One Identity Manager Reviews

One Identity Manager streamlines our entire identity lifecycle management. It handles onboarding new joiners, assigning and controlling roles with role-based access control, and automates user access reviews twice a year. Additionally, the system facilitates reporting for audits, providing auditors with necessary information on demand. This centralized system acts as a one-stop shop, managing everything from onboarding and role assignment to offboarding and emergency access control.

With centralized user management, data is effortlessly pulled from various systems like SOAR and HR, simplifying user creation and data maintenance. This allows for easy user editing, role assignment based on HR attributes or department affiliation, and streamlined account allocation based on review levels, departments, or the entire organizational structure.

Our Access Control in One Identity Manager is 99 percent automated saving us nearly 100 percent of our time.

One Identity Manager simplifies SAP administration by providing a centralized view of even logically disconnected SAP accounts. It offers a flexible helpdesk approach. We can either leverage its built-in model or create our own UI accessible to specific teams based on their applications. This ensures each team sees only relevant tickets for their area, streamlining access management for disconnected applications.

One Identity Manager can connect SAP accounts to employee identities under governance.

One Identity Manager simplifies Identity Governance and Administration for SAP, a complex system to manage in this regard. It empowers us to effectively manage SAP profiles, roles, and groups, ensuring their proper assignment to corresponding SAP accounts.

The solution delivers SAP-specialized workflows and business logic.

One Identity Manager integrates with its Privilege Access Management solution to provide more granular control. This means we can define different account types within One Identity Manager, such as normal, admin, and privileged accounts. By assigning privileged access only to designated accounts, we can restrict access and permissions and enhance overall security control.

One Identity Manager offers a user-friendly experience with an intuitive interface. It even provides a webshop for end users, allowing them to easily request new roles or accounts in various systems with a simple two-click process.

Having the right resources makes customization a breeze. While understanding customer needs and translating them into technical specifications requires some processing upfront, One Identity's suite of tools simplifies the actual back-end work. From drag-and-drop interfaces for workflows and reports to scripting and C# coding supported by existing SDKs, customization options cater to all users.

This dynamic application provisioning solution uses business roles to map our company's organizational structure. In other words, access to applications is determined solely by our assigned role within the company hierarchy. This role-based approach ensures users only receive the permissions they need based on their specific function, preventing unnecessary access.

One Identity Manager streamlines our cloud governance by providing a centralized platform to manage user access permissions across all connected cloud applications. This eliminates the need for individual provisioning for each app, ensuring efficient authorization control.

We have significantly improved our compliance posture with One Identity Manager. Previously, auditors identified numerous findings during manual audits, requiring extensive time and resources to address. With One Identity Manager, we've automated the onboarding, offboarding, and joiner processes, achieving a 95 percent closure rate on audit points. This centralized solution streamlines the auditor experience, allowing them to efficiently obtain information from the IAM team, saving both the organization and auditors valuable time.

We have minimized inconsistencies in how our governance policies are applied across test, development, and production environments.

One Identity Manager helps us create a privileged governance stance to close the security gap between privileged users and standard users by managing those accounts separately. This segregation prevents unauthorized access, as standard accounts cannot hold privileged rights and vice versa. This clear separation helps to close the security gap between these user types.

One Identity Manager streamlines our procurement and licensing processes, allowing our initially large operations team to focus on more strategic tasks. By automating license management for connected applications like SAP and Azure Active Directory, the solution eliminates the risk of human error – forgotten access removals for unused licenses are a thing of the past. Now, licenses are automatically assigned and reclaimed based on user activity, ensuring efficient resource allocation. This means new hires receive immediate access, and vacated licenses become readily available, freeing the operations team from manual license management headaches.

One Identity Manager streamlines application access decisions by automating the provisioning and de-provisioning of user access based on HR data. This eliminates manual intervention and delays for both HR and department personnel. When an employee changes departments, their access permissions are automatically updated in the identity management system, granting them the necessary tools to perform their new duties immediately.

It also streamlines the automation of identity and access controls, making it easier to implement a zero-trust security model where every user and device is verified before granting access.

While our audit processes were once cumbersome, requiring auditors to chase down reports from individual SAP administrators, everything is now centralized. One Identity Manager stores all application and database information in a single location, streamlining reconciliation efforts.

One Identity Manager stands out for its extensive functionality. It allows us to perform nearly any customization a customer might require, unlike other products with limited customization options. One Identity Manager's wide scope for tailoring configurations makes it a versatile tool. It can connect to various target systems, including Active Directory and schema-based systems like REST APIs. This makes One Identity Manager a great fit for our organization's end-to-end needs, from user provisioning and auditing to onboarding new joiners. It seamlessly fits all our requirements.

Transitioning from legacy technologies, like for a seasoned web designer moving to Angular, can be challenging and requires dedicated learning. To ease this shift, One Identity Manager could provide reusable components, similar to other systems, which would streamline the learning process and allow for greater customization.

I have been using One Identity Manager for almost ten years.

Offers a user-friendly experience with an intuitive interface and makes customization a breeze

I would rate the stability of One Identity Manager ten out of ten.

One Identity Manager is highly stable when used with its built-in features, but customized scripting introduces an element of user responsibility - any instability caused by custom code would be due to how it's written, not the software itself.

I would rate the scalability of One Identity Manager ten out of ten.

You only need premium support if your One Identity software is outdated. Standard technical support, which comes with your license, covers the current version and usually the one before it.

The technical support offers a good experience. They provide a portal to submit issues, collect all necessary information, and have an L1 team address them. If the L1 team can't resolve the problem, they typically escalate it to the L2 or L3 teams for further assistance, demonstrating a commitment to finding a solution.

Positive

We migrated from Oracle Identity Governance to One Identity Manager due to licensing costs, limited functionality, and Oracle's decision to retire the product.

The deployment took one week and required five people.

VMDH assisted us with the initial setup, and for any future support, we can contact One Identity directly or reach out through their authorized partner.

One Identity Manager has positively influenced our ROI in terms of security and compliance. 

One Identity Manager is cost-efficient. The license is based on the number of identities we have.

We use a One Identity partner, VMDH for our licensing.

I would rate One Identity Manager nine out of ten.

We have 3,000 front-end users in our organization. While we only have a single instance of One Identity Manager, for redundancy purposes our servers are spread across different data centers. This means if one data center experiences an outage, the application can fail over to the remaining servers in another location, ensuring continued functionality.

One Identity's partner, VMDH did a good job training our staff on the solution.

Six years ago, VMDH provided us with initial assistance customizing One Identity Manager. We have since developed our expert team and now primarily rely on them for our One Identity needs. We only contact VMDH in critical situations when we require immediate help from One Identity experts. In such cases, we typically reach out to One Identity directly, but if there are delays, we will then connect with them through VMDH.

One Identity's partner was on standby in case we required any post-implementation support.

The customer service we received from the One Identity partner was good.

I found the One Identity partner to be valuable, rating them a nine out of ten.

One Identity Manager is designed for low maintenance, requiring infrequent patches and updates to keep it running smoothly.

One Identity Manager offers a unified approach to identity and access management. It eliminates the need to cobble together multiple products from different vendors for functionalities like Identity Access Management or Privileged Access Management. This saves your organization's time and resources.

Hybrid Cloud

Our primary use case for One Identity Manager is focused on automatization and digitalization, specifically in introducing identities with appropriate permissions across various IT systems.

One of the most valuable features of One Identity Manager is its availability as an on-premises solution and as infrastructure-as-a-service in the cloud. Additionally, the reporting capabilities, powerful synchronization engines, and workflows, including the SAP connector, are highly beneficial. The solution provides an identity-centric approach which supports achieving a Zero Trust model, and it significantly reduces operational costs by allowing the same number of support team members to manage a greater number of systems.

The user experience has been a concern in the past, particularly with the web interface, but improvements are expected with the transition to Angular. The support from One Identity is very poor. The response is often delayed and lacks actionable advice, such as suggesting updates without confidence in their effectiveness. It is crucial for them to expand their support team to match their product's success. More comprehensive testing and detailed best practices in handbooks could enhance problem resolution.

We have been using One Identity Manager for quite some time, starting with their former product, ActiveEntry, since 2007.

Deployment is complex due to numerous prerequisites that must be met. Installation takes longer than expected, but after a solid design and documentation, it works well.

Customer service and support for One Identity Manager are poor. Despite thorough pre-case activities, responses are often delayed, inadequate, and lack confidence in solving issues. The current support team is overwhelmed by the product's success, and more personnel are needed to improve service.

Negative

The initial setup of One Identity Manager requires a solid design and documentation. It is not a tool to be used without thorough planning. The primary installation is complex, with many prerequisites and conditions that must be addressed. Successful deployment requires careful consideration of all design and documentation steps.

It is difficult to quantify the exact return on investment, but we have observed significant benefits in terms of operational efficiency. The same team can now manage many more systems than before, which is a remarkable advantage.

One Identity Manager is positioned as a premium product. It falls between middle and high in terms of cost, approximately a six to seven if ten is expensive.

More tests incorporating different use cases and scenarios would be beneficial. It would be advisable for One Identity's testing processes to include real-world feedback and use cases, allowing for more thorough and robust product improvements. I rate the overall solution at least eight out of ten.

On-premises

We have several use cases. I work with the German police, who use it to manage use cases. When the forensic examiner goes to the field to gather evidence, they have to transfer this evidence to investigators. We handle the entire process of data cleaning. When the forensic examiner goes to the field, an identity and governance process takes that data, creates an evidence file for it, and transfers that file to an investigator in that team. We also do email password provisioning.

We improve case processes for the bank we work with. They're also using One Identity for account management and provisioning. I'm working with an architecture firm onboarding new employees. There's a global assignment process where an identity or an employee can be assigned to a different country, and he still has to retain his employment. We map the identities even though he's given employment in another country. 

The main benefit of One Identity is process management. Processes are easier to handle. With the police, if a forensic editor or examiner goes to the field and gets all the data, he would need to go to another office with his flash drive and all of those devices. 

He has to call the investigator and tell them he's coming to their office. If the investigator isn't there, he cannot go in. When the guy has time, he will open the door. He goes in, plugs in the device, and waits for hours because they must upload terabytes of data. It takes a lot of time to transfer data because of the internal processes they use. We streamlined the process so the investigator could upload data from the field. 

We also helped a client who had employees traveling to another country on a global assignment. If you must create a new identity for that user because he needs a new identity to work in that country, he can't because we always have to separate objects from different countries. We can manage one user in two different countries and create a sub-identity for that user. 

One Identity Manager helps us minimize governance coverage gaps among test, dev, and production servers. One thing I love about it is the database transport tool. You can model data from the Dev environment and not necessarily push the data. You can model the processes, projects, scripts, business roles, etc., in the dev environment and move them to the testing environment. Once the testing is finished, you can move the transport file to production. It's powerful because you don't need to manually alter the data. 

With business roles, you can close the gap between privileged users and standard users. You can assign business roles to people based on their position and Active Directory group access. 

It streamlines the audit process. Let's say certain users aren't supposed to have access to application data based on their AD group membership or business roles. We can check this for audits and see which users can access applications based on their identities. You can provision applications to specific users based on their membership and identity.

One Identity Manager is identity-centric. Every object is treated as a different entity. Because of this, you can monitor the life cycle of every identity when it comes into the system and how it behaves in the system. You can monitor every identity's access throughout that identity's life cycle. The zero-trust model says that this identity can't access anything it isn't supposed to access at any point in its life cycle. be able to access anything that this identity is not supposed to access. You can trust that once the configurations are done properly, no identity can access any other property that it doesn't have access to.

The solution streamlines licensing. When a user gets employed, we assign them to the group for new employees. When they belong to that group, a trigger creates licenses for each new user. When the user signs into all those accounts, we have a table that shows Microsoft access. Once they are granted Teams access, all of this information is updated for the users. We use that for licensing, but I've never worked with procurement.

The designer tool is one of the most powerful features because you can manage permissions and permission groups in it. The designer is a tool for adding and removing permission. The manager lets you create IT Shop objects and determine which type of user can access an object.

One Identity is versatile and complex. There are no limits to what you can do with this tool. It integrates well with Active Directory and has a powerful API integration. They also introduced the new Angular platform to replace the old web portal, which was too complex. Angular is a simplified web UI for users to do whatever they want to do.

We can leverage JavaScript and the Angular framework to build interactive UIs with the new Angular portal. Also, the new API server makes a lot of sense because using Angular is the front end, and the API server is on the back end. You can do anything you want. It's limitless at this point.

We use One Identity to manage SAP and logically disconnected SAP accounts. From an architectural point of view, you can create request staging tables to sync to the SAP through API calls to the SAP module. You can link the data source to the One Identity staging table to ensure all data goes into the One Identity testing table. You ensure all the necessary fields are there and create a staging table where you would load all the information from SAP. 

You can sync into the One Identity object. From there, you can do whatever you want to do. You can create Active Directory groups and add permissions. SAP is also robust. For example, let's say you have a department's table in SAP. You can also get the department information from the SAP and tie it to the object depending on how you want to sync and structure your project. My approach would be to create a staging table and make an API call to SAP, filling up and syncing the table to the SAP objects in One Identity, adding all the necessary permissions from SAP to the same user, and creating the AD groups if that's also part of the plan. 

There are many approaches to connecting One Identity Manager to SAP accounts under governance. There is no written-in-stone way to do this. The cleanest approach would be using a staging table where you can add all the permissions. A staging table contains the user information and the groups the user belongs to. All of that information will be in any staging table you want. From that table, you write information into the object. 

It helps manage some of the more difficult aspects of SAP. If you have a staging table with all the information from SAP stored there, you have all the rules, Active Directory group names, and permissions. You have all the information. You can use that information to create an identity in One Identity. If you have an SAP account, you must create that SAP identity in One Identity. You can tag and call it SAP and import the source. You can add a SAP tag to it to show that this is an SAP account. 

Before Angular was introduced, the user experience was bad. To do a small custom change in the web UI, you had to do a lot of configuration on the back end. The new Angular portal solved that problem. I don't have any complaints now. The user interface is perfect, making the experience good for the users. Loading objects, caching, and handling errors are way faster with Angular.  

One Identity's business roles help us with provisioning. The whole idea of business roles is to provision based on the user's role. You create business roles for a department with a manager, assistant manager, technician, etc., so you can create custom business roles for all these positions in the same department. Each has permission to do certain things because of their business role. Business roles assign resources and permission groups based on role. It's critical because it limits access based on those roles. We can use business roles to extend governance to cloud apps. 

One Identity can be complex to customize, depending on the scope of the project, the existing system, and the architecture. If the underlying architecture does not suit what the user wants, you must rebuild it entirely by moving data, changing data objects, etc. In a production environment, that can do much harm because these processes and data inputs will change. If the scope is not so robust, you can customize as much as you want. 

On an existing project, the standard was kind of poor because they didn't use experienced consultants to do it. You had to consider rewriting a lot of things, changing how the code works, or redesigning processes. These are not hard things to do, but may just take time. Time will always be a major factor to consider when customizing.

I have actively used One Identity Manager for three years.

One Identity is highly stable. Some companies are still using the 2013 version, and it works perfectly for them. They have not updated it since then. You don't need to upgrade to the latest version. It comes with a lot of benefits like the Angular portal, but it's highly stable. As long as it meets all your needs, why change?

One Identity is scalable, depending on your architecture. 

I rate One Identity support six out of 10. They have bad support. Sometimes, they're fast, and sometimes not. They have 24-hour support, so when you message them, they try to fix their problems. One Identity can give you a technical engineer who can guide you through what to do or give you custom scripts for a problem.

Neutral

Deploying One Identity is straightforward, and configuration is not complex at all. If you have access to the database and application server, initial deployment can be completed in a day. Once you install it, there isn't much maintenance aside from updating to a newer version. You also need an engineer or a consultant to monitor the data for inconsistencies. 

I'm a developer, and I can see the relief from companies because when a person who needs access doesn't have it, emails fly everywhere, and everything stands still. If someone needs access over the weekend to a business-critical task and they can't do it, those problems lead to a lot of waste. It has saved a lot of time and saved some companies a lot of money.

One Identity isn't cheap for small or medium-sized businesses, but I don't think it's necessary for a small company to use. The price is fair for large enterprises with thousands of employees that want to adopt a zero-trust model. 

People talk about CyberArk, but I've never used it before. I don't know how better it would be than this. I don't see anybody competing with this. One Identity is on another level.

I rate One Identity Manager eight out of 10. If you plan to implement One Identity Manager, I recommend finding an experienced consultant. They are not cheap. If you're thinking about implementing One Identity at a small business, I would tell you not to waste your time. At a mid-sized business with a lot of identities or a contractor for a big company, you can use One Identity, but you still need an experienced consultant, depending on the scope of the project. 

I use One Identity Manager for all the IAM capabilities in my day-to-day use cases, such as Identity and Access Management.

When initially implemented, One Identity Manager comes with basic modules, but additional ones can be added to encompass data governance, complaints, audits, and more within a single platform. Many organizations limit its use to identity and access management processes, but its potential extends far beyond this, offering broader application and management opportunities. Ultimately, the system's effectiveness depends on how it is managed and implemented within an organization.

From a non-technical perspective, there isn't much customization we could do on the portal apart from seeing whatever our IT admins have given us access to. However, One Identity Manager can be customized heavily on the back end. Customizations are easy because they have a lot of documentation. They have provided extensive documentation. But at times, following the documentation can be a bit difficult. It can help you. For example, if we know the product, we can easily manage everything.

One Identity Manager maps out company structure through its business role feature, which offers dynamic role-sensing capabilities. Unlike other tools, it allows for assigning approvers and managers to business roles, effectively managing multiple access modules under a single umbrella. This functionality is useful for achieving least privileged and role-based access metrics, making it a valuable asset in various use cases.

We have some integration with cloud apps, and One Identity Manager recently introduced Starling Connect, offering several out-of-the-box features. However, current functionalities are limited, so significant customization might require exploring additional API endpoints. The available attributes and tools are sufficient for basic cloud management tasks.

The benefits of implementing One Identity Manager would be immediate as its out-of-the-box configurations can be enabled right away. However, realizing these benefits might take longer if the enterprise requires end-user customizations. In essence, the speed of reaping the advantages depends on whether we utilize the tool's standard features or need to tailor it to specific organizational needs.

One Identity Manager effectively reduces governance coverage gaps across production servers by offering a comprehensive suite of governance-related capabilities. Its built-in transporter tool facilitates seamless migration of changes between environments, eliminating the need for manual configuration or reliance on third-party solutions. Unlike other tools that may require custom integrations or external dependencies, One Identity Manager provides a complete, out-of-the-box solution for managing environment transitions.

One Identity Manager can help establish a privileged governance framework to bridge the security gap between privileged and standard users. The specific capabilities depend on the enabled modules. The privileged access governance module offers advanced features like risk indexing and out-of-the-box support for identifying high-risk identities based on configurable rules or violations. Even without this module, the platform provides customization options for managing privileged users and includes basic risk assessment functionalities.

One Identity Manager can assist in consolidating procurement and licensing, but the extent of its capabilities depends on the target system being managed. While it offers licensing management features for SAP systems, including the ability to fill in gaps, managing licensing for other products requires customizations utilizing Active Directory or Azure Active Directory groups. In these cases, the process differs from the integrated licensing management available for SAP within the One Identity Manager platform.

One Identity Manager simplifies application access decisions by consolidating all entitlements for any integrated system into a single product within the IT department. This unified platform enables efficient access requests, approvals, and multi-level approval workflows, with customization options to manage application entitlements according to specific needs. Additionally, the system's rules can merge multiple access entitlements into a single request, which can be submitted through the front-end portal.

One Identity Manager's ability to streamline application compliance varies depending on the integrated application. Out-of-the-box applications offer built-in compliance capabilities, but third-party tools or custom solutions may be required for those without pre-built connectors. However, compliance functionalities are available for all out-of-the-box target systems.

While One Identity Manager cannot perform a full application audit, it can assess access entitlements and identities within the application.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. With appropriate permissions, these managers can establish business roles, assign applications and items, and create corresponding system roles accessible to other organizational users. While this capability exists, most organizations avoid this approach due to the potential for invalidating business roles without proper verification.

Achieving a zero-trust model with One Identity Manager is feasible but heavily reliant on the policies configured within the system. We can effectively establish a zero-trust environment with carefully crafted policies and conditions. However, limiting the tool's use to provisioning, de-provisioning, and data manipulation processes restricts its potential. By fully exploring and leveraging One Identity Manager's capabilities, we can significantly enhance our ability to implement a robust zero-trust model.

From a technical perspective, One Identity Manager's greatest strength lies in its extensive customization options. The platform offers a wealth of functionalities and flexibility, allowing us to tailor solutions to meet our organization's specific needs without limitations. This unparalleled adaptability is One Identity Manager's most significant advantage.

The end-user interface is intuitive and easy to navigate, making finding information within the portal simple. However, extensive customization can complicate management. From a technical standpoint, the backend is more complex due to managing multiple client tools for various One Identity Manager modules. While these tools interact, their number can overwhelm new users, hindering their ability to effectively understand and utilize the system. The front end is user-friendly, but the back end presents significant challenges.

One Identity Manager is a complex tool with multiple components and a convoluted backend. Its various clients for managing different tasks can confuse IT and non-IT users. Simplifying the tool and streamlining processes would be beneficial. Additionally, while the out-of-the-box connectors are helpful, incomplete support for certain objects hinders efficiency. Providing full support for all objects would enhance the tool's usability.

I have been using One Identity Manager for almost four years.

We haven't encountered significant stability issues. If we follow the provided documentation, we should not experience multiple problems, and a clean environment is crucial for proper configuration. However, mismanagement of processes or queues can lead to crashes. Ultimately, system stability depends on environment management, deployment, and configuration within the system.

It is highly scalable, supporting both vertical and horizontal scaling. Deployment on orchestration platforms like Kubernetes simplifies management, especially with the right team and capabilities. Kubernetes environments offer significantly easier scaling compared to other solutions.

I have experience with Microsoft Identity Manager, Entra ID, and SailPoint Identity Security Cloud. While Microsoft Entra ID and SailPoint are relatively straightforward to manage with uncomplicated backends and easy-to-implement features, One Identity Manager is more complex. Due to its multifaceted functionalities, new users or organizations lacking a deep product understanding might need to reinstall the entire application to enable specific modules. Consequently, many only utilize its basic features instead of fully exploiting its capabilities. In contrast, SailPoint and Microsoft Identity Manager offer simpler installations and SailPoint offers broader compatibility beyond Windows, making it more adaptable to different environments than One Identity Manager.

Product knowledge significantly simplifies One Identity Manager deployment. However, the extensive documentation can pose challenges for newcomers unfamiliar with the product. Unlike concise, step-by-step guides, the current documentation requires navigating a complex structure, potentially leading to confusion. Implementing prerequisite checks and other validations will be necessary to successfully deploy the system, making it a demanding task for those new to One Identity Manager.

In addition to licensing fees, we may incur costs for professional services if product issues or implementation errors arise beyond our control. While a community exists, support can still be challenging. Furthermore, the product is relatively expensive compared to alternatives. Certification costs are also notably higher, requiring mandatory five to six-day training sessions and exams only offered to groups of 15 to 20 people. This contrasts with other products, such as SailPoint, which offer standalone exams for certification seekers.

I would rate One Identity Manager eight out of ten.

Due to its heavy customization, One Identity Manager requires ongoing maintenance, which necessitates a dedicated resource for complete system upkeep. Moreover, significant data inconsistencies within integrated systems can render data management within One Identity Manager a demanding task. Consequently, maintenance is not solely product-specific but primarily data—and process-dependent.

On-premises

We use One Identity Manager for access control and identity management. It is the central repository for all our organization's users. It has all the access control points, role-based access control, security policies, single sign-on, password management, and privilege access management for all the stuff we did.

It's pulling the public Azure access, so we can identify who has the right level of access. And we have the SODs, the artifacts, and the scoring server. It helps us identify customers with that public access and whether it should be removed or managed by the owners.

It helps automate provisioning and launching application accounts. It will also investigate compliance issues. We already have some custom reports, and Identity Manager's built-in reports are quite helpful.

The solution empowers application owners or business managers to make application governance decisions by themselves without IT help. It has a lot of features that allow you to configure that.

One Identity Manager is more scalable and customizable than other products I have worked on, and user customization isn't as complicated. Defender, One Identity's PAM solution, is useful for rotating passwords in the developer's evolving facilities. 

Customizing the UI and backend is easy if you understand the framework. It may take some time to learn, but it's not too difficult once you have it down. Business roles are a handy tool from One Identity that we can map multiple accesses in a single bundle and provide it to the users. You can also provide birthright access to this, so they don't need to request it once onboarded. We can assign them access based on a particular department or a job role.

The out-of-scope connection for the cloud data applications could be better. We have to contact the data on the connection center if it's coming out of the process.

The UI may need some improvement, but it's still great. GraphQL Cloud isn't quite visible yet to the end users, and they said there are some issues there because we have lots of users on board, so it takes time to reflect when the approval is going through and who they should contact to get it approved. The smoothness in that UI performance could be better.

I have used One Identity Manager for four years.

I rate One Identity support eight out of 10. We customized the system a lot when we were using a system. We had dedicated support from the vendor on the data side. They were for within the SLA time.

Positive

I rate One Identity Manager nine out of 10. 

Public Cloud

We utilize One Identity Manager for user identity access management and troubleshooting, all founded upon dynamic roles.

I appreciate One Identity Manager as a comprehensive platform for enterprise-level administration. Its centralized approach to identity management eliminates the need to search for or connect to multiple products simultaneously, allowing for efficient and streamlined management of various aspects of identity administration. For instance, while products like Active Roles within One Identity can manage roles, I believe One Identity Manager provides a more cohesive and integrated solution, offering a central hub for all identity-related tasks.

The One Identity Manager is generally intuitive for most users, allowing quick access to all features.

The benefits are almost immediate. Everything we see in the program, the interface, and other tools happens online. With One Identity Manager, we can monitor and manage everything almost instantly in near real-time.

It streamlines application access decisions and application compliance.

One Identity Manager has streamlined our application auditing process. It is an invaluable tool, particularly during implementations or complex projects. Its visual interface and quick user search functionality are indispensable when dealing with real-world scenarios. Although we sometimes utilize other One Identity tools, Manager remains our go-to for the most detailed information. The Manager instantly reflects on any changes, ensuring up-to-date and accurate data.

It empowers application owners and line-of-business managers to make informed governance decisions without IT involvement. As a former identity access management consultant, I found this tool invaluable for helping clients centralize and streamline the management of their applications.

One Identity Manager assists in implementing an identity-centric zero-trust model. This approach, which emphasizes the importance of identity verification, was a cornerstone of my DevOps team's security practices. Zero-trust is crucial because it prevents unauthorized access, even when changes to the application are visible. In such scenarios, trusting no one is essential, as any individual, including threat analysts, system administrators, or consultants, could make modifications. An identity-centric zero-trust model empowers employers to monitor all changes their employees make, ensuring precise accountability.

I greatly appreciate the initial approach provided by One Identity Manager. It's beneficial because we can easily view nearly all the information about our users without extensive searching. Access to users and groups is rapid. For instance, if a user has standard connections, such as Active Directory, LDAP, or SAP integrations, we can readily access information based on their identity. This is a fantastic feature.

The user interface design could be improved, especially during checkout and navigation. The web portal, for instance, can be confusing at times, with buttons and steps not always clearly defined. This can hinder efficient task completion. The portal should include quick guides to assist users, as the descriptions can sometimes be challenging to understand.

I used several cases to ensure consistent governance across test, development, and production servers. While this approach is common with transports and other tools, it's less familiar in One Identity Manager. I found the One Identity Designer more suitable for this task. Therefore, One Identity Manager is not optimal for achieving this goal.

I have been using One Identity Manager for almost seven months.

We experienced stability problems due to One Identity's version updates, which often need more detailed information about changes on their portal. This has forced us to roll back versions multiple times, resulting in service disruptions that lasted up to five hours.

One of the most important aspects of One Identity Manager is its scalability, allowing us to efficiently manage all of our applications in a centralized location.

I have used SailPoint and ForgeRock by Ping Identity. While SailPoint is similar to One Identity Manager, it offers a better approach to both the front and back end. Its overall design is notably more effective.

The initial deployment of One Identity Manager was challenging due to the tight three-day deadline imposed by my company. To ensure a successful implementation, I needed a solid foundational understanding of the system, which proved complex given the intricate schemas involved. These schemas, underlying the One Identity interface, connect to massive tables, making the SQL approach behind them more reliant on a traditional schema structure. One Identity's proprietary schema, however, presents a significant learning curve. Without adequate mentorship or guidance, navigating this complexity could be daunting. A thorough understanding of how the various tables interact and the overall workflow requires at least a month of hands-on experience with the tool.

One person is enough to complete the deployment.

I would rate One Identity Manager eight out of ten. The solution is good but needs more documentation and better descriptive errors.

The One Identity Manager is a good starting point for beginners to customize, but the One Identity Designer offers more flexibility for creating complex automation. While the Manager is simplified and easier to understand, the Designer allows for greater customization. The Manager is sufficient for basic task customization, but for more advanced automation, the Designer is essential.

On-premises

One Identity Manager is a software tool specifically designed to manage and govern employee identities throughout their entire lifecycle within a company. Similar to other governance tools, it ensures employees have the right access to data and applications based on their role, from the moment they are hired until they leave the organization.

One Identity Manager is a centralized platform for managing user access to all enterprise applications. It focuses on governing regular user identities and access permissions, but it does not handle privileged accounts. If we need to manage privileged accounts, we'll need a separate Privileged Access Management solution in addition to One Identity Manager. One Identity Manager can handle all our other identity governance needs, but privileged accounts require a different approach.

Our customization of One Identity Manager has been relatively straightforward so far. This is likely because we took the time to establish a solid architecture upfront. By defining a clear vision and utilizing standard use cases, I believe I played a key role in minimizing the need for extensive product customization. One Identity Manager also appears to scale well to our needs, further reinforcing my satisfaction with our choice.

One Identity Manager's business role feature simplifies access management by reflecting your company's structure. When you move between departments, like from marketing to finance, your access permissions automatically adjust based on your new role. This eliminates the need for manual updates, ensures you have the right access for your job, and streamlines access governance for your organization. Overall, it's a valuable tool for scaling access management across different departments and scenarios.

Many companies use pre-built solutions like SAP for specific needs. One Identity Manager acts as a central hub for managing identities and access across various cloud applications, similar to how companies connect to ServiceNow for service management or Workday for HR. This centralized approach simplifies identity governance for cloud-based applications, making One Identity Manager a valuable tool, though other competing products offer similar functionalities.

Choosing the right tool is crucial, just like picking the appropriate car. A regular car will perform well on city roads, but attempting off-roading with it will lead to breakdowns. Similarly, our company prioritizes on-premise hosting, so One Identity Manager was ideal. As One Identity itself offers on-premise updates alongside cloud features, we won't be reliant on solely cloud-based solutions for new functionalities. This ensures we stay current with identity access management advancements without being pressured to migrate to the cloud, unlike some competitors who prioritize cloud-based updates over on-premise versions. With One Identity Manager, we access all new features, giving our company a significant advantage. Ultimately, success depends on understanding your company's needs and tailoring your chosen tool accordingly.

Having separate test, development, and production environments creates challenges for managing a product. While the product itself can improve efficiency, companies need to invest in installing and maintaining it across all three environments. This can be expensive, especially for less-used environments like testing. However, if the product is installed according to best practices, it can offer significant benefits.

One Identity Manager streamlines procurement and licensing by consolidating identity management within a single platform. This is particularly advantageous because One Identity Manager is part of a broader suite of security products offered by Quest, allowing our organization to benefit from volume discounts and a unified security approach when using multiple Quest products.

One Identity Manager simplifies application governance by managing access decisions, compliance, and auditing. For access control, One Identity Manager determines a user's privileges within an application based on their overall permissions, allowing granular control over what each user can do. This same system facilitates auditing by tracking all access requests and enabling the creation of compliance certifications.

One Identity Manager empowers application owners and line of business managers to handle access governance without relying on IT. However, this requires upfront effort from the company to set up the data structure. For instance, if we don't have a process for assigning application owners, no tool can automatically create that mapping. The tool can only utilize existing data to enforce our desired workflows. This initial data setup might be challenging for our company as it's still under development.

One Identity Manager supports an identity-centric zero trust model, which assumes no inherent trust and relies on verification for every access attempt. This means every action must be audited and approved, requiring a well-structured data model. To fully utilize One Identity Manager's capabilities for identity governance, our organization will need a data engineer who can create this optimal data structure.

One Identity Manager stands out because it offers a wide range of features without requiring complex installation or ongoing maintenance. While many identity governance products necessitate external integration specialists, One Identity Manager's user-friendly interface allows internal staff with some IAM knowledge to manage it effectively after hands-on training. This is particularly beneficial because the product's pre-built lifecycle features, the core functionality of any identity governance tool, are comprehensive enough to address the needs of most companies, including larger organizations, without extensive customization.

One Identity Manager's usability could be better. While user experience isn't a top priority for enterprise applications unlike customer-facing ones where ease of use is crucial, there's still room for improvement within the industry standard. One Identity Manager is on par with competitors like SailPoint and Omada, but overall, enterprise applications tend to prioritize functionality over a sleek user experience.

One key area for improvement is implementing continuous integration and deployment. CI/CD automates deployment across environments, streamlining the process and reducing the manual effort currently required. This would move the company away from a slower, waterfall-style deployment process and improve overall efficiency.

The user interface for submitting IT requests could be more user-friendly. While there have been improvements to the look and feel since we purchased One Identity Manager, there's still room for a more customer-driven experience on the end-user portal.

I have been using One Identity Manager for two years.

One Identity Manager has been stable with no downtime experienced. While the current user and transaction load is low, the system has significant capacity for increased volume and hasn't undergone any formal performance testing. However, based on real-world production use, One Identity Manager appears to be functioning well.

We have premier technical support through the partner. We were not intelligent enough to envision this could be a problem in the future. Luckily, we have expertise in identity access management in-house. Otherwise, it would have been a problem if we didn't have local expertise internally and we bought something that we didn't know how to use and our partner wasn't efficient. 

Our company is currently undergoing a split into two separate entities. Due to this unique situation, we haven't fully transitioned to a single solution. Our original company continues to utilize Omada Identity Governance, while the newly formed company will be implementing One Identity Manager. This transition process reflects the upcoming separation into two independent companies, requiring us to adapt our systems accordingly.

Our initial on-premises deployment of One Identity Manager was straightforward because we handled the two-tier installation ourselves. However, for the cloud version, there's no installation needed since it's pre-configured as a Software-as-a-service offering. Regardless of the deployment method, the most crucial tier is the database, which needs robust security as it stores sensitive information. Both Windows and Linux installations are supported, though Windows is generally preferred.

The actual deployment process can be completed in as little as half an hour, but that's only if all the preparatory work, like opening network ports, is done beforehand. In the worst-case scenario, where you need to do all the setup from scratch, the entire deployment could take half a day.

The implementation was completed in-house with the help of an external system integrator and a consultant from One Identity.

To an extent, we have seen a return on investment.

One Identity Manager's pricing is competitive and in line with what other companies offer. While we may have received a different pricing model due to the multiple Quest products we purchased compared to only One Identity Manager, the overall cost is considered average.

We bought the One Identity Manager license from a partner, but they weren't able to assist with implementation because they lacked experience with the product and even tried to steer us toward a different solution.

One Identity Manager stands out for its on-premise deployment option, allowing full internal hosting, unlike most competitors who push cloud-based SaaS solutions. While cloud offers convenience, our critical infrastructure necessitates on-premise control. One Identity Manager also delivers feature parity between cloud and on-premise versions, avoiding the typical delay where new features go to the cloud first. This flexibility caters to companies with strict security requirements or those who prefer a full cloud migration, making it a truly adaptable solution. The potential downside lies in its architecture, where heavy reliance on a single database creates a single point of failure. However, other drawbacks are yet to be discovered through further use.

I would rate One Identity Manager seven out of ten.

We don't use SAP connectors. One Identity Manager's SAP connector isn't unique; it allows connection to SAP systems like many other identity management products. While it simplifies SAP user provisioning within a centralized system, this functionality is common among competitor offerings.

There's a key distinction between privileged and normal business users. While some privileged use cases can be created, an identity governance tool like One Identity Manager, Omada, Okta, SailPoint, or Aviant alone won't handle them all. These tools focus on general identity management, and for comprehensive privileged access management, we need a dedicated privileged identity manager or privileged access manager alongside them.

Due to the partner's lack of experience with the solution, we received no training or post-implementation support. This highlights a challenge faced by organizations in Denmark, a small country with limited options, particularly in the area of identity access management.

Our One Identity Manager partner hasn't provided the value we expected. While choosing them may have been limited due to licensing restrictions, the consultants they sent weren't helpful enough. It seems our experience might have been better with a different product or a more capable partner for the specific solution we implemented.

Our company has a workforce of approximately 5,000 employees and utilizes roughly 1,000 applications, though not all are fully onboarded. This number is respectable considering the size of our country.

When choosing an identity access management solution, there's no one-size-fits-all answer. It's crucial to understand your specific needs first. Consider factors like your current IAM maturity e.g., do you need privileged access management yet?, scalability requirements, deployment options cloud vs. on-premise, and partner support. Don't be swayed by what others use; focus on what works for your business and regulations. One Identity Manager can be a good option for mid-to-large companies lacking internal IAM expertise, though it may have fewer partner integrators compared to competitors like SailPoint. However, it can be a more cost-effective choice.

On-premises

One of our largest clients in the food and beverage industry uses One Identity Manager to manage its user identities and access controls. They have several applications that require user accounts, and for this purpose, we implemented One Identity Manager. This system effectively manages over 200,000 user accounts and provides access to these applications. Additionally, some applications are integrated with One Identity Manager to streamline account creation, such as setting up Exchange mailboxes.

One Identity Manager offers a variety of products in addition to Safeguard. These include Active Roles and tools for SaaS migration, all seamlessly integrated within the platform for a user-friendly experience.

One Identity Manager has been a fantastic tool for providing a single platform to manage user data and privileged accounts at an enterprise level. I was involved in its setup, particularly for privileged account management. With One Identity Manager, I've developed timed automations for tasks like account and group creation. This replaced the previous manual process, which was much less efficient. I've tailored workflows for five to six high-privilege accounts, including approval processes. Users now simply select the necessary group, submit their request, and the account is automatically created. One Identity Manager's customization options offer a great deal of flexibility.

We use One Identity Manager's business roles to map our company structure for Dynamic Application Provisioning. This involves creating business roles and assigning them to service items, which then establishes a connection. We increasingly leverage this method for dynamic role assignments as well. This approach is valuable because it allows us to achieve several objectives. Additionally, it enables the implementation of specific conditions or business logic, which is essential in situations where segregation is necessary. This flexibility allows us to create dynamic roles based solely on business needs and assign them to resources. As a result, resources can be automatically assigned roles at the time of request creation based on the training tool associated with the business role, streamlining the provisioning process.

In some cases, we have observed improvements. For instance, we are receiving a fewer number of tickets related to identity management. Additionally, by customizing features through One Identity Manager, we have achieved positive outcomes for our business.

One Identity Manager assists us in establishing a robust privileged access governance strategy to address security discrepancies between privileged and standard users. We've successfully automated provisioning and other processes for standard users through PAM integration within One Identity. However, for privileged users, we maintain separate accounts and policies. I'd like to explore whether there are additional features within One Identity that would allow us to streamline governance for both privileged and standard users within a unified policy framework.

One Identity Manager facilitates the consolidation of procurement and licensing processes. This translates to positive outcomes for our well-structured data and the license signing process. Consequently, Windows privileges have been elevated, and we can now easily manage multiple licenses within the system.

One Identity Manager helps to streamline application access decisions, application compliance, and application auditing. By integrating applications, we can define rules based on needs and apply them logically, achieving the desired outcome. Additionally, separate tables linked to the solution allow for easy management of certain properties.

One Identity Manager empowers application owners and line-of-business managers to make application governance decisions independently from IT. While we haven't fully utilized its potential, the software offers options for application and product owners to participate in the decision-making process. For example, we can configure notifications to be sent before assigning roles, allowing these stakeholders to provide input.

One Identity Manager helps us achieve an identity-centric zero-trust model. Since implementing One Identity Manager we have not had any security breaches.

One Identity Manager offers several features that I found advantageous compared to other tools. For instance, imagine two distinct teams: one responsible for administrative documentation and the other for development. With One Identity Manager, the administrative team wouldn't need to learn a separate design tool, as the platform offers dedicated features for both administrative and development tasks. This segregation of functionalities is helpful because it streamlines workflows and reduces complexity. For example, if we need to monitor backend processes, One Identity Manager provides a dedicated job queue with a visual representation, allowing us to easily identify any stuck jobs. Additionally, the platform is database-oriented, offering built-in filtering and browsing functionalities within the object browser, further simplifying data management.

One area where One Identity Manager could be improved is in database performance. When handling a large number of users, I believe that built-in indexing or other optimizations would be beneficial. This would reduce performance-related resource needs in a production environment. Additionally, it would be helpful to have more visibility into job aspects within the tool itself. Information like the number of jobs in the Data Designer, along with date logs, would allow us to directly manage and terminate jobs as needed. This would lessen our dependence on the database team. I believe that these improvements would streamline operations.

There are a few aspects of One Identity Manager's user experience that could be improved. Users sometimes find it confusing to navigate and understand how to use the tool effectively. As a result, customizing the front-end interface could be beneficial. For example, currently, users need to check multiple reports to gather complete information, which can be time-consuming and frustrating. Implementing a way to streamline this process, such as displaying relevant details directly within the application, could enhance user experience. Additionally, the current system requires manual creation of service catalogs for each application. It would be beneficial to implement pre-configured, out-of-the-box options for common applications like ServiceNow. This would save time and effort for administrators and improve the overall user experience.

While I'm comfortable making back-end customizations, I find front-end customization to be challenging.

It would be convenient if One Identity Manager offered a feature that allows bulk deployment and monitoring with a single click.

I have been using One Identity Manager for eight years.

One Identity Manager is a stable product, but its frequent version updates can be challenging. If users choose not to upgrade, they only receive one year of support.

For example, we recently transitioned from version eight to nine, only to discover later that support for version eight would end after just one year. This cycle of upgrading every year is disruptive.

Ideally, One Identity would offer at least two to three years of support for each version. This would alleviate the pressure to upgrade annually and allow users to focus on core business activities.

Currently, we are using the vendor's premium support due to a post-upgrade challenge. During this upgrade, our Active Directory experienced prolonged completion times, taking up to 30 hours for a single cycle. Fortunately, the One Identity support team was instrumental in resolving this issue.

Positive

Our organization previously used Microsoft Identity Manager, but we transitioned to One Identity Manager due to its greater functionality in access management and governance, coupled with a more user-friendly interface.

The initial deployment process is simple; we have a transporter tool for that. However, for bulk deployments, we also use a custom tool. For instance, when deploying ten or twenty transport packages, deploying them individually and monitoring each one is time-consuming. Our IT consultant developed a tool that automates this process. We simply store the transport packages and provide a list, and the tool deploys them sequentially, even handling small compilations between deployments.

One Identity Manager has a reasonable price point. Given the features and functionality it provides, the cost is justified.

I would rate One Identity Manager eight out of ten. It is user-friendly and the out of the box connectors make it easy to integrate with any system.

Premier Support has significantly enhanced the value of our overall investment in One Identity Manager. There are several ways in which it has been beneficial. For instance, our developers appreciate the immediate support available for troubleshooting production issues. Without the expedited response times and dedicated resources offered by Premier Support, our business operations could be significantly impacted. We are confident that the standard support level would not be sufficient to address our needs on time.

We have over 30 people that utilize One Identity Manager.

I recommend One Identity Manager.

Learning One Identity Manager can be time-consuming due to the limited availability of online resources. While other products offer abundant tutorials and guides on platforms like Google and YouTube, information for One Identity Manager is scarce and often outdated. Additionally, readily available training materials are rare. As a result, self-learning without additional support or formal training can be challenging.

Public Cloud

Microsoft Azure