One Identity Manager Reviews

The primary use case is the JML role-based access provisioning and access re-certification.

We don't use the solution exactly for SAP, but for provisioning and reconciliation. We manage an integrated environment. We use SAP as one of our information sources. Although SAP is one of our trusted sources, it is not an authorized source.

One Identity Manager connects SAP accounts to employee identities under governance which is important for our organization.

The solution delivers SAP-specialized workflows and business logic. The good part is the customization; whatever way we customize the solution, the product is superb. But at the same time, complexity can be difficult because if we do a lot of customization, it's not easy for the new team to think exactly the same way as someone who has implemented the solution. 

We use the solution's business roles to map company structures for dynamic application provisioning.

We use the solution to extend governance to cloud apps. I don't have real-time experience with One Identity Manager Cloud One. I believe the solution extends governance to cloud apps because some of our cloud-based target systems are currently integrated, including Azure. I don't see any challenges, and One Identity Manager seems to be functioning smoothly.

The solution has improved the way our organization functions. In the latest version, some of the basic challenges and bugs have been improved. One Identity Manager is definitely one of the most robust enterprise identity manager platforms. One of the advantages is the cost-effectiveness of the solution. The solution is also a light-based application, has easy-to-manage infrastructure, and an easy-to-use UI. The reporting features and auditing features are all up to the mark. There are no issues, no security concerns, or risks. The risk handling is up to par, with features like managing privileged systems and accounts. This makes it a safe and reliable choice for businesses.

The solution helps us minimize gaps in governance coverage among testing, development, and production servers. One Identity Manager provides a number of out-of-the-box tools to help migrate the solution from one environment to another. This makes it easy to transport our package from the development environment to the testing environment to the production environment.

It helped us create a privileged governance stance to close the security gap between privileged users and standard users. One Identity Manager is a data-based application that provides a large scope compared to other IGA products such as SailPoint and Saviynt. The solution separates the identifier between the privilege and standard account as well as access certification, auditing, and reporting.

One Identity Manager is compliant with our business requirements regarding procurement and licensing consolidation.

The solution helps streamline application governance and application access decision compliance. One of the benefits of using the solution to certify privileged accounts and users is that it minimizes risk. This is done by applying proper governance, which is something that is needed in any organization.

The solution helps enable application owners or line of business managers to make application governance decisions without IT.

One Identity Manager helped us to achieve an identity-centric zero-trust model through risk minimization and segregation of duties.

We have Premier support services. If there's any product work or product limitation based on the requirements or any new challenges that come up, we can access the Premier support services, but we need to opt in.

Premier support has added value to our overall investment. We have a weekly follow-up call with their support team.

Having Premier support has influenced us to purchase additional licenses and products from the vendor. We also use Password Manager.

The most valuable feature is the JML. Unlike other identity manager tools, the JML is more customizable, making it easier to find.

The solution provides IGA for the difficult-to-manage aspects of SAP such as T-codes profiles.

It provides a single platform for enterprise-level administration and governance of users' data-privileged accounts. We have end-to-end JML features, including role-based access provisioning, access certification, and reporting. One Identity Manager is a very good platform, especially for those who have been working with it for the last two or three years. They are likely to be very happy with it.

Another good feature of One Identity Manager is its multi-language support. I give the solution a seven out of ten for its single platform feature.

One Identity Manager has an intuitive interface that is customizable.

One Identity Manager needs to come up with many more out-of-the-box connectors, similar to Workday and ServiceNow. There's a scope for One Identity Manager to improve itself.

The reporting feature should be improved similarly to other IGA products.

Unlike other solutions, One Identity Manager doesn't have a strong support team.

I consider One Identity Manager as a niche solution because we have a demand for it, but we can't find the proper skill set in the market. That is the highest pain point with this solution. Other vendors, such as SailPoint, Saviynt, and even Oracle and IBM, reach out to people to provide materials and make them aware of their products. This leaves One Identity Manager at a disadvantage.

I have been using the solution for four years.

The solution is stable.

It is scalable.

Technical support needs some improvement.

Neutral

The initial setup is straightforward. There are more than 20 components. It takes almost eight hours to deploy. 

It is deployed in our customer environments. We monitor around 300 thousand identities.

We require over 50 administrators.

The implementation is done in-house with the help of our team.

One Identity Manager's pricing is one of its strong points. It is very reasonable compared to other IGA solutions. The licensing cost is per user.

I give the solution a six out of ten.

I have worked with similar solutions such as Oracle One, CA, RSA, SailPoint, and IBM. Other identity manager platforms mostly use Java J2EE-based frameworks. The challenging part with One Identity Manager is that it uses the .NET Framework, for example, VBScript. It's a struggle to find the properly skilled resources in the market. VBScript is considered a niche skill right now. 

One Identity Manager seems to be lagging behind its competitors in terms of its out-of-the-box connectors. Almost every other identity manager product has connectors for a variety of applications, such as ServiceNow, Workday, and SAP, but One Identity Manager does not. The auditing and reporting modules of the solution definitely need to be improved. It needs to be more intuitive for business people, especially those who don't deal with IT.

Each solution has its own pros and cons. Oracle has a little heavier deployment compared to One Identity Manager. However, when compared to other vendors' solutions - such as Saviynt or SailPoint that can be deployed within two to three hours, One Identity Manager requires a full day. 

The amount of maintenance required for the solution depends on the type of implementation.

One Identity Manager is good for organizations looking for multilingual support, low-cost, and highly customizable solutions.

The underlying technology of the UI is going to change. One Identity Manager is moving from VBScript and HTML to Angular with the latest version.

The time needed to see the benefits depends on how you roll it out. You have two or three primary areas where you see the benefits. One is from the operations and process perspective. If you automate the processes, you can make a mess because the system creates the identity from the HR system and provisions it for all the target systems, like Active Directory. 

This is one area where your processes will be more mature because they're all automated. Another area is governance because you collect all the data from different systems into one system. Manager lets you start to govern the data when it comes to entitlements.

Identity Manager helps you minimize gaps in governance coverage among test, dev, and production servers. It depends on your setup, but if you have it configured correctly, it will help. 

We can close the security gap between privileged users and the standard users. However, it depends on how you define privileged users because this might be might have different meanings. From a business perspective, you have users who are business-critical. You can set up these compliance rules to control this and have additional checks if required. 

A typical use case is setting up privileged users twice a year or a recertification campaign compared to standard users. The other point of view you need to consider is the typical admin accounts with critical entitlements and permissions to applications that have significant positive or negative impacts on the organization.

It streamlines application decisions, improving application compliance. That's what makes One Identity strong. It's like an octopus with lots of connections to your environment and applications. You get the old data and create your rule set and governance based on that. At the end of the day, these applications or entitlements are under the control of your rule set.

One Identity streamlines application auditing. If the application is under Active Directory, you have security groups where the permissions are managed in the application. It's easy because you have a standard connector, which means all the application permissions are automatically managed and controlled in One Identity Manager. 

On the other hand, if you have an application with its own user and application governance, you must integrate this with an appropriate API integration. If this isn't possible, you need a ticketing system in between with a manual process. You are good if your process aligns with your governance and audit.

One Identity has the biggest out-of-the-box functionality set. I've worked with other platforms like SAP that have a lot of features, but One Identity Manager is on top. 

One Identity provides an enterprise view of the more logically disconnected SAP accounts. It has the strongest SAP connector on the market and it can fully replace SAP centralized administration. It connects SAP accounts to employee identities under governance. One Identity is the only solution that offers IGA for the harder-to-manage aspects of SAP on a deep level. 

It has out-of-the-box SAP workflows and allows you to customize workflows, but you need an SAP specialist to handle these customizations. One Identity provides a comprehensive perspective for governing identity and access processes, reports, compliance stuff, etc. 

One of the biggest challenges organizations have is setting up borders with other processes and enterprise applications like ServiceNow. You could handle these processes, but it would make no sense. A typical example for better understanding is the joiner-mover-lever process of an employee and the topic of hardware where an employee gets their notebook, mobile phone, etc. These are something you would not challenge in a solution like One Identity. 

It can be easy to customize depending on the integrator's expertise. It has many out-of-the-box functionalities, but it also provides full flexibility to customize it. You can do it the right way or the wrong way, and this depends strongly on the integrator's knowledge and expertise. You can build on out-of-the-box elements or code everything from scratch, but this is not recommended.

One Identity's business roles are one of the most critical features. They enable you to reflect the entire entitlement structure up to the manager abstraction layer. For example, you can form a role for marketing and assign access to everything people in the marketing department need to do their work, including all the entitlements on the Active Directory and Azure levels. 

You can also assign a role to the IT shop, so people can request roles through the UI that are automatically assigned by the marketing team. Without these role functionalities, people would need to know the exact entitlement they need to have for the work, or someone from the service desk needs to know which entitlements are required. 

That adds additional pitfalls when you are not using roles properly. People can choose the path with fewer obstacles. They can find the people in the marketing department and copy-paste the entitlement, which might be a way but not the correct way when it comes to audits and revisions.

We have started extending governance to cloud applications in the past two or three years. It has challenges because it strongly depends on the cloud applications and especially on the API end endpoint. The connection is done technically on the API level, so you are strongly dependent on the restrictions of the API.

The migration from one version to another requires a huge amount of effort. The user interface could be modernized. The old one is outdated and will be completely deprecated next year. 

I have worked on One Identity Manager for nine years as a consultant. I am the person companies call when they need someone to introduce and integrate it with their enterprise. 

One Identity is a mature, stable system. Issues can happen, but it's generally stable. 

There are two points that affect performance. One is the power of the database system because the application is strongly database-focused. Adding memory and processing speed on the data base level has a huge impact. These are mostly virtualized, so that's typically quite easy. 

The second level is on the back end where you have so-called drop servers. If you don't have enough, you can install new ones, add them to the queue, and you are good. 

One Identity support has a lot of room for improvement. I work with support for my clients identifying bugs and issues, and the quality has gone down considerably in recent years. The premium support is somewhat better.

If you get a good support engineer and the issue is obvious, I would rate One Identity support eight out of 10. If you get a new technician dealing with a sophisticated problem, I would rate their support two out of 10. For a mixture, I would say a five out of 10.

Neutral

My company has worked with all the big players in this field, including SailPoint, Omada, and Saviynt, so I have some knowledge of these products. 

One Identity is one of the best products on the market, but it might be too overloaded compared to some of the others. Some smaller organizations may not need a full-stack solution. A lighter or cloud-based solution would be a better fit for them.

We integrate One Identity for other companies, so we have it deployed on a test environment to demo it. Europe is more on-prem, whereas companies prefer deploying to the cloud in the United States. If you have the prerequisites ready, you can deploy it in one day. The only maintenance involved is updating the solution. 

I'm not involved in procurement.  One Identity isn't the most expensive, but it's not the cheapest. It depends on what the clients need. 

I rate One Identity Manager eight out of 10. 

We use the solution for the management of identity and access identity, mostly for our employees.

It really helps in application access decisions, application compliance, and application auditing. That is what we mainly use it for: to have governance and compliance.

The solution has helped application owners make application governance decisions without IT. That's how we configured it. That has been a positive effect.

There are a lot of valuable features, including connectors, attestations, and workflow.

For the governance of users, data, and privileged accounts, it's really strong. It's really good, a 10 out of 10.

We also make use of its business roles to map company structures for dynamic application provisioning. That aspect is super important.

It has problems with performance. This is a very serious issue for us. Other than that, it's really capable. The performance is what is missing. It's really poor.

A second problem is the visibility in the search functionality. You don't have flexible search capabilities when you look for either roles or users. You cannot use multiple attributes. The search fields are very limited and that definitely needs improvement.

Also, the interface is really old. From that perspective, it's a six out of 10.

Another issue is that it is really difficult to customize it to our needs. If "10" is super-difficult, I would rate the customization at eight. When it comes to the options, it is super flexible. From that perspective, it is really strong.

I have been using One Identity Manager for almost two years.

It's a stable solution.

So far, it has been scalable when it comes to connecting new systems. When it comes to the performance of the tool, as I mentioned, if you want to have multiple users using it at the same time, it really lacks scalability.

We currently have around 60,000 users of the solution.

I believe we use Premier Support. To be perfectly honest, we were not very happy about Premier Support, and it was escalated.

The answer we usually get is that something will be fixed in the next release, or the release after that. Sometimes they help, but most of the problems are not solved.

Neutral

We had a previous solution, RSA, previously known as Aveksa, but it was not scalable enough for our needs, and it had internal bugs and problems.

We upgraded to One Identity mainly for the connectors. Because of the performance, we're struggling a little bit with One Identity. Other than that, it gives us what we need.

Taking into account our requirements, the deployment had to be complex because we're a complex organization. In general, we have one central solution that is delivered to the entire organization. We operate in a tenant model where particular entities can manage their scopes of applications and roles.

We were super-fast in the deployment. It took us about one and a half years. But we migrated the previous solution into One Identity, so we had already built most of the structures. We also had the connectors and definitions.

We had 10 to 14 people involved.

There is a lot of maintenance, including patching, upgrading versions, implementing improvements, and building new functionalities. It includes the whole life cycle.

I don't have access to how much we pay for licenses. That usually depends on how the company negotiates. But I believe the pricing is fair.

We recently started connecting One Identity Manager to SAP. I'm not an expert on SAP, but it's not the main system that we're interested in. One Identity Manager connects SAP accounts to employees' identities under governance, but it's just in one of the countries where we operate, and it's not even the biggest one that is using SAP. It's critical for them, but our entire company is not based on SAP.

If you configure One Identity Manager and use it properly, it helps minimize holes in data coverage for test, dev, and production servers. But it usually depends on the coverage.

In terms of Zero Trust, that requires a lot of more things, not only One Identity Manager, and we don't use other products from them.

The performance problems are a pain point, but if I compare it to not having the solution in place, it really has a positive impact. One Identity Manager really can help you, but compared to our previous process, because of the performance issues, it is actually a little down from what we had before.

Overall, I would definitely recommend One Identity Manager because we were struggling previously with our other solution, which was a little bit worse.

Our company uses it internally to request access to different customer environments. We use it as a centralized RGA for distributing different kinds of VR-managed service providers.

When you first deploy One Identity Manager, it feels a bit overwhelming because there are many features, but you quickly get accustomed to the tool and what it does. You start realizing how much automation and the ease of use simplifies your daily work. 

It depends on your starting level. If you know how to script a bit and how the target systems work, it's quite easy. I've worked with many tools I didn't understand, but One Identity was clear from the start. It has a good graphical interface and the ability to code XML files. 

One Identity helps us to minimize governance coverage gaps between test, dev, and production servers. It provides a holistic overview of everything connected to the system. You can apply for any access you need. It requires approval, but everything else is automated on the back end. A lot is happening that the end users don't see. 

It provides privileged identity governance, but when combined with a PAM solution, we get high-level privilege access governance. It helps streamline application procurement and licensing. It also enables us to streamline application-access decisions. The graphical interface lets you draw the process rather than code it. We have multiple approval processes implemented. Once the line of business managers becomes accustomed to it, they like it. It brings accountability. There is no single email here and there, but you can see the implications. No more Excel spreadsheets. You have a portal where you can decide, and it goes forward from there.

One Identity is one of the most feature-rich platforms on the market. It covers every use case. The user interface has been improved, making it easier to make it look like what customers want. It's easier to customize than a lot of competition solutions. There are nearly a thousand built-in processes that you can edit and customize according to your needs. 

The solution has a graphical synchronization engine program to generate synchronization and provisioning for you. If those aren't enough, you can create your own, which we often do. Our developers can handle that kind of integration quickly. If we have the definitions ready, it usually takes only a day or two.

The ability to extend governance to cloud applications is critical. The Microsoft 365 integrations are particularly important. All the cloud applications are crucial, especially in the Nordic countries, where we have a lot of SaaS applications.

I would like to see more access management features incorporated into Identity Manager. Modern access management should have some built-in authorization features. Although these are present in the OneLogin platform, the cloud environment is not an option for every customer. 

I have used One Identity Manager for 10 years.

One Identity is highly stable. It's rare for Identity Manager to crash. It happens periodically, but usually, the problem is in the infrastructure or the network. 

One Identity is highly scalable. We have deployed it for environments with 2,000 to 140,000 users. It's capable of scaling for organizations with  500,000 to 1 million users. a

I rate One Identity support nine out of 10. It's good most of the time. As a long-term partner, we don't create tickets that are easy to resolve. We typically go through three support layers before creating a ticket. Those take longer to resolve, but they have resolved everything so far. 

Positive

SailPoint is One Indentity's top competitor. I have not used it, but many of my colleagues work on it. It's the only solution that has comparable features. 

All the deployment options are available, and partners can create our own deployment through the container. It's easy to deploy. A wizard guides you through the initial installation. The full deployment takes four months to a year, depending on the scope. 

You can do it yourself if it's a small environment, but we primarily work in a regulated environment, so we need a team of people for example, testing, approvals, etc. 

After deployment, One Identity requires little maintenance, depending on how it's deployed. If it's a cloud-based deployment, everything happens automatically. For an on-prem deployment, someone from the database team has to back up the databases.

You get a lot of bang for your buck with One Identity. It has many features that are included in the standard IGA license. Most people who are considering buying One Identity don't understand how much power is behind it in engines.

I rate One Identity Manager nine out of 10. Before implementing One Identity, you should test it and do a proof of concept. Look at your application portfolio. If you have a lot of Microsoft applications and SaaS, One Identity will be a good fit for your environment. 

We have several use cases. I work with the German police, who use it to manage use cases. When the forensic examiner goes to the field to gather evidence, they have to transfer this evidence to investigators. We handle the entire process of data cleaning. When the forensic examiner goes to the field, an identity and governance process takes that data, creates an evidence file for it, and transfers that file to an investigator in that team. We also do email password provisioning.

We improve case processes for the bank we work with. They're also using One Identity for account management and provisioning. I'm working with an architecture firm onboarding new employees. There's a global assignment process where an identity or an employee can be assigned to a different country, and he still has to retain his employment. We map the identities even though he's given employment in another country. 

The main benefit of One Identity is process management. Processes are easier to handle. With the police, if a forensic editor or examiner goes to the field and gets all the data, he would need to go to another office with his flash drive and all of those devices. 

He has to call the investigator and tell them he's coming to their office. If the investigator isn't there, he cannot go in. When the guy has time, he will open the door. He goes in, plugs in the device, and waits for hours because they must upload terabytes of data. It takes a lot of time to transfer data because of the internal processes they use. We streamlined the process so the investigator could upload data from the field. 

We also helped a client who had employees traveling to another country on a global assignment. If you must create a new identity for that user because he needs a new identity to work in that country, he can't because we always have to separate objects from different countries. We can manage one user in two different countries and create a sub-identity for that user. 

One Identity Manager helps us minimize governance coverage gaps among test, dev, and production servers. One thing I love about it is the database transport tool. You can model data from the Dev environment and not necessarily push the data. You can model the processes, projects, scripts, business roles, etc., in the dev environment and move them to the testing environment. Once the testing is finished, you can move the transport file to production. It's powerful because you don't need to manually alter the data. 

With business roles, you can close the gap between privileged users and standard users. You can assign business roles to people based on their position and Active Directory group access. 

It streamlines the audit process. Let's say certain users aren't supposed to have access to application data based on their AD group membership or business roles. We can check this for audits and see which users can access applications based on their identities. You can provision applications to specific users based on their membership and identity.

One Identity Manager is identity-centric. Every object is treated as a different entity. Because of this, you can monitor the life cycle of every identity when it comes into the system and how it behaves in the system. You can monitor every identity's access throughout that identity's life cycle. The zero-trust model says that this identity can't access anything it isn't supposed to access at any point in its life cycle. be able to access anything that this identity is not supposed to access. You can trust that once the configurations are done properly, no identity can access any other property that it doesn't have access to.

The solution streamlines licensing. When a user gets employed, we assign them to the group for new employees. When they belong to that group, a trigger creates licenses for each new user. When the user signs into all those accounts, we have a table that shows Microsoft access. Once they are granted Teams access, all of this information is updated for the users. We use that for licensing, but I've never worked with procurement.

The designer tool is one of the most powerful features because you can manage permissions and permission groups in it. The designer is a tool for adding and removing permission. The manager lets you create IT Shop objects and determine which type of user can access an object.

One Identity is versatile and complex. There are no limits to what you can do with this tool. It integrates well with Active Directory and has a powerful API integration. They also introduced the new Angular platform to replace the old web portal, which was too complex. Angular is a simplified web UI for users to do whatever they want to do.

We can leverage JavaScript and the Angular framework to build interactive UIs with the new Angular portal. Also, the new API server makes a lot of sense because using Angular is the front end, and the API server is on the back end. You can do anything you want. It's limitless at this point.

We use One Identity to manage SAP and logically disconnected SAP accounts. From an architectural point of view, you can create request staging tables to sync to the SAP through API calls to the SAP module. You can link the data source to the One Identity staging table to ensure all data goes into the One Identity testing table. You ensure all the necessary fields are there and create a staging table where you would load all the information from SAP. 

You can sync into the One Identity object. From there, you can do whatever you want to do. You can create Active Directory groups and add permissions. SAP is also robust. For example, let's say you have a department's table in SAP. You can also get the department information from the SAP and tie it to the object depending on how you want to sync and structure your project. My approach would be to create a staging table and make an API call to SAP, filling up and syncing the table to the SAP objects in One Identity, adding all the necessary permissions from SAP to the same user, and creating the AD groups if that's also part of the plan. 

There are many approaches to connecting One Identity Manager to SAP accounts under governance. There is no written-in-stone way to do this. The cleanest approach would be using a staging table where you can add all the permissions. A staging table contains the user information and the groups the user belongs to. All of that information will be in any staging table you want. From that table, you write information into the object. 

It helps manage some of the more difficult aspects of SAP. If you have a staging table with all the information from SAP stored there, you have all the rules, Active Directory group names, and permissions. You have all the information. You can use that information to create an identity in One Identity. If you have an SAP account, you must create that SAP identity in One Identity. You can tag and call it SAP and import the source. You can add a SAP tag to it to show that this is an SAP account. 

Before Angular was introduced, the user experience was bad. To do a small custom change in the web UI, you had to do a lot of configuration on the back end. The new Angular portal solved that problem. I don't have any complaints now. The user interface is perfect, making the experience good for the users. Loading objects, caching, and handling errors are way faster with Angular.  

One Identity's business roles help us with provisioning. The whole idea of business roles is to provision based on the user's role. You create business roles for a department with a manager, assistant manager, technician, etc., so you can create custom business roles for all these positions in the same department. Each has permission to do certain things because of their business role. Business roles assign resources and permission groups based on role. It's critical because it limits access based on those roles. We can use business roles to extend governance to cloud apps. 

One Identity can be complex to customize, depending on the scope of the project, the existing system, and the architecture. If the underlying architecture does not suit what the user wants, you must rebuild it entirely by moving data, changing data objects, etc. In a production environment, that can do much harm because these processes and data inputs will change. If the scope is not so robust, you can customize as much as you want. 

On an existing project, the standard was kind of poor because they didn't use experienced consultants to do it. You had to consider rewriting a lot of things, changing how the code works, or redesigning processes. These are not hard things to do, but may just take time. Time will always be a major factor to consider when customizing.

I have actively used One Identity Manager for three years.

One Identity is highly stable. Some companies are still using the 2013 version, and it works perfectly for them. They have not updated it since then. You don't need to upgrade to the latest version. It comes with a lot of benefits like the Angular portal, but it's highly stable. As long as it meets all your needs, why change?

One Identity is scalable, depending on your architecture. 

I rate One Identity support six out of 10. They have bad support. Sometimes, they're fast, and sometimes not. They have 24-hour support, so when you message them, they try to fix their problems. One Identity can give you a technical engineer who can guide you through what to do or give you custom scripts for a problem.

Neutral

Deploying One Identity is straightforward, and configuration is not complex at all. If you have access to the database and application server, initial deployment can be completed in a day. Once you install it, there isn't much maintenance aside from updating to a newer version. You also need an engineer or a consultant to monitor the data for inconsistencies. 

I'm a developer, and I can see the relief from companies because when a person who needs access doesn't have it, emails fly everywhere, and everything stands still. If someone needs access over the weekend to a business-critical task and they can't do it, those problems lead to a lot of waste. It has saved a lot of time and saved some companies a lot of money.

One Identity isn't cheap for small or medium-sized businesses, but I don't think it's necessary for a small company to use. The price is fair for large enterprises with thousands of employees that want to adopt a zero-trust model. 

People talk about CyberArk, but I've never used it before. I don't know how better it would be than this. I don't see anybody competing with this. One Identity is on another level.

I rate One Identity Manager eight out of 10. If you plan to implement One Identity Manager, I recommend finding an experienced consultant. They are not cheap. If you're thinking about implementing One Identity at a small business, I would tell you not to waste your time. At a mid-sized business with a lot of identities or a contractor for a big company, you can use One Identity, but you still need an experienced consultant, depending on the scope of the project. 

We use One Identity Manager to synchronize SAP inbound and outbound Exchange data. More generally, we aim to synchronize data between target systems, such as those used in banking or other companies, and One Identity Manager.

One Identity Manager includes a default SAP connector that we utilize. Its simplicity is evident in connecting to SAP sites through a straightforward click or by completing a connection filtering form. We can easily establish mapping and workflow for SAP sites, making it a streamlined process. While exceptions may exist for specific customers, we can accommodate their needs by customizing workflow mappings based on their requests. Overall, the SAP connector provided by One Identity Manager is remarkably user-friendly and accessible to all, in my opinion.

We've used the web designer module, but it won't be available next year. One Identity has transitioned from web designer to Angular web development, offering complete freedom to create custom web pages and websites. While Angular requires JavaScript knowledge, it provides unrestricted development capabilities, unlike the complex web designer module. New employees struggled with learning web design, but Angular's accessibility empowers developers to modify everything within the One Identity website and backend, including database interactions and custom code development. This flexibility makes One Identity Manager a powerful tool for connecting various systems and databases.

Business roles are crucial for our customers because they are an essential identity management tool. Without them, we'd need to manually authorize every employee and group. However, Business roles allow us to create and assign business roles automatically. This is vital for our customers as we develop best practices for business workflows. A key component is creating business websites, for which we establish job descriptions and roles. Subsequently, we automate role assignments based on organization or title, which significantly streamlines our processes.

One Identity Manager is user-friendly for the end user.

One Identity Manager significantly simplifies application auditing. The auditing site we use extensively is one of its most valuable features. One Identity Manager is remarkably effective for auditing because it empowers us to create and deliver new attestation or compliance tools. We can generate all these audits through both the website and Manager modules. The audit screen on the website is exceptionally user-friendly. Customers consistently praise the audit feature, and we have received no complaints about the auditing site. We are highly satisfied with using the audit site for One Identity Manager.

One Identity Manager's most valuable asset is the ability to customize its front-end website.

The One Identity Manager documentation could be improved. Despite using the solution for six years, I encounter difficulties understanding certain features due to unclear explanations in the documentation. Additionally, while the One Identity Manager community has the potential to be a valuable resource, the community site does not effectively assist all users.

The report site could be improved because while One Identity Manager offers around forty default reports, our customers find them insufficient for their needs. Consequently, we must create custom reports to meet their specific requirements. Although building custom reports within One Identity Manager is straightforward, enhancing the existing default reports would greatly benefit our users.

I have been using One Identity Manager for six years.

I would rate the stability of One Identity Manager nine out of ten. While all software products are prone to errors or bugs, I have encountered none, specifically in version nine. Compared to previous versions like eight and seven, which did experience issues that required resolution, version nine represents a significant improvement in stability and reliability, making it the best version of One Identity Manager thus far.

One Identity Manager is well-suited for large-scale environments, making it an ideal solution for enterprise clients.

We use Premier Support from One Identity Manager. They respond quickly to our tickets, and our customers are extremely happy with the support.

Positive

The deployment is straightforward and takes a week to complete.

Prices in Turkey are high due to inflation, a challenge we've heard about from our customers. We understand that European consumers may have different expectations, but we must reduce the pricing to attract customers.

I would rate One Identity Manager nine out of ten.

Generally, we don't utilize a governance site but instead rely on an identity management site. Initially, our customers define the SAP architecture or structure, outlining user roles that must be created and associated with specific rules. We then establish the SAP site's structure and architecture, focusing on user management before addressing roles. Subsequently, we incorporate the business side to enable dynamic role calculation for users by creating business rules for role management and assigning roles to users.

I highly recommend One Identity Manager to others. Its ability to develop everything within a single platform is incredibly valuable for customers. Many other products or software often encounter challenges or require custom development, but One Identity Manager offers a comprehensive solution. Its simplicity and customization options make it a standout choice. While I haven't used other identity management products extensively, I am familiar with some features of competitors like SailPoint. However, One Identity Manager's flexibility allows for modifications to accommodate specific needs, unlike some out-of-the-box alternatives.

We use Identity Manager for several things, such as automating our XML process, user provisioning and reprovisioning, and governance-related activities like access reviews and degradation of duties.

Identity Manager sits at the center of the organization. We integrate our systems, like Workday, into other HR systems for employees and contractors. If there are any vendors and customer-related identities, we feed the data from those systems into One Identity. One Identity Manager is configured to the initial access established when someone joins the organization, such as email, Active Directory, desktop logins, timesheets, and common apps that everybody in the organization requires.

We also have request systems in ServiceNow integrated with One Identity Manager on the back end. The request tool goes through ServiceNow, and One Identity creates a notification that a user has requested access to an application. Identity Manager will provision those users on those systems. Some requests are automated and others are semi-automated. When a ticket is opened in ServiceNow, the team will pick up the ticket and work on it. Once they do that, an update comes into the IDM system saying that this user has been granted this access. One Identity Manager is the central book of records or identities and their access levels. 

One Identity Manager has improved our overall user experience by automating processes related to password rests, access requests, and provisioning. This has reduced the number of tickets and help desk calls. It has also decreased the time new employees take to start working. Their laptops and applications are ready to use when they sit at their desks on their first day. We have designed the process so they can spend one or two hours setting things up and starting work. 

The solution streamlines application access decisions, compliance, and auditing.  One Identity has improved the access request process. It's quicker, and we only need to check the identity management system if there are any issues. The users can go into the system to request roles and see if they've been approved. If they're missing something or don't know what to request, they can look it up in the catalog. It's more user-friendly and based on self-service, so the help desk doesn't need to handle all these requests. Everything is centralized, allowing us to pull all the information we need for regulatory audits quickly. 

One Identity's user interface is excellent. It has a timeline view that shows when a user received access and when access was removed. This provides a solid overview of all the users' activities since they were onboarded. 

Another visualization tool not in the main UI shows the identity in the center and links to the target applications. You can drill down and see the details for those target systems. That is very helpful for us to look up something related to a user quickly. 

We use One Identity to manage SAP. We did a lot of customization, integrating the GSA components of SAP. We brought in all those rules, and it wasn't straightforward, but One Identity has some additional support and capabilities for SAP that helped us a bit. We brought all those GSA-related activities in through process changes and some customization. 

One Identity is good at automated user provisioning and de-provisioning. The system processes things quickly. We had an issue where we mistakenly disabled nearly 4,000 Active Directory accounts due to a developer error. We had to get those accounts back up again and were pushing the records to AD to make the changes. It was running a bit slowly, but we have a cloud setup, so we bumped the resources, and it handled that load quickly.

The compliance reports are good, and custom reports can be easily generated. One Identity provides separate built-in user roles for auditors, compliance officers, and others. The SOC exemption process and associated reporting are excellent. 

It's critical that One Identity extends identity governance to cloud apps because most organizations are hybrid. The cloud is maturing and becoming more affordable. More organizations are shifting from legacy Oracle EBS systems to Microsoft 365 or Salesforce. All these vendors have also picked up cloud offerings and offer them as a managed service or complete service, where we don't have to worry about anything.

The interface could be more customizable and developer-friendly. There's a different tool for everything in Identity Manager, so it would help if they could consolidate everything into one or two tools. A developer needs to use three or four tools to do various things, so we need to log in to multiple tools when we make changes. It's a pain if we want to do something quickly, and it's harder for new developers because they have to remember which tool they need for a task. It would shorten the learning curve.

I've worked with two versions of One Identity. The earlier version was heavy on customization. We had mastered that because we were doing customizations. We knew how to change things and had our own SOPs, documentation, etc. In the last year, One Identity changed its UI. That involved a lot of code that is invisible to us, minimizing the amount of customizations we can do. To do some minimal customization, we had to try different things and almost break our dev environment. Once, we had to reset it using the backup because it was not coming up because of all the changes we did. Also, there is no clear documentation

According to feedback from my users, the user experience is more of a mixed bag. Many of my users had problems with the password reset portal. It asks for a CAPTCHA code before they can log in. It's a standard feature, but how the CAPTCHA is displayed isn't user-friendly. People did not like it. We tried to customize and change that as well but had limited options. Aside from that, the normal UI is good, and we have not had much pushback.

While the export and import feature is handy for minimizing gaps in governance coverage, we still need to use separate products like GitHub and other similar tools to maintain consistency between environments. There is nothing built-in to help us maintain configurations across environments. If they come up with something where I can quickly compare both my environments and see the differences, that'll be great.

Identity Manager is good at managing identities, but I don't think it suits privileged accounts. IAM is split into three subdomains: IGA, access management, and PAM. One Identity is sufficient for IGA but cannot handle the others. 

The compliance reporting could be improved. One of the key requirements of SOC or any other audit is a snapshot of the system's configuration. The audit requires you to certify that the queries for generating the report have not been changed and that the configuration is the same as it was the day before the audit.  

We take screenshots with the timestamp and give them to the auditors. That's cumbersome to do, even if we're only audited once or twice yearly. I take a screenshot and then show them the time to prove that the configuration is consistent. We have built-in processes to take regular screenshots and store them in a secure place for the auditors. It would be helpful if One Identity stores the configuration details as a snapshot. It would also help with any rollbacks or change reviews that the organization might want to do.

I have worked on it for around two years.

I rate One Identity Manager nine out of 10 for stability.

I rate One Identity Manager seven out of 10 for scalability because the scaling process isn't smooth.

I rate One Identity support eight out of 10. We worked closely with the One Identity team, and they assigned us a dedicated support manager. It has been a positive experience. They quickly resolve issues and help us execute projects faster. 

Positive

I work as a solution architect, so I've used lots of tools, including the Oracle toolset, NetIQ, and Sailpoint. One Identity is better than Oracle, which has lost market share. Oracle is resource-intensive. You need 16 GB to install the base. Initially, that tool was good, but it became a mess. Oracle is no match for Identity Manager. NetIQ is a lightweight tool suitable for small organizations, but it cannot process things the way Identity Manager can. 

Microsoft tools lack One Identity's IGA capabilities, but I would say SailPoint is better because of the number of connectors it has. It's also far easier to operate. Sailpoint's tools are all in one place, and it's more developer-friendly. It's a complete SaaS tool along the same lines as One Identity Manager. We don't have to buy professional services to do anything out of the box, even if it is a minor customization. 

One Identity was deployed on the cloud and offered to the customer as a service. On average, it takes three or four months to install One Identity and integrate it with key systems like Active Directory and HR solutions. That includes the time needed to gather requirements and implement them. For the timeline I mentioned, the standard deployment team size is around five to six people. 

I don't remember the numbers, but we did realize an ROI of about 10 to 15 percent. 

One Identity is cost-efficient from a licensing perspective. However, one drawback is that it's expensive on the hardware side for the customer to set up. One Identity's professional services team recommends various components. They lose some of the cost advantage because the hardware is expensive and requires maintenance. 

I rate One Identity Manager eight out of 10. 

The use cases for One Identity Manager include multiple aspects of identity and access management. One of the most interesting features I wanted to utilize was the user's access review, UAR module. The idea was to create a quarterly review process to review the entitlements and the access and controls in place, initially targeted towards Active Directory and later extended to other local systems. One Identity Manager can connect SAP accounts to employee identities under governance. It is possible to map company structures for application provisioning through dynamic application provisioning using role-based access control. Mapping roles to users is a seamless experience that offers a lot of leverage in terms of speed and compliance, making it a very useful feature.

The use cases for One Identity Manager include multiple aspects of identity and access management. One of the most interesting features I wanted to utilize was the user's access review, UAR module. The tool can onboard applications such as SAP, which is standard, and the APIs do not present challenges. One Identity Manager can connect SAP accounts under governance, and mapping roles offers leverage in speed and compliance. This functionality is crucial for compliance and governance.

The tool did not allow beyond a specific level of visibility; it provided visibility at the user level, not at the level of nested entitlements, resulting in an inaccurate depiction from the asset manager's point of view. This necessitated manually inputting data into the One Identity Manager user access review module. When it comes to privileged access management, we need to know who has access to what, which is the central problem we want to solve. However, for One Identity Manager, the visibility could be a lot better, especially given we are dealing with many data visibility products in the market.

Aspects such as reporting and dashboarding could be improved; I've seen tools doing better in those areas. One Identity Manager does not deliver specialized workflows for SAP; it offers very standard workflows. However, there are some modules that can be imported, and certain custom workflows need to be created. 

Customizing the solution for particular needs is very subjective. It does provide a lot of customizability, though there's room for improvement. One Identity Manager helps minimize gaps in governance coverage, but effectiveness depends on the organization. Ultimately, while One Identity Manager can solve problems, the tool must be combined with good people and a sound strategy for maximum effectiveness.

I have used One Identity Manager for more than ten years.

For single-site installations, it performs adequately, however, multi-tenant setups present challenges demanding significant improvements.

For single-site installations, it performs adequately. Multi-tenant setups present challenges demanding significant improvements.

I have contacted their technical and customer support. I consider their support to be very standard, relying on an email-based system. My support engineers have received solutions to their inquiries. However, a tailor-made, dedicated support would significantly enhance user experience, especially for organizations that do not want to wait in queues.

Negative

I would rate the initial setup at a seven out of ten. The reason for this rating is the critical nature of multi-tenant applications; compliance is heavily influenced by multi-tenancy, so a lot of engineering improvements could enhance the product.

Ideally, One Identity Manager as a SaaS tool handles maintenance; however, this depends on the specific maintenance discussed.

I had partners who helped set up the whole process, and they were familiar with implementing the tool. Some were contractors, and they did a pretty good job in terms of delivery, respecting timelines. When I was working with one company, my team was based in Nice, France, consisting of internal employees and contractors. They implemented the solution fairly well. However, I had to provide a lot of unnecessary reporting and overhead when connecting the tool with our production environment, providing data that could compromise internal security despite getting the right approvals. Overall, it was an okay experience with One Identity Manager.

We use multiple tools in tandem for better security. The procurement and licensing process can indeed be complex. My experience was decent, with no major problems during procurement or licensing; it was a mostly seamless experience.

With respect to privileged accounts, I would say One Identity Manager can improve; for privileged accounts, a lot needs improvement, and it is not best practice to depend on one tool. 

One Identity Manager could incorporate dynamic dashboarding to predict attack vectors and compromises.  

I would rate One Identity Manager seven out of ten since it can improve on many aspects.