavers, while eliminating the risk of orphan or active unused accounts. One Identity Manager delivered faster provisioning, reduced manual workload, and improved security with measurable results.

Post-implementation of One Identity Manager, we observe major improvements across operational security and compliance, including identity lifecycle efficiency, access management accuracy, reduction in manual workload, security enhancements, audit and compliance readiness, visibility and control, and overall operational efficiency. These results highlight significant improvements in automation, security access, accuracy, and audit readiness while reducing manual effort and operational delays.

One Identity Manager is a strong IGA solution; however, there are a few areas for improvement. The user interface is complex and less intuitive, which requires new users time to navigate. Additionally, the implementation process is time-consuming and complex, requiring experienced resources for setup and customization. Despite these areas, One Identity Manager remains a powerful and reliable solution, especially for large enterprises.

I have been using One Identity Manager for around one to two years in a production environment. I have worked on implementation and post-deployment support, managed user lifecycle, handled access governance and role-based access control, supported integration with Active Directory and other systems, and assisted in troubleshooting and optimization of workflows.

One Identity Manager is highly stable in our production environment, serving as a stable and reliable platform capable of handling enterprise workloads with minimal issues.

One Identity Manager is highly scalable and well-suited for medium to large enterprise environments, scaling effectively with business growth and handling large identity environments with proper planning and tuning.

One Identity Manager is capable of supporting thousands to tens of thousands of user identities, large volume provisioning and access requests, and multiple integrations with enterprise systems. One Identity Manager supports distributed architecture, allowing us to scale by adding job servers, application servers, and database resources as needed.

One Identity Manager's customer support is generally good, with a knowledgeable and technically strong support team able to resolve complex identity and integration issues and be helpful during critical incidents. There is room for improvement in response time and documentation clarity.

I did not previously use a different solution.

We have seen strong and measurable ROI after implementing One Identity Manager, mainly due to automation, reduced manual efforts, and improved security.

One Identity Manager's licensing and setup cost are flexible; however, overall they are on the higher side, especially for enterprise deployment. Licensing is modular and use-based, and the overall cost perspective considers it a mid-high range IAM solution, most suitable for medium to large enterprises, which can be expensive but justifies the ROI.

We evaluated One Identity Manager through a structured approach based on business requirements, technical capabilities, and real-world testing, including POC, integration testing, and requirement mapping. We ultimately selected One Identity Manager based on its strong automation, governance, and scalability.

If you are planning to implement One Identity Manager, I recommend focusing on planning, skills, and phased execution. Start with clear requirements and define your use case for JML, RBAC, and compliance clearly. Prepare identity integration with systems such as Active Directory and HR applications in advance. Perform a structured proof of concept to validate provisioning workflows and integration before full rollout. Overall, One Identity Manager is a powerful solution, but success depends on proper planning, skillful implementation, and gradual rollout.

From my perspective, One Identity Manager is a mature and enterprise-ready identity governance solution that delivers strong value in automation, access control, and compliance. If implemented with the right strategy, it can significantly improve security efficiency and governance maturity in the organization. I have assigned a rating of 9 out of 10 for this solution.

My use case with One Identity Manager is both access management and identity management. The main tasks I perform involve solving issues when users receive roles but cannot access applications. During these situations, I debug within One Identity Manager to find and resolve the issues according to required actions. This is my daily use case.

The best features of One Identity Manager are the synchronization project, the mapping, onboarding using CSV, and the designer tool which allows us to write our own custom workflows. 

Once it's set up, One Identity Manager helps with provisioning and continues to work effectively. When anyone leaves the organization, they can be un-provisioned, and all access is removed instantly.

The UI of One Identity Manager is adequate, but there is room for improvement. They should publish more development documents to help users of One Identity Manager, as there are limited resources available.

I have been using One Identity Manager for one year.

The stability of One Identity Manager is good.

I don't have extensive experience comparing One Identity Manager with other market solutions, but I have heard about SailPoint, which has its own advantages and disadvantages. For large organizations, One Identity Manager is more scalable and secure.

We have 8,000 people.

The technical support for One Identity Manager rates a seven out of ten, which is average. When we raise tickets, they are directed to the respective team for response. We have two support connections from One Identity Manager itself and the partner, allowing direct communication. Issues are typically resolved within 24 hours through the ticket system.

Neutral

While I didn't work with SAP, I worked with Segregation of Duties (SoD) in One Identity Manager. It is flexible, and customization is neither particularly easy nor difficult. There are certain theories and concepts to keep in mind for successful customization.

I use the business roles in One Identity Manager, which is essentially the RBAC (role-based access system), and for the target system, we use the FRIC business role. Though I haven't used One Identity Manager to extend governance to cloud apps yet, I would if given the opportunity.

For production management, we have the packager tool, which allows setup of various environments including development, test, ultra-test, and production. We can export from lower environments and import into production using the packager tool.

I would rate One Identity Manager a nine out of ten.

I have worked on various European projects where we mainly use this tool as an Identity and Access Management (IAM) solution rather than its Privileged Access Management (PAM) features. Specifically, it serves as a central IAM tool for governance, compliance, and managing access requests across all the companies and projects I've been involved with. Most of these access requests were processed through Microsoft tools. They were onboarding applications and managing access to them via One Identity Manager through the portal it offers.

Every identity management tool has its unique features, and I believe that One Identity Manager performs quite well. From a developer's perspective, its interface provides excellent information. It includes appealing visuals and a user-friendly design, allowing you to clearly see how software accounts correlate or match with an identity. This gives you a comprehensive view of what an identity encompasses. You can establish specific rules to determine if access is fully managed by One Identity, which acts as the authoritative source for system access. Additionally, it offers a range of capabilities and customization options for managing access across various applications. Overall, I think One Identity Manager does a commendable job in this area.

One Identity Manager can be set up to have accounts synced from the SAP system and have them as orphaned in the system. The intended way is to link them to an identity, and when clicking the identity of the employee, you will see underneath the AD accounts, other application accounts, and different SAP accounts. For each SAP system, you can have specific rules. It has this capability out of the box, SOD rules, different roles, and bundles.

When users request access for a SAP system and do not have an account already, an account is created based on specific criteria that can be defined. From an end user point of view, they go to the portal and request access. If they do not have an account, they get one. If they already have an account, the access will be added and provisioned properly. The account will be connected to their identity with all the access in the downstream application in SAP. It requires a good architect to think through all the different cases for the business. Many connectors must be built because some companies use upwards of 200 SAP systems.

One Identity Manager offers governance for cloud apps through its cloud framework. The logic remains similar to on-premise applications: build a connector, import data, create business roles, enable requests, and implement approvals. The governance framework is particularly strong with application approval workflows and recertification processes.

The solution provides technical options to distinguish between different types of accounts per system. For AD, different rules can identify and manage various account types differently. It offers strong reporting capabilities and can detect policy violations.

For application management, One Identity Manager has a built-in risk framework that helps businesses with approvals and recertifications. Full application management without IT involvement requires building custom frameworks.

It helps to streamline application access decisions, application compliance, and application auditing for customers. When auditors come in, they require that access be managed using an IGA tool. It's quite easy to set up; you just need to build a connector to facilitate this access. In addition, a business analyst can identify the business rules needed. You publish the business rules and set up an approval process—usually requiring two approvals if it's related to the application. Once the business rule is published, a user can request access through the portal, and someone will approve it—standard procedure. You can also run certifications and set up different approval processes for employees who need access for one year or for those who are moving (like shifts). Certification can involve various terms, including access reviews or access refusals. It's a straightforward process. It's strong and reliable. I've seen hundreds of applications successfully managed and compliant because of this process, which includes approval requests and access refusals. You simply onboard the application, and you're set—it all becomes remote for you. All the audit trails are available. You can see who approved what, why they approved it, when the access was granted, and when it was revoked, among other details. It truly helps to maintain compliance.

The solution offers some out-of-the-box capability to manage profiles, but I have not worked with other aspects. In the companies where I was working, they were not using this from a SAP point of view.

One of the most significant advantages is its strong security around identity management when compared to other tools; it's quite robust. However, it does come with a high learning curve, making it difficult to implement and operate without a dedicated IAM team. You need people with substantial experience—likely several years—in order to navigate the complexities effectively. It's not something you can easily outsource entirely to a consultancy. In the past couple of years, they released a new version, Version 9, building on the previous version 8.02. This new version introduced a revamped portal where end users can request access. The previous version had a built-in portal that was quite complex to configure. In the new Version 9, they developed a new portal based on Angular, which offers many capabilities. If someone knows how to utilize it and learn its features, they can make API calls to interact with other systems. Some consulting firms are already developing custom frameworks around this to leverage these capabilities. 

This new portal is where end users go to request access. It provides good out-of-the-box functionalities, allowing users to request access to various applications, and managers can approve these requests. In addition to the default functionalities, the use of APIs is enabled through the portal. However, the general market lacks expertise regarding this tool; only a few companies are actively investing in understanding how it works and offering their services based on that knowledge. Many businesses are migrating to this new portal as the older versions are being phased out of support and are eager to learn how to maximize its capabilities.

Overall, One Identity Manager is a robust tool designed for large enterprises and is still an on-premise solution.

One Identity Manager does not offer much in terms of delivering SAP-specialized workflows and business logic. Custom workflows can be built, but it is limited in that regard. Comparing it to SailPoint, One Identity Manager is less advanced around SAP, particularly regarding the flexibility to build custom flows. While customizations are possible through processes in One Identity Manager where you can build PowerShell code or make API calls, this is not the intended way and requires heavy customization that might become unmanageable.

They could offer more out-of-the-box connectors so that custom PowerShell connectors would not need to be built. 

The support could be improved. They could add more AI to help with role mining. The new portal documentation needs improvement as some partners are more advanced in understanding how the Angular portal works than One Identity itself.

I'm not currently working with it. I stopped working with it three to four months ago. Before that, I worked with it for about three years and seven months.

Regarding support, they prioritize resolving escalated issues. However, their response can be slow. Whenever I open a ticket, the reply often includes a request for the specifications of the server I am using. For instance, they frequently ask, “How many gigabytes of RAM are you running on the server?” If I'm not using the maximum recommended specifications, they immediately suggest that there is a problem. They don’t always consider that the issue may not be related to performance at all.

I haven’t had the best experience with them, but I understand that they do eventually respond. However, there have been instances where we had tickets open for months without any resolution. Sometimes, they would either go quiet or eventually respond and help us find a solution. I’ve faced many similar situations across various projects.

At the end of the day, I’m not a customer, so I’m not too concerned about the experience. However, the application owners of One Identity in these companies have expressed dissatisfaction with the responses they received. They wanted more immediate assistance and access to more skilled resources. That's understandable. Overall, I would rate the experience as a six out of ten.

Neutral

It depends on the situation. If you're starting from scratch, in a greenfield scenario, where you have nothing set up and don't have an IGA tool, then you can begin by establishing an Active Directory. You start with the basics: take employee data and import it into One Identity Manager to create Active Directory accounts for each employee. This setup can typically be completed in about three to four months. It’s not overly complicated. However, it’s important to note that most businesses have complex processes that don’t easily translate into the tool. To effectively monitor applications and manage these processes, you really need technical expertise.

For a large enterprise that has the capability to support an on-premise solution and is willing to find reliable partners to assist with this new portal, along with the technical know-how to match the tool's capabilities, it can be a highly effective solution. This tool offers a wide range of features out of the box. However, the biggest challenge is the steep learning curve; it's essential to have experts with many years of experience and strong technical expertise to maximize the tool's potential. This solution is not suitable for small companies or those seeking a quick implementation. It requires a significant investment initially, but it pays off in the long run due to its extensive features compared to other tools.

I don't have information on the costs associated with the tools or the specific deals they offer. However, I do know that it's challenging to find technical expertise, and these professionals often command high salaries.

In addition to purchasing the tool and its licenses, it's important to account for the need for a dedicated team, especially if you're a large enterprise. There are significant costs involved in maintaining the solution and ensuring it operates effectively. Unfortunately, I don't have details on the licensing fees or per-user costs, among other specifics.

My recommendation is that you really need to understand the realm of identity and access management. It's important to consider the alternatives available, and I believe that for some companies, One Identity is the best solution out there. For specific enterprises, it could indeed be the ideal choice, but for others, it may not be suitable. For instance, a small business with fewer than 25,000 employees, which may not prioritize governance and compliance, might find One Identity unnecessary. It really depends on the landscape of the company using the tool—what their requirements are, what applications they have, and what they're aiming to achieve.

One Identity is quite beneficial for finance-related entities that have strict compliance and security needs. However, One Identity should invest more in AI and enhance their documentation on the new portal. This improvement would help customers and developers better understand what they are building.

The business roles functionality is a very standard part of the access model. Typically, you would start with an application. You gather all the users and their entitlements, which include the accesses they have. Then, you need someone, such as a business analyst or consultant, to help identify bundles or groups of this low-level access. Instead of managing each access individually, you can group them together and create a role for each application, or possibly a combination of different applications. This approach greatly simplifies management. A user doesn’t need to know all the low-level accesses required in a system or across different systems. By creating bundles of access with accompanying business rules, it becomes easier to understand. For example, if I am a DevOps member working with AWS, there’s already a pre-defined access bundle for me. My colleague can tell me to request this specific access, which provides everything I need. Alternatively, access can be automatically assigned based on department—whenever someone joins a specific department, they receive all associated accesses. 

Moreover, you can build dynamic rules around these business rules. While technically speaking, in the One Identity Manager, an application role is part of a business role. However, it’s important to note that you can have a business role defined by specific criteria. Anyone who meets this criterion receives the business role, which is beneficial for management. For instance, if you want to grant access to new hires for applications like Teams, all relevant accesses can be bundled into a business role. If someone leaves the company, their status would change to inactive, and they would lose their access. This streamlines the access lifecycle management process.

From an end-user perspective, it simplifies requests for specific applications or accesses per department. Depending on your chosen architecture and access model, this organization is crucial. However, a key requirement is to have a business analyst involved; otherwise, you risk ending up with scattered entitlements and groups that lack clarity regarding their business association. Finally, don't forget to set up an approval process.

From an end-user perspective, with the new Angular portal in version 9 and upwards, it has improved significantly. However, not all companies have migrated because they have custom logic in the old portal that needs to be translated to the new Angular portal. The new portal is better as it is easy to navigate with straightforward navigation bars. Previously, sometimes custom queries behind the portal really slowed down end-user performance, with users reporting waiting 15-20 minutes for a page to load, especially during approvals or attestations. This was particularly frustrating for users needing high-level managerial approvals for various tasks. In the new portal, you can customize tasks to address some of these performance issues, making it a more efficient experience.

Overall, I would rate it a seven out of ten.

One Identity Manager is used for the user lifecycle and to enforce access governance across the organization's systems. This solution helps to automate account creation, any modification, or any account removal. It also controls access through approval workflows, which is the main use case.

A real-time example of how One Identity Manager has helped the team was during a new employee onboarding and access assignment scenario. Multiple new joiners in different departments, such as IT or HR, had their accounts created in the AD automatically, with access assigned to multiple applications, and proper procedures were followed.

One Identity Manager has had a good impact on the organization and has really improved access control and reduced manual efforts. The identity processes are now more consistent and processed, which is helping significantly.

Manual errors have been reduced because all things are automated. There has been great time saving. The same process that was taking one to two hours now takes only 10 to 15 minutes mostly. The automated provisioning of the user across the system occurs in much less time and has really reduced manual tickets.

There has been a strong return on investment after implementing One Identity Manager, especially through automation, reduced operational efforts, and improved security. Time saving has been achieved in user lifecycle management, and there has been a reduction in support tickets of almost 60 to 70%, along with a reduction in errors.

The lifecycle automation feature of One Identity Manager is found to be very effective. It handles user onboarding and access assignment without any manual interruption or steps. This has really helped to improve efficiency and accuracy.

Lifecycle automation has multiple aspects that are really helping. One Identity Manager's lifecycle automation has made the biggest difference in secure and instant onboarding, which not only reduced the risk but also reduced efforts from daily operations.

One Identity Manager has provided great security with great automation features and great usability.

OEM documentation for the initial setup could be improved.

One Identity Manager has been in use for more than four years.

There have been no downtime or reliability issues with One Identity Manager. It is a very stable solution.

There are no scalability issues with One Identity Manager. It is highly scalable and capable of keeping up with the organization's growth needs, especially in the enterprise environment.

The customer support team for One Identity Manager provides a great experience. They resolve any technical issues within a given timeline and provide support 24/7.

One Identity Manager has been the only solution used from the start.

The vendor's sales team provided a great experience because there was a very positive response from the team, and they helped in procuring the solution.

The organization is a partner with the vendor of One Identity Manager.

Other solutions were not evaluated before choosing One Identity Manager.

One Identity Manager is highly recommended. It is a great solution that comes with great features and great security features. The advice would be to define the identity process and roles clearly before procuring or implementing. Start with the basic features and then move to the more advanced features. Proper planning is needed before implementation. The overall rating for One Identity Manager is nine out of ten.