One Identity Manager Reviews

I have worked on various European projects where we mainly use this tool as an Identity and Access Management (IAM) solution rather than its Privileged Access Management (PAM) features. Specifically, it serves as a central IAM tool for governance, compliance, and managing access requests across all the companies and projects I've been involved with. Most of these access requests were processed through Microsoft tools. They were onboarding applications and managing access to them via One Identity Manager through the portal it offers.

Every identity management tool has its unique features, and I believe that One Identity Manager performs quite well. From a developer's perspective, its interface provides excellent information. It includes appealing visuals and a user-friendly design, allowing you to clearly see how software accounts correlate or match with an identity. This gives you a comprehensive view of what an identity encompasses. You can establish specific rules to determine if access is fully managed by One Identity, which acts as the authoritative source for system access. Additionally, it offers a range of capabilities and customization options for managing access across various applications. Overall, I think One Identity Manager does a commendable job in this area.

One Identity Manager can be set up to have accounts synced from the SAP system and have them as orphaned in the system. The intended way is to link them to an identity, and when clicking the identity of the employee, you will see underneath the AD accounts, other application accounts, and different SAP accounts. For each SAP system, you can have specific rules. It has this capability out of the box, SOD rules, different roles, and bundles.

When users request access for a SAP system and do not have an account already, an account is created based on specific criteria that can be defined. From an end user point of view, they go to the portal and request access. If they do not have an account, they get one. If they already have an account, the access will be added and provisioned properly. The account will be connected to their identity with all the access in the downstream application in SAP. It requires a good architect to think through all the different cases for the business. Many connectors must be built because some companies use upwards of 200 SAP systems.

One Identity Manager offers governance for cloud apps through its cloud framework. The logic remains similar to on-premise applications: build a connector, import data, create business roles, enable requests, and implement approvals. The governance framework is particularly strong with application approval workflows and recertification processes.

The solution provides technical options to distinguish between different types of accounts per system. For AD, different rules can identify and manage various account types differently. It offers strong reporting capabilities and can detect policy violations.

For application management, One Identity Manager has a built-in risk framework that helps businesses with approvals and recertifications. Full application management without IT involvement requires building custom frameworks.

It helps to streamline application access decisions, application compliance, and application auditing for customers. When auditors come in, they require that access be managed using an IGA tool. It's quite easy to set up; you just need to build a connector to facilitate this access. In addition, a business analyst can identify the business rules needed. You publish the business rules and set up an approval process—usually requiring two approvals if it's related to the application. Once the business rule is published, a user can request access through the portal, and someone will approve it—standard procedure. You can also run certifications and set up different approval processes for employees who need access for one year or for those who are moving (like shifts). Certification can involve various terms, including access reviews or access refusals. It's a straightforward process. It's strong and reliable. I've seen hundreds of applications successfully managed and compliant because of this process, which includes approval requests and access refusals. You simply onboard the application, and you're set—it all becomes remote for you. All the audit trails are available. You can see who approved what, why they approved it, when the access was granted, and when it was revoked, among other details. It truly helps to maintain compliance.

The solution offers some out-of-the-box capability to manage profiles, but I have not worked with other aspects. In the companies where I was working, they were not using this from a SAP point of view.

One of the most significant advantages is its strong security around identity management when compared to other tools; it's quite robust. However, it does come with a high learning curve, making it difficult to implement and operate without a dedicated IAM team. You need people with substantial experience—likely several years—in order to navigate the complexities effectively. It's not something you can easily outsource entirely to a consultancy. In the past couple of years, they released a new version, Version 9, building on the previous version 8.02. This new version introduced a revamped portal where end users can request access. The previous version had a built-in portal that was quite complex to configure. In the new Version 9, they developed a new portal based on Angular, which offers many capabilities. If someone knows how to utilize it and learn its features, they can make API calls to interact with other systems. Some consulting firms are already developing custom frameworks around this to leverage these capabilities. 

This new portal is where end users go to request access. It provides good out-of-the-box functionalities, allowing users to request access to various applications, and managers can approve these requests. In addition to the default functionalities, the use of APIs is enabled through the portal. However, the general market lacks expertise regarding this tool; only a few companies are actively investing in understanding how it works and offering their services based on that knowledge. Many businesses are migrating to this new portal as the older versions are being phased out of support and are eager to learn how to maximize its capabilities.

Overall, One Identity Manager is a robust tool designed for large enterprises and is still an on-premise solution.

One Identity Manager does not offer much in terms of delivering SAP-specialized workflows and business logic. Custom workflows can be built, but it is limited in that regard. Comparing it to SailPoint, One Identity Manager is less advanced around SAP, particularly regarding the flexibility to build custom flows. While customizations are possible through processes in One Identity Manager where you can build PowerShell code or make API calls, this is not the intended way and requires heavy customization that might become unmanageable.

They could offer more out-of-the-box connectors so that custom PowerShell connectors would not need to be built. 

The support could be improved. They could add more AI to help with role mining. The new portal documentation needs improvement as some partners are more advanced in understanding how the Angular portal works than One Identity itself.

I'm not currently working with it. I stopped working with it three to four months ago. Before that, I worked with it for about three years and seven months.

Regarding support, they prioritize resolving escalated issues. However, their response can be slow. Whenever I open a ticket, the reply often includes a request for the specifications of the server I am using. For instance, they frequently ask, “How many gigabytes of RAM are you running on the server?” If I'm not using the maximum recommended specifications, they immediately suggest that there is a problem. They don’t always consider that the issue may not be related to performance at all.

I haven’t had the best experience with them, but I understand that they do eventually respond. However, there have been instances where we had tickets open for months without any resolution. Sometimes, they would either go quiet or eventually respond and help us find a solution. I’ve faced many similar situations across various projects.

At the end of the day, I’m not a customer, so I’m not too concerned about the experience. However, the application owners of One Identity in these companies have expressed dissatisfaction with the responses they received. They wanted more immediate assistance and access to more skilled resources. That's understandable. Overall, I would rate the experience as a six out of ten.

It depends on the situation. If you're starting from scratch, in a greenfield scenario, where you have nothing set up and don't have an IGA tool, then you can begin by establishing an Active Directory. You start with the basics: take employee data and import it into One Identity Manager to create Active Directory accounts for each employee. This setup can typically be completed in about three to four months. It’s not overly complicated. However, it’s important to note that most businesses have complex processes that don’t easily translate into the tool. To effectively monitor applications and manage these processes, you really need technical expertise.

For a large enterprise that has the capability to support an on-premise solution and is willing to find reliable partners to assist with this new portal, along with the technical know-how to match the tool's capabilities, it can be a highly effective solution. This tool offers a wide range of features out of the box. However, the biggest challenge is the steep learning curve; it's essential to have experts with many years of experience and strong technical expertise to maximize the tool's potential. This solution is not suitable for small companies or those seeking a quick implementation. It requires a significant investment initially, but it pays off in the long run due to its extensive features compared to other tools.

I don't have information on the costs associated with the tools or the specific deals they offer. However, I do know that it's challenging to find technical expertise, and these professionals often command high salaries.

In addition to purchasing the tool and its licenses, it's important to account for the need for a dedicated team, especially if you're a large enterprise. There are significant costs involved in maintaining the solution and ensuring it operates effectively. Unfortunately, I don't have details on the licensing fees or per-user costs, among other specifics.

My recommendation is that you really need to understand the realm of identity and access management. It's important to consider the alternatives available, and I believe that for some companies, One Identity is the best solution out there. For specific enterprises, it could indeed be the ideal choice, but for others, it may not be suitable. For instance, a small business with fewer than 25,000 employees, which may not prioritize governance and compliance, might find One Identity unnecessary. It really depends on the landscape of the company using the tool—what their requirements are, what applications they have, and what they're aiming to achieve.

One Identity is quite beneficial for finance-related entities that have strict compliance and security needs. However, One Identity should invest more in AI and enhance their documentation on the new portal. This improvement would help customers and developers better understand what they are building.

The business roles functionality is a very standard part of the access model. Typically, you would start with an application. You gather all the users and their entitlements, which include the accesses they have. Then, you need someone, such as a business analyst or consultant, to help identify bundles or groups of this low-level access. Instead of managing each access individually, you can group them together and create a role for each application, or possibly a combination of different applications. This approach greatly simplifies management. A user doesn’t need to know all the low-level accesses required in a system or across different systems. By creating bundles of access with accompanying business rules, it becomes easier to understand. For example, if I am a DevOps member working with AWS, there’s already a pre-defined access bundle for me. My colleague can tell me to request this specific access, which provides everything I need. Alternatively, access can be automatically assigned based on department—whenever someone joins a specific department, they receive all associated accesses. 

Moreover, you can build dynamic rules around these business rules. While technically speaking, in the One Identity Manager, an application role is part of a business role. However, it’s important to note that you can have a business role defined by specific criteria. Anyone who meets this criterion receives the business role, which is beneficial for management. For instance, if you want to grant access to new hires for applications like Teams, all relevant accesses can be bundled into a business role. If someone leaves the company, their status would change to inactive, and they would lose their access. This streamlines the access lifecycle management process.

From an end-user perspective, it simplifies requests for specific applications or accesses per department. Depending on your chosen architecture and access model, this organization is crucial. However, a key requirement is to have a business analyst involved; otherwise, you risk ending up with scattered entitlements and groups that lack clarity regarding their business association. Finally, don't forget to set up an approval process.

From an end-user perspective, with the new Angular portal in version 9 and upwards, it has improved significantly. However, not all companies have migrated because they have custom logic in the old portal that needs to be translated to the new Angular portal. The new portal is better as it is easy to navigate with straightforward navigation bars. Previously, sometimes custom queries behind the portal really slowed down end-user performance, with users reporting waiting 15-20 minutes for a page to load, especially during approvals or attestations. This was particularly frustrating for users needing high-level managerial approvals for various tasks. In the new portal, you can customize tasks to address some of these performance issues, making it a more efficient experience.

Overall, I would rate it a seven out of ten.

One Identity Manager is used for centralized user identity and access management, privileged account management, access governance, compliance, and auditing purposes.

In one of our projects, One Identity Manager is used for centralized identity and access management across the organization. Earlier, user account creation, access approvals, and deactivations were handled manually, which was time-consuming and prone to human error. The complete user lifecycle process has been automated using One Identity Manager. Whenever a new employee joins, the system automatically creates the account and assigns the required access based on the department or designation. One Identity Manager has also been integrated with Microsoft Active Directory. If a user belongs to the finance department, for example, they automatically receive access only to finance-related applications. This is the main benefit to the organization from using One Identity Manager.

One Identity Manager automates user provisioning and de-provisioning, enables a faster employee onboarding process, and reduces manual work for IT teams. One Identity Manager provides better visibility of who has access and what kind of access the user has.

There is a central dashboard to see all the users and their access. The IT team can easily identify who has access to which application and which user has been using which server and for how much time. One Identity Manager tracks all user login activities and access changes, helping to detect unauthorized or excessive permissions.

One Identity Manager is a significant time saver since it is an automated process and manual work is not being done. It improves security by giving users only the required access. One Identity Manager provides centralized monitoring and reporting of user activities. It is a scalable solution for larger organizations. If there are thousands of users, manually creating a domain and assigning users would be a very large process. Using One Identity Manager helps the organization do this automatically.

Initial deployments are complex and require proper planning. Role mapping needs to be done very carefully. Integration with legacy applications takes more time and these areas could be improved.

Integrations do not always happen properly, and the same process often needs to be repeated. More features could be added. For example, AI is not fully implemented, so AI could be properly integrated into One Identity Manager.

I have been working in presales for the last two years, and prior to that, I was in post-sales for the last 3.5 years.

Instead of having two engineers for this, we can have just one engineer. One Identity Manager is highly scalable.

Customer service is good.

I have not used a different solution. One Identity Manager is the first solution I have implemented.

Manual processes are time-consuming, so I recommend that others use One Identity Manager as it saves a lot of time. Errors that are made by humans will probably not happen when using One Identity Manager.

One Identity Manager was deployed in one of our customer's environments six to seven months ago.

For auditing purposes, reports are easily obtained through One Identity Manager. Manually, reports would need to be fetched from each system individually. Using One Identity Manager, all necessary reports for auditing purposes are automatically generated.

One Identity Manager's licensing plan is good for the features that are needed. I rated it an eight because the features are good for the license.

I have not evaluated alternate solutions. I rate this review an eight overall.

One Identity Manager is used for the user lifecycle and to enforce access governance across the organization's systems. This solution helps to automate account creation, any modification, or any account removal. It also controls access through approval workflows, which is the main use case.

A real-time example of how One Identity Manager has helped the team was during a new employee onboarding and access assignment scenario. Multiple new joiners in different departments, such as IT or HR, had their accounts created in the AD automatically, with access assigned to multiple applications, and proper procedures were followed.

One Identity Manager has had a good impact on the organization and has really improved access control and reduced manual efforts. The identity processes are now more consistent and processed, which is helping significantly.

Manual errors have been reduced because all things are automated. There has been great time saving. The same process that was taking one to two hours now takes only 10 to 15 minutes mostly. The automated provisioning of the user across the system occurs in much less time and has really reduced manual tickets.

There has been a strong return on investment after implementing One Identity Manager, especially through automation, reduced operational efforts, and improved security. Time saving has been achieved in user lifecycle management, and there has been a reduction in support tickets of almost 60 to 70%, along with a reduction in errors.

The lifecycle automation feature of One Identity Manager is found to be very effective. It handles user onboarding and access assignment without any manual interruption or steps. This has really helped to improve efficiency and accuracy.

Lifecycle automation has multiple aspects that are really helping. One Identity Manager's lifecycle automation has made the biggest difference in secure and instant onboarding, which not only reduced the risk but also reduced efforts from daily operations.

One Identity Manager has provided great security with great automation features and great usability.

OEM documentation for the initial setup could be improved.

One Identity Manager has been in use for more than four years.

There have been no downtime or reliability issues with One Identity Manager. It is a very stable solution.

There are no scalability issues with One Identity Manager. It is highly scalable and capable of keeping up with the organization's growth needs, especially in the enterprise environment.

The customer support team for One Identity Manager provides a great experience. They resolve any technical issues within a given timeline and provide support 24/7.

One Identity Manager has been the only solution used from the start.

The vendor's sales team provided a great experience because there was a very positive response from the team, and they helped in procuring the solution.

The organization is a partner with the vendor of One Identity Manager.

Other solutions were not evaluated before choosing One Identity Manager.

One Identity Manager is highly recommended. It is a great solution that comes with great features and great security features. The advice would be to define the identity process and roles clearly before procuring or implementing. Start with the basic features and then move to the more advanced features. Proper planning is needed before implementation. The overall rating for One Identity Manager is nine out of ten.

As an engineer, I primarily use One Identity Manager for user lifecycle management and access governance, which helps me to automate onboarding users or employees, role changes, and offboarding. This is the primary use case, and additionally, I am using it for access requests and approvals, ensuring controlled access through a portal where user requests go through an approval process. My use case also involves role-based access control, where access is assigned based on job roles, with automated features that eliminate the need for manual effort. Furthermore, HR system integration acts as a source of information, allowing user data to sync automatically and maintain accurate data across the organization while providing a compliance and audit-ready environment.

Whenever any new employee or user joins my organization, their account is automatically created in the system and access is granted based on their roles and responsibilities, which really helps me to reduce the manual efforts of the IT team. If they require any change in the department, access is automatically granted or updated.

The best feature offered by One Identity Manager is the excellent automation for user lifecycle management, along with strong role-based access control where access is assigned based on job role, department, and business functions.

The role-based access control feature of One Identity Manager helps my team by keeping the environment secure and ensuring standardized access across users. Instead of assigning access manually, I create roles based on departments, such as finance, IT, or HR, each with predefined access. Every user in the same role receives consistent access, independent of manual decisions, saving a significant amount of time for my IT team, with automated provisioning resulting in over a 70% reduction in provisioning efforts and faster onboarding of employees.

One Identity Manager has positively impacted my organization by saving my IT team a huge amount of time, allowing them to concentrate on other critical tasks and increasing their productivity, resulting in a notable reduction in onboarding and offboarding time. This improvement eliminates the need for manual work for the IT team and enhances my security posture.

I have seen a significant reduction in the time previously taken for onboarding users, achieving a 70 to 80% faster onboarding process compared to the previous time it required, which has had a positive impact on my organization.

Based on my experience with One Identity Manager, it is working very well as per my requirements, and I do not believe it requires any kind of improvement at this point; it is offering great features with impressive usability.

Sometimes, the initial setup or deployment of the solution feels a little complex and could be simplified with better planning, which would allow for more flexibility for new engineers.

I have been using One Identity Manager for more than three years.

One Identity Manager is stable.

I do not see any challenges with the scalability of One Identity Manager; it is a very scalable solution suitable for mid to large enterprises, capable of handling thousands of users.

One Identity Manager's customer support is good, providing effective assistance in resolving complex issues whenever I face them. They are always ready to help.

From day one, I have been using One Identity Manager and have not used a different solution.

Sometimes, the initial setup or deployment of the solution feels a little complex and could be simplified with better planning, which would allow for more flexibility for new engineers.

I have seen a great return on investment with One Identity Manager, especially in terms of time-saving and reduced manual efforts, saving 70 to 80% of time compared to previous methods and allowing for almost 90% faster access removal or granting, making it a great solution for my environment.

I do not handle pricing, setup costs, or licensing for One Identity Manager, as this is managed by a different team in my organization.

I did not evaluate other options before choosing One Identity Manager.

I highly recommend One Identity Manager as it will really help any organization. My advice is to invest time in proper planning before implementation, particularly around role design and identity structure, starting with core use cases such as user lifecycle management and access requests, and gradually expanding to advanced governance to ensure a smooth deployment. I give this review a rating of 10.

My main use case for One Identity Manager is for identity access management solutions for clients. For our clients, let's say we have a bank company as a client. In that client, there will be employees, various kinds of employees, permanent employees, external employees, vendors, so many people might be there. Every employee who gets onboarded into a company will be having some identity within the company, so to provide an entire identity access management system is essential.

Once a user is onboarded, we can give some accesses by default using birthright roles or dynamic roles. We can also provide a way so that the user can request the roles or accesses that the user might require. We have a portal, IT Shop, everything set up, and we can create workflows, access approval workflows, and all so that the user can request the required access, and if the proper workflow has been completed, the access will be provided. These all things can be customized as per the customer requirements.

Using One Identity Manager, we can connect with various target systems like ServiceNow, SuccessFactors, Workday, whatever, however. To One Identity Manager, we can onboard data, and we can also send the data to various target systems, whatever the customer might need. It provides various connectors such as DB connector, native SQL connector, Oracle connector, SAP connector, Exchange connector, Active Directory connector, PowerShell connector. There are so many ways we can connect to other systems so that we can send data to other systems and sync back from those systems, making this One Identity Manager system a centralized system that controls everything. One Identity Manager can act as a source of truth for various systems, which is one way for the companies to centralize their IM system.

In my opinion, the best features One Identity Manager offers are customization. We can customize many things as per our requirements, not just use the default options, out-of-the-box options. We can connect to any target system using the PowerShell connector, which is the best way. We also have API connectors and other things as well. From the latest versions, they are moving from the native portal to the Angular portal, which will speed up the portal development process and make the portal more attractive and dynamic. It also has other supportive portals like Operations Portal, Admin Portal, and Password Reset Portal for various services and all.

Most customers choose One Identity Manager because of the customization it provides, not just for me or my customers. We have one feature called attestation, which helps review user access periodically and frequently and ensures the audit players and audit processes work properly within the organization.

One Identity Manager positively impacts my organization and my clients by automating user access reviews, which often won't happen properly. With One Identity Manager, we can schedule those access review processes and automate them so that they automatically trigger and send access review emails to the user's managers, ensuring they take action on the access side, whether the user should have that access or not. For most customers, their access management system becomes smoother using One Identity Manager.

The specific outcomes my clients have seen include saving time and reducing manual work. Without a centralized IM system like One Identity Manager, onboarding tasks must be done manually, leading to human errors. If a user makes a mistake manually, it could lead to another incident, causing bottleneck issues in operations. Using a centralized system like One Identity Manager really eases the onboarding and offboarding processes for any organization, making identity access management smoother.

One Identity Manager could be improved because the community is a bit small, and the documentation sometimes isn't clear or interactive. This migration from the native portal to the Angular portal is not well known, and I think this change could bring chaos within the community.

I have been using One Identity Manager for more than two and a half years.

One Identity Manager is stable in my experience.

One Identity Manager's scalability depends on the subscription you take and the size of your user base.

Customer service rating: 4 out of 10.

Positive

I evaluated SailPoint, Saviynt, and other tools before choosing One Identity Manager. I prefer One Identity Manager because of the customizations it allows, though I'm not completely certain about other solutions. My experience with One Identity Manager influenced my choice.

When using a centralized system like One Identity Manager that offers so much customization, I see a return on investment through saved money. Instead of spending on various systems, having one centralized system that handles all my organizational requirements helps save money. The setup is easy, and One Identity Manager provides support.

I advise others looking into using One Identity Manager to go ahead and take the latest version of One Identity Manager solution to avoid the headaches of migrating from previous versions. The latest versions have support from One Identity Manager as well, fixing many issues and adding new features as part of the new releases. Our company has a business relationship with this vendor as we are partners. I rate this solution an 8 out of 10.

We use it for identity management and governance. We are a large financial institution; therefore, we use it for identity management and all the cases surrounding that, such as segregation of duty, attestation, extensive provisioning, and life cycle management.

The largest improvement we have seen is the depth of how many applications we have covered. We have about 4,000 applications connected to One Identity Manager, fully managed from there. That has definitely grown over the years, including the ease of connecting those applications. In the end, what we want to achieve as an organization is not a nice technical solution, but our goals are being in control of our accounts, being in control of our entitlements, and being in control of what entitlements are assigned to whom and why, and proper substantiation for that. To be able to achieve that, we need to have a large range of applications that we actually manage. That is something that has become easier and grown over the years. I would say this is the biggest improvement. Moreover, better processes have been introduced surrounding the data so that we do not just connect the applications, but at a data level, we actually achieve the control we want by ensuring everything in those applications is monitored and kept in control.

The SAP integration goes in-depth into the SAP tool, enabling us to get all the information we want from there. It connects SAP accounts to employee identities under governance, which is very important. It saves licensing costs by cleaning up and ensuring SAP accounts are associated with actual employees. We want a SAP account associated with one person.

It provides IGA for the difficult-to-manage aspects of SAP, such as T Codes, profiles, and rules. It provides profiles, profile limits, and field values.

It offers a single platform for enterprise-level administration and governance of users, data, and privileged accounts. It is very good, especially when you are looking at the enterprise backend. On the platform side, it is very good. However, the frontend usability, at least for our organization, could still be improved a little bit. That is not so much for the admin perspective; that is for the actual end-users in our enterprise. That is partially also due to the fact that we are still using some of the older portals because we have been using the tool for a while, and we have not had a chance to migrate to all the latest versions. It is very good for enterprise management, but our end-user experience could still use some fine-tuning, tweaking, and improvements.

We can easily customize the solution for our needs.

We use the solution's business roles to map company structures for dynamic application purposes. That is very important for us because it is one of the ways where we can remove the complexity for end-users. We can automate things while still providing a good control framework where we can say we are in control. Being a large enterprise, we have a complicated structure, so we need a good model that allows us to accommodate that complicated structure. With the business roles, we were able to do that.

We use it to extend governance to cloud apps. This extension is important for us because, as a large financial institution, we have to meet a lot of compliance requirements. That does not stop with our on-premise environment; it also applies to our cloud systems, so we need to manage those.

It helps minimize gaps in governance coverage among test, dev, and production servers. We also have a lot of our dev, test, and acceptance environments connected to the solution. It allows us to manage those as well based on the production user's life cycle. We have no issues there.

It helps consolidate procurement and licensing a little bit. We do not manage our procurement or licensing in the tool. We have our own procurement tools for that. However, when we know, for example, that there are limits to the amount of licenses we can give out, we use the tool to ensure we do not pass those limits. We use it more as an enforcement tool or safety valve to ensure we follow the guidelines set by procurement on how much we can do.

It streamlines application access decisions, application compliance, and application auditing. We use the segregation of duty framework. We use the attestation framework. It is one of the core pillars for the regulatory and compliance set where we show we are in control of our identities, accounts, and the access they have. We can show that we meet all the regulations in regular reviewing that ensure that no toxic combinations or toxic pairs are assigned.

It helps achieve an identity-centric zero-trust model. We are currently using it for one body, and we are looking into extending it to machine identities. For our current human employees, we are in the identity-centric model. We also have multiple sources from where identities come. We have a lot of subsidiary companies. We have a lot of statements of work or external contractors, and sometimes people come in from multiple sources at the same time. It also allows us to consolidate that to see that it is actually the same identity.

It helps create a privileged governance stance to close the security gap between privileged users and standard users. For the management of privileged accounts, we use another solution called CyberArk Privileged Access Management, and we do have a close automated connection between One Identity and CyberArk where we use One Identity to decide who should have access to which privileged accounts and why. CyberArk is a tool that we use to actually hand out access to those accounts and monitor usage of those accounts, etc. The governance part of who can use which account is managed from One Identity, and then the actual usage is done through CyberArk, and that integration works well for us.

What I like the most is the flexibility or configurability. It is not like you are writing huge lines of code. It allows us to handle our very complex enterprise use cases, and we have many of those. We have a lot of scenarios where we need to do things internationally or slightly differently per country, or need to comply with specific regulations. It gives us a lot of flexibility to meet all those needs while also being able to accommodate our enterprise processes. It allows us to shift the tool to work for us instead of needing to change the organization to follow a piece of technology.

Their support could be enhanced.

There is an area for improvement when it comes to intuitiveness. It has the ability to manage everything and does that fairly well, but that also causes a risk of drowning end-users in complexity. One Identity technology probably has the best way to handle the complexity that you want to tackle as a large enterprise. It can handle any complex use case you can think of, but that is also the thing they should improve on. They should keep it simpler for end-users, even though they are handling that complexity. They should handle all the complexity, but keep it simple for the end users, so the part they need to improve on is keeping it simple for the end users.

I have been using it in some way, shape, or form for 14 years. At my current place of employment, we have been using it for 8 years.

I would rate the stability a nine out of ten.

I would rate its scalability an eight out of ten.

In terms of the number of users, there are two sides. The number of people who request access would be about 50,000, and there are about 300 or 400 people who do specialized things. That ranges from the actual technical team supporting the solution to people doing more complex business role management and things like that for their pillars within the organization.

We use their premier support. That has differed over the eight years. At the start, it certainly did add a lot of value. At a certain point, about one and a half years ago, One Identity underwent some reorganizations and their support level went down and was not up to our expectations anymore. We have had some serious conversations with them about that. They reacted well because support has picked up back to where we expected it to be. The advantage for us with premier support is that, as a large enterprise, we can always run into specific problems, and, at that point, someone who knows all the ins and outs of the product looks at it and helps us resolve those.

Premier Support has not been an influence in purchasing additional licenses or products from the vendor. However, it has definitely been an influence in using the product for this long and not switching to a competitor.

About two years ago, I would have rated their support a nine out of ten. Given the issues we have had, I would rate it a seven out of ten, hoping it will climb back up to that nine.

Neutral

We have a hybrid deployment model. Technical deployment or technical setup is very straightforward. Integrating it into your entire landscape when it is as big as ours and managing everything is obviously complex. I do not believe that is necessarily due to technology; that is due to the sheer volume of data and applications you need to connect.

From starting the setup to the full global rollout, it took about two years.

It does require maintenance. It primarily includes the occasional cumulative update packs being deployed. The second thing is that we have a constantly changing environment. New applications come in, and other applications are deprecated. We acquire companies. We spin companies off. They are, on the one hand, business-as-usual cases. On the other hand, they do require changes in the system. When you are, for example, suddenly onboarding 5,000 new people because you have acquired a new organization or need to integrate another directory service, then obviously that has some impact.

Our partner is Intragen. Our partner was originally AspisID, and they were acquired by Intragen during the eight-year period.

They helped with the implementation, although it was company-led. We led the implementation, and they provided expert resources. They definitely helped with the speed of the implementation. Some of the things they implemented were good for the initial implementation, but over the eight-year period, it has had some rework, which is not surprising.

We got the training from One Identity themselves which was good. Our partner provided on-the-job training but did not provide specific, in-depth training like a specialized training course or anything.

Our partner was involved in helping us customize the solution for our particular needs. Our experience on the whole was positive. Especially on some very detailed use cases, some choices were made which were good in the short term. In the long term, we have had to revisit them. What we are really happy with is that all the customizations they have done have proven to be very upgradable. Customizations that were done seven or eight years ago are still able to work in the current versions of the product. The customizations were done fairly well within the One Identity framework, but for the specific banking use cases, we are currently revisiting some of those.

The customer service we received from our partner has been very good. They have provided good value. They have definitely helped us move forward. They were originally AspisID and were acquired by Intragen. We have the advantage that they have local people, which always makes for a good collaboration. Their nearshore team integrates fairly well into our organization. They do their best to help bridge the cultural gaps. Due to the way they work with the nearshore team, they have been able to provide the resources we want, which we found to be tricky in the past with the IAM market.

That is a tricky estimate to give. Our primary reason for having the tool is not just a return on investment; without technology like this, we do not see a good way to meet our mandatory compliance requirements. Having a technology like this, whether it is One Identity or another, is almost a given to be able to keep a banking license when you are at our scale. Without it, we would need thousands of additional people. That is hard to translate into a return on investment, other than as a multiple of hundreds. That is just not the way you would tackle that problem.

I am aware of the cost. For us, it is quite cost-efficient. We have a good enterprise license agreement, and we are very happy with what we get for the price we pay for it.

I would compare One Identity Manager fairly favorably to other vendors on the market for identity management governance. We have recently done another RFP and decided to extend our contract, primarily because we have a lot of complex use cases, and the fact that the tool can tackle those fairly well is important for us.

I would recommend One Identity Manager to other users, but I would ask questions like, 'What are the users? How big are they?' For other enterprise organizations, I would definitely recommend it. For smaller organizations, like mid-size businesses with a few hundred employees, I would only recommend it if they are in a heavily regulated space. 

I would rate One Identity Manager a nine out of ten.

My main use case for One Identity Manager is identity lifecycle management, automating user provisioning, access approvals, and de-provisioning across multiple enterprise systems.

A specific example of how we use One Identity Manager is that we automatically create and assign system access for new employees based on their department and role, which removes a lot of manual onboarding work for IT.

The best features of One Identity Manager include that it helps significantly with compliance reviews since managers can regularly certify user access without IT manually tracking permissions in spreadsheets.

The compliance review feature definitely saves time and reduces errors compared to my previous process; before this, access reviews were mostly manual and spreadsheet-driven, so automating certifications reduced a lot of manual error and saved managers a ton of time during audits.

One Identity Manager has positively impacted my organization by improving access governance significantly; onboarding is faster, offboarding is more reliable, and audit preparation takes less manual effort than before.

Onboarding that used to take several hours across multiple systems is mostly automated now, and audit review probably takes fifty to sixty percent less effort compared to our old process.

One Identity Manager can be improved as the biggest pain point is the complexity; customization and troubleshooting can get quite technical, so it takes experienced admins to manage efficiently.

Better documentation with more real deployment examples would help significantly, and the UI could definitely be simplified for day-to-day admin tasks.

I have been using One Identity Manager for one year.

One Identity Manager has been quite stable overall; most issues we have seen were related to custom integrations and our workflow complexity rather than the core platform itself.

One Identity Manager scales well for large environments, especially when mapping and managing thousands of users and multiple connected systems, but performance tuning becomes important as deployment grows.

Customer support for One Identity Manager has been decent overall; response times are usually good for critical issues, but more complex customization problems resolution can sometimes take longer than expected.

Before One Identity Manager, we relied mostly on manual Active Directory processes and a few custom scripts, but it became too difficult to manage consistently as the number of applications and compliance requirements grew.

My experience with pricing, setup cost, and licensing is that licensing can get expensive as the environment scales, and the initial setup took a decent amount of consulting and internal effort, but it made sense for our enterprise requirements.

We mostly use Microsoft Azure as our cloud provider for our hybrid setup.

I have seen a return on investment mainly through operational efficiency; onboarding and access reviews are much faster now, and we have reduced a lot of manual IAM work that previously needed dedicated admin time every week.

Before choosing One Identity Manager, we also evaluated SailPoint and Saviynt, but One Identity Manager fit better with our existing Microsoft environment and customization needs.

My advice to others looking into using One Identity Manager is to make sure you have experienced IAM resources involved early because the platform is powerful but gets much easier to manage when the initial architecture and workflow are designed properly.

One Identity Manager is deployed in my organization mostly on-premises with integrations into some cloud applications, so overall, it is more of a hybrid environment for us.

My additional thoughts about One Identity Manager are that it is a strong enterprise IAM platform if you need deep customization and governance capabilities, but you definitely need the right expertise in place to get the most out of it.

I suggest to others looking into using One Identity Manager that they ensure they have experienced IAM resources involved early, as the platform is powerful but gets much easier to manage when the initial architecture and workflow are designed properly. I would rate this product an eight out of ten.

One Identity Manager is primarily used for identity and life cycle management, access governance, provisioning, and automating joiner, mover, leaver processes across different systems.

One Identity Manager automatically provisions accounts and assigns the right access when a new employee joins. It also handles transfers or adjusts promotions automatically when someone changes roles or leaves the company.

One Identity Manager has been integrated with Active Directory, HR systems, and a few business applications so identity changes flow automatically across multiple platforms from a single process.

The best features One Identity Manager offers are identity lifecycle automation, access governance, role-based provisioning, approval workflows, and risk monitoring and compliance reporting capabilities.

The automation feature is relied upon most because onboarding and access provisioning are much faster now. There have been fewer access-related errors because approvals and role assignments are automated and standardized across systems. One Identity Manager has improved access governance, reduced manual identity management tasks, and helped standardize onboarding, role changes, and offboarding processes across the organization.

One Identity Manager has positively impacted the organization through access governance, reduced manual identity management tasks, standardized onboarding and role changes, and offboarding processes across the organization.

Reporting customization and troubleshooting complex workflows can sometimes be time-consuming, so better visibility and simpler administration tools would be helpful.

One Identity Manager is powerful, but the UI could be more intuitive and some advanced configuration customizations have a fairly steep learning curve.

Reporting customization and troubleshooting complex workflows should be easier and more streamlined, so better visibility and simpler administration tools would help significantly.

One Identity Manager has been used for one year.

One Identity Manager is stable and smooth.

One Identity Manager scales very well for large enterprise environments, especially when managing multiple directories, hybrid infrastructure, and high volumes of provisioning and governance workflows. The platform's modular architecture helps with scaling across multiple domains and millions of identities, although larger deployments usually need careful performance tuning and infrastructure planning.

Customer support for One Identity Manager is excellent, and they are reliable and quick to resolve every query.

Before One Identity Manager, manual processes and native AD tools with some custom scripts were mainly relied upon. The switch to One Identity Manager was made to get better automation, centralized governance, and strong compliance control.

Setup requires proper planning because implementation and customization can take some time in complex environments.

Strong return on investment has been seen mainly through reduced manual identity management work and faster onboarding and offboarding processes. Tasks that previously took hours across multiple teams are now mostly automated, which has improved efficiency and reduced access-related errors.

The pricing and licensing for One Identity Manager are definitely enterprise-focused and can get expensive depending on the number of managed identities and integrations. The automation and governance capabilities justify the investment in large environments.

SailPoint, Saviynt, and Microsoft Entra ID Governance were evaluated before choosing One Identity Manager, mainly because strong hybrid identity governance and flexible provisioning workflows were needed.

One Identity Manager is very powerful and works best when the workflows and access policies are well-planned from the beginning, so it is important to clearly define identity governance processes and role models before implementation. The overall rating for this review is 8 out of 10.

One Identity Manager serves as my primary solution for user lifecycle management, role-based access control, HR-driven identity management, and provisioning and de-provisioning. When a new employee joins, One Identity Manager automatically creates the account and access. When they leave, the access is removed automatically, which maintains security effectively. Role-based access control assigns access based on employee roles and responsibilities rather than manually assigning permissions, which simplifies access management for large environments. Automated provisioning ensures that user accounts and access are provisioned automatically, with access removed or granted based on requirements, reducing manual work significantly.

The best features One Identity Manager offers include central identity management where all user access is managed from a simple and unified platform, reducing complexity and providing great visibility. Strong automation based on user provisioning, onboarding, and de-boarding of employees is another valuable feature. One Identity Manager also provides an audit and compliance-ready environment with detailed logs and reports that help during audit times, which we are using for auditing purposes.

One Identity Manager has positively impacted my organization by significantly reducing the time required for audit preparation and completion. It has improved compliance by ensuring all access is properly approved and tracked. Security has increased, and we now have a compliance-ready environment with improved efficiency. The time for audit completion has been reduced by almost seventy to eighty percent.

One Identity Manager currently offers comprehensive features and is working well for us, providing great features with security and visibility. In some areas, customization could be improved so that clients can customize features based on their business needs.

I have been using One Identity Manager for more than four years.

One Identity Manager is stable.

One Identity Manager's scalability is excellent with no challenges.

The customer support for One Identity Manager is supportive and good in their technical expertise.

I have only used One Identity Manager.

I have had an extremely positive experience with the pricing, setup cost, and licensing because we are receiving very good support from the vendor team.

We are a partner with this vendor.

For return on investment with One Identity Manager, we have seen less effort needed in managing user provisioning or de-provisioning, reducing manual effort by fifty to sixty percent and saving significant time for the IT team. Our audit completion time has also been reduced.

I have had an extremely positive experience with the pricing, setup cost, and licensing because we are receiving very good support from the vendor team.

I did not evaluate other options before choosing One Identity Manager.

One Identity Manager is a reliable solution that is working perfectly for us. My advice for others considering One Identity Manager is to ensure you have a skilled implementation solution resource involved in the project. The solution is powerful and requires proper configuration and understanding, so good planning is key to success in solution deployment. I would rate One Identity Manager eight out of ten overall.

One Identity Manager is primarily used for user lifecycle management, access request and approval, role-based access control, and compliance.

Since we are using One Identity Manager, we have seen a significant positive impact by improving our security through ensuring users only receive the access they need and reducing manual work, making identity management more efficient and organized.

We have experienced specific outcomes with One Identity Manager, including faster onboarding and offboarding processes for users and fewer security incidents.

The best feature of One Identity Manager is the access request and approval functionality, which allows users to request access to a service portal, and the request goes to the proper approver before access is granted, ensuring control and secure access management while also providing a solution that streamlines and assists with audits.

What I find most valuable about the access request and approval features is that they make the environment more secure.

Another standout feature of One Identity Manager is centralized management, which allows all users and access to be managed from a central, unified platform that supports multiple systems such as Active Directory and cloud applications, simplifying identity management.

There is always a need for improvement based on the features, which is why I deducted one point from the overall rating.

I have been using One Identity Manager for more than three years.

One Identity Manager is stable.

Scalability-wise, One Identity Manager is managing our growth of users, so there is no challenge.

I have had a great experience with the customer support team for One Identity Manager, as they are ready to provide support and resolve issues within the timeline.

We have not evaluated other options because we had already decided that One Identity Manager is excellent, so we are using this solution.

I had a good experience with the pricing and setup of One Identity Manager, as the sales team was very helpful during this process and assisted us in implementation, leading to an overall great experience with the pricing and setup cost.

We are a partner with the vendor of One Identity Manager.

We have seen a good return on investment with One Identity Manager, as automation has reduced manual efforts by approximately 40 to 50%, especially in user provisioning and access management, saving significant time for the IT team and reducing the workload of our employees.

I had a good experience with the pricing and setup of One Identity Manager, as the sales team was very helpful during this process and assisted us in implementation, leading to an overall great experience with the pricing and setup cost.

We have not evaluated other options because we had already decided that One Identity Manager is excellent, so we are using this solution.

I highly recommend any organization looking for this type of solution to consider One Identity Manager. My advice would be to plan the implementation carefully and understand your requirements in advance, ensuring your access policies are well-defined for a smooth deployment. I gave this review a rating of 9 out of 10.