One Identity Manager Reviews

Our primary use case for One Identity Manager is focused on automatization and digitalization, specifically in introducing identities with appropriate permissions across various IT systems.

One of the most valuable features of One Identity Manager is its availability as an on-premises solution and as infrastructure-as-a-service in the cloud. Additionally, the reporting capabilities, powerful synchronization engines, and workflows, including the SAP connector, are highly beneficial. The solution provides an identity-centric approach which supports achieving a Zero Trust model, and it significantly reduces operational costs by allowing the same number of support team members to manage a greater number of systems.

The user experience has been a concern in the past, particularly with the web interface, but improvements are expected with the transition to Angular. The support from One Identity is very poor. The response is often delayed and lacks actionable advice, such as suggesting updates without confidence in their effectiveness. It is crucial for them to expand their support team to match their product's success. More comprehensive testing and detailed best practices in handbooks could enhance problem resolution.

We have been using One Identity Manager for quite some time, starting with their former product, ActiveEntry, since 2007.

Deployment is complex due to numerous prerequisites that must be met. Installation takes longer than expected, but after a solid design and documentation, it works well.

Customer service and support for One Identity Manager are poor. Despite thorough pre-case activities, responses are often delayed, inadequate, and lack confidence in solving issues. The current support team is overwhelmed by the product's success, and more personnel are needed to improve service.

Negative

The initial setup of One Identity Manager requires a solid design and documentation. It is not a tool to be used without thorough planning. The primary installation is complex, with many prerequisites and conditions that must be addressed. Successful deployment requires careful consideration of all design and documentation steps.

It is difficult to quantify the exact return on investment, but we have observed significant benefits in terms of operational efficiency. The same team can now manage many more systems than before, which is a remarkable advantage.

One Identity Manager is positioned as a premium product. It falls between middle and high in terms of cost, approximately a six to seven if ten is expensive.

More tests incorporating different use cases and scenarios would be beneficial. It would be advisable for One Identity's testing processes to include real-world feedback and use cases, allowing for more thorough and robust product improvements. I rate the overall solution at least eight out of ten.

On-premises

I have been in various roles. I have been a developer, an operational manager on this One Identity tool, and also a product analyst. We have used it in various phases.

I'm an official partner. The consultants I work with have provided me with a consultancy license, and the clients have their own licenses, but we work with our own licenses. Whenever there is a vendor bug or something is needed, we use our license to raise a ticket on behalf of our client. 

The consultancy that I work with has been One Identity's Partner of the Year for the last five years. We have offices in Europe, the Middle East, Asia, Africa, and the Americas. In Europe, the Middle East, and Africa, we have been the top partner for the last three years, and in Asia-Pacific, we have been the top partner for the last year.

We have a license program with them. When we sell the product, it's a partnership between One Identity and us. They get a share of the profit, and we get a share. The client pays the full price of the product. 

One Identity is cost-effective compared to the market. It offers functionalities and features at a very low price relative to ForgeRock or SailPoint. The first advantage you see is the heavily reduced cost. 

There are also some other aspects. For example, it provides a lot of functionality out of the box. You don't need to spend money on external developers to customize or do some special configuration that requires a person for additional maintenance. Other than that, there are some additional security features like attestations and approval features that are intuitively made inside. 

These features give you an advantage immediately, and in the long run, they simplify the audits. You don't have to be around the auditors every time to explain things. You give them a specific account to use for the audit and allow them to play around with the tool. 

One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. We have four or five environments. Based on that, there are configuration parameters with which you can segregate between every environment. It's quite easy and configurable. 

Depending on which modules you install, it helps to close the security gap between privileged and standard users. In Identity Manager, there is a module called Application Governance. If you install that module, you get that functionality or features, but many clients prefer a custom implementation. IGA is not supposed to provide PAM-related functionalities. That's why they sometimes push clients to take a bundle of IAM and PAG solutions together, which is One Identity Safeguard.

With Safeguard, you can cover your privilege and identity access management. In fact, you can control the access governance of who has what access in your PAM environment through the Identity Manager itself. They are interconnected, but Identity Manager can't independently give you this functionality. 

One Identity Manager helps us consolidate procurement and licensing. Who has what permissions and their validity is well maintained. Most of them get attested every three or four months, depending upon the configuration. You can see which licenses are needed. In fact, in the newer version, since version 9.x, they have a new field showing when the license was last used or how actively it is being used. 

Sometimes, if it senses that it has not been used for one year or one and a half year based on the configuration parameters, it will send an email that we have not used it for this much time, so we will remove it. It will remove it with no questions asked. So it is quite smart enough to handle those licensing decisions.

The solution helps streamline application access decisions. Every application has the necessary groups and entitlements assigned to it, so you can independently streamline their workflows. It's a highly customizable tool that lets you group together workflows for, say, 10 Active Directory applications because they are all in the AD domain. You can assign a single workflow for them. 

However, if you want every application to have a different workflow or access management, you can assign that. From inside the application governance module, you can assign the privilege level and how privileged or sensitive the accesses are. Depending on that, it will provide the threat and fraud level or what approvals might be needed. So all these are quite intuitive and smartly managed.

The application compliance is handled quite well. It isn't great because it tends to create performance issues in the system. Compliance issues are calculated reactively and proactively. There are two types of SODs: prevention and detective. It's smart enough to detect it, but this can lead to performance issues because of the size of the system you are working with. This is something that has to be done by the manager. You can make your system digest the performance degradation to keep the SOD at an expected level.

Application auditing is pretty much what is called attestation, and it's mostly provided out of the box, but a lot of customization is possible here. In most cases, I have seen customization being done also here. Depending upon that, you can configure it in various ways. You can have multiple attestation policies attesting various things, or you can have a single attestation policy handling multiple things. You can configure and schedule it accordingly and define the approval workflows of those attestations. If an attestation is rejected, what should be the action? If it's missed or raised, no one decides how it should be handled. These are well handled.

Many governance decisions can be made without IT intervention. Most things are pretty self-explanatory in the web portal. You get an email or a notification on the web portal. At most, what happens is that people get so many notifications because they are a backup owner for so many things that sometimes too many notifications come down to them. Other than that, I haven't seen anyone complaining that they don't understand what they need to do when it comes to approval.

My favorite feature is the ease of customization. You can change, optimize, and update it at your convenience. I haven't seen that in many other products available.

We use One Identity Manager to connect to SAP IDM. SAPconnect target systems are integrated into One Identity Manager, and we've made several SAP connections we have made with One Identity Manager. The solution connects with Snow, which you can use to manage your disconnected systems. 

Most clients I have worked with prefer a custom approach. So some prefer Snow, some prefer some other IDM tool with which they want to manage their disconnected systems. So, yeah, you can say yes and no, to be honest. Like, yes, there is a functionality that has been provided, but it's not very matured enough. So that's why I believe clients tend to be a little customized on that front.

One Identity Manager connects SAP accounts to employee identities under governance. That's completely autonomous. Once the target system connection is made, the product is available in the IT shop web frontend. You can order it from there. One Identity Manager handles it by itself. You can customize, but usually the vendor has created an out-of-the-box functionality to do all these operations.

The solution provides IGA for the aspects of SAP that are more difficult to manage. With One Identity Manager, the good thing is that you can customize. In most of the clients I have worked with, the T codes or different custom SAP tables were later introduced in a greenfield project, you don't see these custom tables more often. Out of the box, the SAP connector gives you around 32 to 36 tables in the SAP target system that are more generic tables, but there are custom tables about the T roles or the special attributes. You can customize your connector accordingly, so there is an XML parser provided in the sync editor. You can use it to achieve all those operations.

I'm unfamiliar with SAP-related workflows because clients don't have any specific SAP workflow. They have their own workflows, and One Identity Manager is configured for various product approvals. That's how they are managed. If you want to create a customized workflow, whether it's SAP HANA or any other product-specific workload, you can easily create it.

One Identity Manager provides a connection with Snow, where you can manage your disconnected systems. Most of the clients I have worked with prefer a custom approach. Some prefer Snow or another IDM tool to manage their disconnected systems. There is functionality that has been provided, but it's not mature enough. I believe clients tend to be a little customized on that front.

It connects SAP accounts to employee identities under governance. It's completely autonomous. Once the target system connection is made, the product is available in the IT shop web front end. You can order it from there and everything. One Identity Manager handles it by itself, so you don't need to customize it, but the vendor is given an out-of-the-box functionality to do all those operations.

One Identity offers a single platform for enterprise-level administration and governance of users' data on privileged accounts. The good thing is that much of the functionality comes out of the box. You don't need to customize if you don't want. In a greenfield project, this tool is optimal for those purposes. If the user number is around 1 million or under that data scale, it's a good tool to run on from the IGA perspective. With One Identity, they don't want to focus on IGA. They want to expand the horizon of cybersecurity. There are native tools like Safeguard and others. You can even integrate your PAM accordingly with your IGA and IAM.

There are two types of interfaces in One Identity. One is the phased-out interface, which was known as a web designer. This is getting phased out with Angular now. Angular was one of the lagging points where the user interface was not up to the mark with the out-of-the-box functionalities. Many customers had to customize heavily to get a level of intuitiveness. Now, Angular's web portal has been notched up. You get AI suggestions, IntelliSense, and lots of fraud detection out of the box, like threat level. It's been improved in the recent version, and it's been working phenomenally well.

Business roles are used extensively, and custom implementations are done over business roles. The number of cloud apps I would be telling is a little less because their Starlink connector still hasn't matured enough. It's still not a high-performance tool, but it has the capability to do so.

Nowadays, every organization has almost at least a few apps in the cloud. It's important even if the organization is heavily based on on-premises infrastructure. With this tool, you get so many things that work with this cloud infrastructure, it doesn't let you down completely. When you compare the performance of this with a native PowerShell connector or SAP connector, for example, you feel that the performance could be enhanced a little bit. It's something that is becoming mature in the latest versions. I'm confident they will improve it further in the upcoming versions.

One area for improvement is zero trust. Besides that, performance is a big factor. I've heard from multiple clients that One Identity's front end is not so performance-optimistic. It depends on how you have configured and deployed the system. At the end of the day, I would say that's something they need to improve.

Still, whenever a critical bug is released, they address the defect pretty quickly compared to any other competitors in the market. At the same time, there is a problem with support. They have limited knowledge about things that may affect their tool. You are deploying this tool in a client's environment, and multiple things would impact it, like proxy servers, load balances, other infra technologies. 

Because their company is so focused on just their tool and related technology,  they can't support you much. At times, it becomes frustrating. While you are paying a little less than your competitors, you expect some support, compliance, or expertise from the company. If a certain load balancer is unable to handle your tool, you should know what load balancer would be perfect or what configuration you should use.

We have used One Identity Manager for five and a half years. 

I rate One Identity Manager eight out of 10 for stability. 

I rate One Identity Manager nine out of 10 for scalability. 

I rate One Identity support seven out of 10. I have done multiple tickets. I am in touch right now because I'm in the middle of an upgrade for a major client for One Identity. I have been closely in touch with them. At times, there are things that can impact their product, like load balances that are part of the product when you deploy it in a matured environment. 

In those cases, they can't support you much because they just say that load balances or these things are not something we support. You have to get the support from the necessary vendors they have, and those vendors say, "We are the load balancer. We don't support your tool. You need to go back to your vendor." 

You're between two things. At times, it seems like a big company that is not very new to the market should have the basic knowledge or idea of how to get these things up. There are performance issues for so many clients of One Identity, but they can't give you a concrete answer. They can tell you that there is an infrastructure issue, but they lack the knowledge of the infrastructure issue, that knowledge is quite lacking in them. I would say that is something they need to improve.

We don't use the premier support. There are two types of support: one support is between the partner and the firm, and another is between the client and the product company. For the premium support, One Identity provides certain employees, developers, or consultants from their own company. It's the most exclusive contract you can have with them. 

The second type of support involves giving you the product, the support portal, and some sort of knowledge. Then, maybe you can hire someone from them for a limited period of time. The predominant work that you need to do with the product, like deployment, maintenance, development, or bug fixes, you do via some partner companies like us. 

Neutral

I have used SailPoint Identity. One Identity Manager is much better. One Identity Manager is better on a smaller scale of employees. It can handle a scale of half a million or one million, but beyond that, SailPoint is a better tool.

Deploying One Identity Manager is easy and standardized. If it's a greenfield project, the initial deployment should not be difficult if you know your stuff. A proper runbook would be helpful. In our consultant's company, we usually share these runbooks with new consultants who join and who will deploy it into a new client's location. 

These come in handy. Otherwise, it can be a little tricky, especially if you are upgrading an existing environment. At that time, it depends upon what sort of data situation is present in the database that you are upgrading. It can become tricky if the consistency checks are not matched or there are some weird data scenarios. Otherwise, it's quite a smooth process.

If it's a standardized deployment, one person is more than enough to handle it. The deployment has two parts. One is the database upgrade, which takes between 30 minutes to two hours. Then, there's the app and web server installation. If it's an upgrade, you can upgrade it in 10 to 15 minutes, but a new installation takes 30 minutes. 

The pricing of One Identity Manager is competitive. Compared to its competitors, One Identity is priced quite brilliantly. ForgeRock and Sailpoint cost about 1.5 times, making One Identity quite economical. 

I rate One Identity Manager nine out of 10. 

On-premises

We utilize One Identity Manager for several key processes. Primarily, it manages the entire employee lifecycle, including joiners, movers, and leavers, for identity management. Additionally, we use its attestation module to conduct bi-annual recertification campaigns, validating existing access rights. Recently, we expanded its use to manage cloud entitlements, including EntraID.

We manage user and access management  for over 20 SAP systems using One Identity Manager and do not handle any disconnected SAP accounts.

One Identity Manager governs SAP accounts by linking them to employee identities, ensuring access is managed throughout the identity life cycle. This direct link enables automated processes, such as terminating SAP accounts and associated assignments when an employee is terminated.

One Identity Manager, certified by SAP, delivers specialized workflows and business logic through a dedicated connector for SAP R3 and native support for HANA systems, enabling direct connection to HANA databases. It offers numerous out-of-the-box templates for SAP, automatically loading schemas for users, roles, and assignments upon SAP module activation. While most use cases are covered by these templates, customization is possible for specific needs.

With a tool like One Identity, our organization can manage accounts across multiple target systems from a central identity management solution. This centralized data allows for flexible governance reporting, including custom SQL queries and pre-built reports, to validate information. Governance practices vary between companies but often involve specific access controls, timely re-certifications, and validations by data owners. For example, some companies implement frameworks with defined views, access levels, and re-certification processes to ensure data integrity and security.

The ease of customizing One Identity Manager depends on the user's skill set. Compared to three similar products, One Identity Manager is more straightforward to customize, particularly when modifying VB.NET code or writing SQL statements for reports. While some coding knowledge is necessary, the tool's predefined templates and SDK samples offer helpful references and starting points.

The user experience of the legacy web portal is unsatisfactory due to limited customization options and occasional slowness, especially during backend processes like attestation. However, One Identity is moving towards an Angular-based portal in version eight dot two and newer, which offers greater flexibility, customizability, and improved performance. This new portal may provide a more satisfactory user experience overall.

One Identity Manager helps manage the company structure for dynamic application provisioning. Our IAM system reads the company and department structures to automatically assign entitlements. Based on this structure, users are created, and permissions are assigned.

The business role functionality of One Identity Manager is crucial for businesses, especially from an audit and SOC perspective. Whether utilizing One Identity, SailPoint, or another tool, a solid IAM solution should include comprehensive audit trails, streamlined request processes, detailed approval workflow history, and other essential functionalities to ensure compliance and security.

We have begun extending governance with EntraID and are evaluating the Starling connector which provides access to many other SaaS-based applications.

Over the time we've used One Identity Manager since 2017, it has significantly improved our organization by automating the joiner, mover, and leaver process across all target systems. No more manual account management tasks are needed, which include account creation, updates, or termination when a user leaves the company. It has substantially reduced manual role assignments and made processes fully automated. The major benefit is the attestation process, conducted once or twice a year based on requirements, which ensures no unauthorized or unwanted accesses are left unchecked. It also provides clear reports on user statistics, such as active users, new joiners, and leavers.

We initially started with a small scope but have since expanded to connect numerous systems, automating the mobile egress process. Tasks like account creation, updates, and termination are now fully automated through IAM solutions, eliminating manual intervention. This automation also removes the need for teams to assign roles manually. A significant benefit is the ability to conduct periodic access attestation campaigns, ensuring only authorized users have access. One Identity Manager facilitates this process and provides comprehensive reporting, giving management clear visibility into user activity, including the number of active and inactive users, new hires, and departures.

One Identity Manager helps minimize governance gaps across our testing, development, and production environments. We utilize a three-tiered setup with a transport mechanism to move changes from the development environment to the quality assurance environment and finally to the production environment.

One Identity Manager enhances privileged governance to mitigate security risks associated with privileged users. A custom solution within the One Identity framework allows users to link multiple secondary identities to their primary identity for tasks requiring elevated privileges. This framework provides a robust privilege access management system within the One Identity environment.

One Identity Manager streamlines application access, compliance and auditing. It supports the SOX audit process conducted twice or thrice yearly. For applications connected to the One Identity Manager, governance is managed through the IAM solution itself. Instead of checking the target system, administrators use the One Identity Manager to validate requests, approvals, denials and assignment periods for connected applications.

One Identity Manager empowers application owners and business managers to make independent application governance decisions, eliminating the need for IT involvement and siloed teams. Once applications are onboarded to One Identity self-service model allows users to request roles and the defined approvers to approve them, streamlining the process and removing complexity for application owners. They no longer need dedicated teams for identity and access management or manual user access reviews for compliance requirements as One Identity Manager automates these functions. This simplifies operations and centralizes control, improving efficiency and reducing administrative burden.

Zero Trust is a broad security framework with varied implementations. Currently, our Zero Trust implementation focuses on identity and access management, specifically for privileged roles. To prevent unauthorized or accidental access, a three-stage approval process is required for privileged role requests. This ensures that multiple stakeholders validate the access, embodying the Zero Trust principle of never trust, always verify. While this is just one aspect of Zero Trust, it significantly enhances our security posture by preventing unauthorized access to sensitive systems and data.

Having worked with SailPoint and other identity management tools, I've found One Identity Manager to be quite handy, especially after seven years of experience with it. The framework is robust and flexible, allowing companies to easily adopt and extend the schema as needed. Unlike other tools I've used, One Identity Manager offers a high degree of customization. Even if the out-of-the-box templates or processes don't meet our company's specific requirements, we can readily adapt them, modify them, and build our own processes and templates.

The One Identity Manager web portal needs simplification. While a new Angular portal was introduced with version 8.2, the knowledge base lacks sufficient information and resources. Even with an Angular developer or a One Identity specialist, a knowledge gap exists due to the combination of AngularJS and One Identity schema expertise required. This makes it difficult to find resources that can effectively utilize the portal, highlighting the need for a more user-friendly interface.

One Identity Manager currently offers Long Term Support only for version 9.0. All other versions have a two-year lifecycle with extended support. For organizations managing a complex environment with numerous connected systems, users, and assignments, upgrading every two years is impractical. Extending support for regular versions by one or two years would benefit clients in this situation.

I have been using One Identity Manager for almost seven years.

One Identity Manager is stable, although there have been bugs. Sometimes product versions are released with many bugs, which affects stability. There is a need for extended support for regular versions, especially in large-scale environments where upgrades every two years are not feasible.

I would rate the stability of One Identity Manager eight out of ten.

I would rate the scalability of One Identity Manager nine out of ten.

We sometimes face delays in response from the technical support of One Identity. While we use premier support, the experience can be inconsistent, prompting us to sometimes engage technical and success managers for faster resolutions.

Neutral

We used SAP IDM before switching to One Identity Manager. The scope with SAP IDM was limited due to its inability to connect multiple systems except Active Directory and SAP system. We looked for a solution that provided greater flexibility in terms of cloud adoption and custom connectors, which SAP IDM did not offer at that time.

While the technical deployment of One Identity Manager can be completed in approximately one month, the true challenge lies in its organizational integration. Developing and connecting the system to existing infrastructure is a complex process that can take several months. Furthermore, ongoing maintenance and onboarding of new applications require continuous effort, making it an ongoing project rather than a one-time deployment.

We worked with a partner for customization but not for training. The partnership was effective, and we continue to engage with them for custom developments that are not handled in-house.

The return on investment was evident in the company's decision to automate processes using the One Identity Manager solution. Previously, separate application teams with dedicated personnel performed specific tasks, leading to higher costs and inefficiencies. With the implementation of the One Identity Manager tasks became automated, resulting in significant cost savings and streamlined processes.

One Identity Manager is fairly priced.

While we evaluated several solutions, we ultimately decided on One Identity Manager for its long-term benefits and flexibility compared to other tools.

I would rate One Identity Manager eight out of ten.

I would recommend One Identity Manager to companies, especially those that might lack prior expertise in identity management. Its predefined framework and comprehensive set of templates make it adaptable and easy to implement.

Our system is distributed across multiple locations globally, with various components and load balancers deployed in each location, including our disaster recovery sites. We have over 50,000 users.

One Identity Manager requires maintenance across its various components, including the tool itself, the database, the job server, and the web component. This maintenance ensures the environment remains operational and efficient. Maintenance requirements vary by component. For instance, web nodes undergo weekly restarts and cache clearing, job servers require service restarts, and other servers need periodic cache cleaning. Different elements have different maintenance schedules: weekly for some monthly for others, and weekly for the database. Overall, maintenance plans are tailored to the specific needs of each component.

On-premises

My main use case for One Identity Manager is to develop projects from the start that begin from the base installation, including employee lifecycle management such as Joiner Mover Leaver, attestation, access request, and integration with target applications such as databases and Safeguard. I also completed integration with Safeguard, HR systems such as SuccessFactors for cloud applications, and worked with Starling as well.

The integration with target applications is mainly for API applications that we configure with custom scripts to read from the APIs, then save the data either directly to the database or to CSV files. We then have a sync project to read from the CSV file so we can leverage more features from the sync project, including logs, simulation, mapping everything, and previewing the data that will be stored.

I believe the sync project is a great feature that allows us to preview everything before it gets stored in our database. There is also a feature that helped one of my teammates significantly, which was the limited process that could be triggered for job queue.

We use the sync project every day. The job queue is valuable when anything needs to run a process that would execute without a workflow closure or would run against a huge number of rows, which was very useful in some cases. For customers in the Middle East, they are requesting to have the portal in Arabic. One Identity Manager does not support Arabic yet in the web portal. In some cases, we have had to add the localization files ourselves and edit the entire Angular web views, which is a real challenge. The last version 10 does not support Arabic language for the web portal, and I think that would be very useful for the tool if it could be supported.

One Identity Manager impacts my organization positively. We use it for most of our customers that we configure the tool and install it for.

One of the improvements concerning One Identity Manager that I mentioned before is that we need to add the Arabic language for the web portal and APIs.

The Arabic language is the main thing that affects me directly with my customers right now.

I have been using One Identity Manager since day one.

I chose a rating of seven for One Identity Manager because I think it is related to performance. When we try to read a huge number of records, such as from SuccessFactors HR with the Starling connector, the sync project sometimes lags. This occurs even though it is not a huge number of employees—only 800 users. The sync project could take several seconds to open a single record, and the process itself takes a considerable amount of time to finish.

Regarding One Identity Manager support, I think they need to be more accountable. When I describe a technical issue and raise a case with it, they take several days to clarify things that are already clarified in the description I added to the case. When it comes to scheduling a session with support, it takes a long time. However, I think that should be the second solution because it really helps to have direct contact with support to share the screen and show everything from the inside of the environment, rather than just describing things in words.

Neutral

I think that implementers should take deep training from One Identity before they dive into it because there are a lot of features in One Identity Manager, but not all users or implementers know all the features that One Identity Manager is capable of. My overall rating for One Identity Manager is seven out of ten.

We use One Identity Manager for classic identity management tasks like provisioning and de-provisioning. It is employed for user requests and identity governance. It supports a comprehensive setup that includes user access, requesting functionalities, and identity governance measures.

One Identity Manager has improved our organization by providing a centralized identity management solution. It allows us to connect various systems like Active Directory, SAP, and cloud applications, offering a more comprehensive and streamlined view of user identities and access. 

As an administrator, I can see the benefits immediately on deployment because now I have a visualization. Compliance officers also see the benefits quickly. However, for the people I supervise, it's hard to adjust to the idea that everything you do is exposed. Application administrators aren't happy because I can see what they're doing. 

The stakeholders and senior leadership will see the impact only if the people below them can produce good reports. Many reports are out of the box, but you have to deploy them, and people must subscribe. The benefits are immediate for people who deal with the product daily. 

One Identity Manager helps minimize coverage gaps among test, dev, and production servers. The transport feature lets you move whatever you did in development into the test and production. Let's say you need to develop a new workflow in a developer environment. You can move every object related to that workflow to the test and, ultimately, to production. All of that is smooth and clean. 

One Identity helps you streamline application access if there is a policy. A policy can be implemented through the policy engine if a company has a policy. How can they do this without a policy? I won't decide who's supposed to access what for the company. Anything related to access controls starts with the policy and ends with the implementation. It's easy if the company has a policy. 

Application compliance is the same story. Someone has to define what it is. One Identity does not provide tons of compliance already implemented in the workflow. There's no preset for SaaS or HIPAA compliance. 

It can tell you who is a member of an AD group, but it doesn't tell you what application this AD group controls. This information is supposed to come from an application owner, who can say you need to be a member of a specific group to access this application. We can see what happens inside the application if it allows us to do that, but we cannot audit if that person has any business in the application.

One Identity Manager helps us achieve an identity-centric zero-trust model in conjunction with a combination of something like OneLogin or any other access management product. We can control what's happening, but we cannot apply it to the application layer until we have an access control product. 

One of the most valuable features is the ability for business people to input their knowledge about business processes directly into the product. It's a good tool for anyone familiar with business or technical administration. The shopping cart capability for requests and the catalog features were also initially valuable.

It's the best product for providing an enterprise view of logically disconnected SAP accounts. Sometimes, it's doing better than the SAP IG, which probably got discontinued or will be. One Identity Manager helps us connect SAP accounts to employee identities under governance. It is critical because there's no such thing as just SAP, and you want to centralize. You have Active Directory, SAP, and all the cloud applications. Every product has its user accounts, and One Identity allows you to connect them all in one place.

One Identity Manager provides IGA for the more difficult-to-manage aspects of SAP. It lets you do many different things and go as deep as you want. The solution has a whole library of specialized SAP workflows for provisioning. 

You can build a customized web interface that you can do whatever you want with. The out-of-the-box interface for administrators or anybody else can take a little time to understand. It depends on the user's maturity. You must understand what's happening before touching the product. If you have experience using Identity Manager or similar tools, it's highly intuitive. It has so many features that it takes time to adopt, but that's not because it's difficult. 

The business roles are fundamental to role-based access controls. If you don't know how to build roles, it's very hard to do. One of the advantages of this particular product is that you don't have to be a technical person to build the role. You can log in as a business owner with a newly created project and add entitlements, users, or criteria. You can do it manually or using a formula. It's easy to do without any code. 

The client application should transition to a web-based interface to improve administration flexibility. Improvements are also needed in the analytics, peer comparison, and recommendation features, as these areas were added later and require more development. More flexibility in the portal is needed for multi-tenant environments.

I have been using One Identity Manager since 2009, back when it had a different name, Active Entry. I've seen the product evolve over time.

One Identity Manager is a very stable product. The only potential issue could arise from database management, particularly with MS SQL clustering, but with competent support and management, this is not a problem.

One Identity Manager is highly scalable. Its ability to deploy agents across various locations and integrate seamlessly into multi-country operations ensures it can grow alongside business needs without issues.

I rate One Identity support nine out of 10. Premier support offers fast responses, which is critical for banking operations to minimize downtime. The professional and quick handling of issues adds significant value to the investment.

Positive

I have used Oracle, Fischer, SailPoint, Saviynt, and Omada. Omada is particularly notable for its governance capabilities, while Saviynt offers speed in implementation and support. SailPoint is dominant in the market, particularly for compliance capabilities.

If there is no existing database, you must install and configure SQL, which can be time-consuming. However, with a database, the installation is fast, taking about half an hour.

One Identity Manager is priced in the middle range but offers good value due to lower implementation time compared to competitors. Total cost of ownership is crucial where the main expense is in implementation, not licensing.

Other solutions considered were Oracle, Fischer, SailPoint, Saviynt, and Omada. IBM was not used.

One Identity Manager is not for beginners due to its extensive functionality, so it requires prior experience or maturity in identity management to fully utilize its capabilities.

On-premises

My main use case for One Identity Manager is company-wide identity and access management and administration. I use One Identity Manager for company-wide identity and access management by implementing data-based automated creation of user accounts and access management.

From my point of view, the best features that One Identity Manager offers are its synchronization in the web portal. I find the standard connectors particularly helpful in the synchronization in the web portal.

One Identity Manager has positively impacted my company by minimizing manual effort. The minimization of manual effort has specifically affected my team by providing time savings, efficiency, and data integrity.

Since it is company-wide, an estimate of how much time my team saves with One Identity Manager is rather difficult, but it definitely has a very large impact.

From my point of view, One Identity Manager could still be improved with a cleanup of legacy. In terms of cleanup of legacy, I would like to see improvements to the form framework, among other things.

I have been using One Identity Manager for four years in the company.

In my experience, One Identity Manager is stable in day-to-day operation, and I would rate it eight out of ten.

I would rate the scalability of One Identity Manager as very high.

The customer service of One Identity Manager is something I would rate six out of ten.

Positive

I have not previously compared or used One Identity Manager with another solution.

Before deciding on One Identity Manager, I evaluated One Identity Active Roles, which was functionally limited to AD administration.

I would not like to add anything else about the features of One Identity Manager. My advice for others who are considering One Identity Manager is to definitely invest in training courses and watch One Identity Manager's YouTube channel online, as the product and this solution are very powerful.

I found this interview to be generally good, but there were some questions where the AI engine got stuck, and I think that could be improved for future conversations. I have rated this review with an overall rating of eight out of ten.

On-premises

One Identity Manager is a software tool specifically designed to manage and govern employee identities throughout their entire lifecycle within a company. Similar to other governance tools, it ensures employees have the right access to data and applications based on their role, from the moment they are hired until they leave the organization.

One Identity Manager is a centralized platform for managing user access to all enterprise applications. It focuses on governing regular user identities and access permissions, but it does not handle privileged accounts. If we need to manage privileged accounts, we'll need a separate Privileged Access Management solution in addition to One Identity Manager. One Identity Manager can handle all our other identity governance needs, but privileged accounts require a different approach.

Our customization of One Identity Manager has been relatively straightforward so far. This is likely because we took the time to establish a solid architecture upfront. By defining a clear vision and utilizing standard use cases, I believe I played a key role in minimizing the need for extensive product customization. One Identity Manager also appears to scale well to our needs, further reinforcing my satisfaction with our choice.

One Identity Manager's business role feature simplifies access management by reflecting your company's structure. When you move between departments, like from marketing to finance, your access permissions automatically adjust based on your new role. This eliminates the need for manual updates, ensures you have the right access for your job, and streamlines access governance for your organization. Overall, it's a valuable tool for scaling access management across different departments and scenarios.

Many companies use pre-built solutions like SAP for specific needs. One Identity Manager acts as a central hub for managing identities and access across various cloud applications, similar to how companies connect to ServiceNow for service management or Workday for HR. This centralized approach simplifies identity governance for cloud-based applications, making One Identity Manager a valuable tool, though other competing products offer similar functionalities.

Choosing the right tool is crucial, just like picking the appropriate car. A regular car will perform well on city roads, but attempting off-roading with it will lead to breakdowns. Similarly, our company prioritizes on-premise hosting, so One Identity Manager was ideal. As One Identity itself offers on-premise updates alongside cloud features, we won't be reliant on solely cloud-based solutions for new functionalities. This ensures we stay current with identity access management advancements without being pressured to migrate to the cloud, unlike some competitors who prioritize cloud-based updates over on-premise versions. With One Identity Manager, we access all new features, giving our company a significant advantage. Ultimately, success depends on understanding your company's needs and tailoring your chosen tool accordingly.

Having separate test, development, and production environments creates challenges for managing a product. While the product itself can improve efficiency, companies need to invest in installing and maintaining it across all three environments. This can be expensive, especially for less-used environments like testing. However, if the product is installed according to best practices, it can offer significant benefits.

One Identity Manager streamlines procurement and licensing by consolidating identity management within a single platform. This is particularly advantageous because One Identity Manager is part of a broader suite of security products offered by Quest, allowing our organization to benefit from volume discounts and a unified security approach when using multiple Quest products.

One Identity Manager simplifies application governance by managing access decisions, compliance, and auditing. For access control, One Identity Manager determines a user's privileges within an application based on their overall permissions, allowing granular control over what each user can do. This same system facilitates auditing by tracking all access requests and enabling the creation of compliance certifications.

One Identity Manager empowers application owners and line of business managers to handle access governance without relying on IT. However, this requires upfront effort from the company to set up the data structure. For instance, if we don't have a process for assigning application owners, no tool can automatically create that mapping. The tool can only utilize existing data to enforce our desired workflows. This initial data setup might be challenging for our company as it's still under development.

One Identity Manager supports an identity-centric zero trust model, which assumes no inherent trust and relies on verification for every access attempt. This means every action must be audited and approved, requiring a well-structured data model. To fully utilize One Identity Manager's capabilities for identity governance, our organization will need a data engineer who can create this optimal data structure.

One Identity Manager stands out because it offers a wide range of features without requiring complex installation or ongoing maintenance. While many identity governance products necessitate external integration specialists, One Identity Manager's user-friendly interface allows internal staff with some IAM knowledge to manage it effectively after hands-on training. This is particularly beneficial because the product's pre-built lifecycle features, the core functionality of any identity governance tool, are comprehensive enough to address the needs of most companies, including larger organizations, without extensive customization.

One Identity Manager's usability could be better. While user experience isn't a top priority for enterprise applications unlike customer-facing ones where ease of use is crucial, there's still room for improvement within the industry standard. One Identity Manager is on par with competitors like SailPoint and Omada, but overall, enterprise applications tend to prioritize functionality over a sleek user experience.

One key area for improvement is implementing continuous integration and deployment. CI/CD automates deployment across environments, streamlining the process and reducing the manual effort currently required. This would move the company away from a slower, waterfall-style deployment process and improve overall efficiency.

The user interface for submitting IT requests could be more user-friendly. While there have been improvements to the look and feel since we purchased One Identity Manager, there's still room for a more customer-driven experience on the end-user portal.

I have been using One Identity Manager for two years.

One Identity Manager has been stable with no downtime experienced. While the current user and transaction load is low, the system has significant capacity for increased volume and hasn't undergone any formal performance testing. However, based on real-world production use, One Identity Manager appears to be functioning well.

We have premier technical support through the partner. We were not intelligent enough to envision this could be a problem in the future. Luckily, we have expertise in identity access management in-house. Otherwise, it would have been a problem if we didn't have local expertise internally and we bought something that we didn't know how to use and our partner wasn't efficient. 

Our company is currently undergoing a split into two separate entities. Due to this unique situation, we haven't fully transitioned to a single solution. Our original company continues to utilize Omada Identity Governance, while the newly formed company will be implementing One Identity Manager. This transition process reflects the upcoming separation into two independent companies, requiring us to adapt our systems accordingly.

Our initial on-premises deployment of One Identity Manager was straightforward because we handled the two-tier installation ourselves. However, for the cloud version, there's no installation needed since it's pre-configured as a Software-as-a-service offering. Regardless of the deployment method, the most crucial tier is the database, which needs robust security as it stores sensitive information. Both Windows and Linux installations are supported, though Windows is generally preferred.

The actual deployment process can be completed in as little as half an hour, but that's only if all the preparatory work, like opening network ports, is done beforehand. In the worst-case scenario, where you need to do all the setup from scratch, the entire deployment could take half a day.

The implementation was completed in-house with the help of an external system integrator and a consultant from One Identity.

To an extent, we have seen a return on investment.

One Identity Manager's pricing is competitive and in line with what other companies offer. While we may have received a different pricing model due to the multiple Quest products we purchased compared to only One Identity Manager, the overall cost is considered average.

We bought the One Identity Manager license from a partner, but they weren't able to assist with implementation because they lacked experience with the product and even tried to steer us toward a different solution.

One Identity Manager stands out for its on-premise deployment option, allowing full internal hosting, unlike most competitors who push cloud-based SaaS solutions. While cloud offers convenience, our critical infrastructure necessitates on-premise control. One Identity Manager also delivers feature parity between cloud and on-premise versions, avoiding the typical delay where new features go to the cloud first. This flexibility caters to companies with strict security requirements or those who prefer a full cloud migration, making it a truly adaptable solution. The potential downside lies in its architecture, where heavy reliance on a single database creates a single point of failure. However, other drawbacks are yet to be discovered through further use.

I would rate One Identity Manager seven out of ten.

We don't use SAP connectors. One Identity Manager's SAP connector isn't unique; it allows connection to SAP systems like many other identity management products. While it simplifies SAP user provisioning within a centralized system, this functionality is common among competitor offerings.

There's a key distinction between privileged and normal business users. While some privileged use cases can be created, an identity governance tool like One Identity Manager, Omada, Okta, SailPoint, or Aviant alone won't handle them all. These tools focus on general identity management, and for comprehensive privileged access management, we need a dedicated privileged identity manager or privileged access manager alongside them.

Due to the partner's lack of experience with the solution, we received no training or post-implementation support. This highlights a challenge faced by organizations in Denmark, a small country with limited options, particularly in the area of identity access management.

Our One Identity Manager partner hasn't provided the value we expected. While choosing them may have been limited due to licensing restrictions, the consultants they sent weren't helpful enough. It seems our experience might have been better with a different product or a more capable partner for the specific solution we implemented.

Our company has a workforce of approximately 5,000 employees and utilizes roughly 1,000 applications, though not all are fully onboarded. This number is respectable considering the size of our country.

When choosing an identity access management solution, there's no one-size-fits-all answer. It's crucial to understand your specific needs first. Consider factors like your current IAM maturity e.g., do you need privileged access management yet?, scalability requirements, deployment options cloud vs. on-premise, and partner support. Don't be swayed by what others use; focus on what works for your business and regulations. One Identity Manager can be a good option for mid-to-large companies lacking internal IAM expertise, though it may have fewer partner integrators compared to competitors like SailPoint. However, it can be a more cost-effective choice.

On-premises

My main use case for One Identity Manager is to manage the lifecycle of all people, including internal, external, business partners, and external personnel. We are currently in further development and are connecting several applications automatically to One Identity Manager, which is our main use case.

The best features that One Identity Manager offers include relatively no limitations when it comes to connecting, and if there is ever no API interface, you can create one yourself and write it in.

By using my own solutions such as scripts or email integrations, I can give an example of how I use this flexibility in everyday work. Currently, for an application called Fluency Direct, a custom PowerShell script was created for the automatic creation and setup of users and assignment of groups within Fluency Direct.

One Identity Manager has positively impacted my company through cost reduction and less effort in the individual departments for the technicians who used to manually create users in Active Directory, which now all happens automatically.

One Identity Manager could be improved by better prioritizing and processing bugs when tickets are submitted.

I have been using One Identity Manager for just under three years, as we set up the system almost three years ago.

One Identity Manager is stable in operation.

My experience with the scalability of One Identity Manager has been good.

One Identity Manager's customer support could be a bit faster, but otherwise it is acceptable.

Positive

I did not use another solution before One Identity Manager. I have only been working here for three years, and One Identity Manager has existed since I have been here.

Before deciding on One Identity Manager, I did not evaluate other solutions. One Identity Manager was already in place when I arrived and was then newly set up by us.

I would rate One Identity Manager an eight on a scale of one to ten. I chose an eight because it is very good, but there is still potential in small areas such as the usability itself for the admin within the interface. I find that everything is still not quite clear enough, especially with one or two things in Manager and Designer. You do not always quickly know where you have to click when you are looking for something, and you sometimes search a bit longer.

My advice to others who are considering One Identity Manager for themselves is to definitely hire people who have the skills and can quickly get to grips with an application that is relatively complex. My overall rating for this product is eight out of ten.

On-premises