One Identity Manager Reviews

One Identity Manager has been in use at Sodexo for eight years. We use One Identity Manager for IGA in our organization. We use One Identity Manager to automate the lifecycle of accounts in Active Directory. On a daily basis, we use One Identity Manager with an HRIS systems landscape.

One Identity Manager has had a positive impact on our organization as it has allowed us to streamline the use of Active Directory accounts and strengthen our security. Currently, almost 90% of Active Directory accounts—regardless of the type of account, user, service account, room, or mailbox—are managed by our IGA, illustrating the improvement in terms of security and account management at Sodexo.

The best feature that One Identity Manager offers is certificate-based identity management. Certificate-based identity management adds value to my work at Sodexo because recertification makes it possible to automate the lifecycle of accounts in Active Directory; if they are not renewed, the accounts are automatically deleted.

I would like to see the possibility of being supported during the migration to the Angular portal as an improvement in One Identity Manager. I do not have any other points regarding necessary improvements or aspects that could make it easier to adopt this tool at Sodexo.

I have been working in my current field for four years.

One Identity Manager is stable, relatively, in my experience.

I rate the scalability of One Identity Manager as good.

I evaluate One Identity Manager's customer support as responsive, mainly when we go through our account manager or our Success Manager.

Before choosing One Identity Manager, I did not evaluate other solutions because I was not at Sodexo at that time.

My advice to other professionals considering using One Identity Manager is to clearly define their identity management policy before choosing the product. I rate this review a 7 out of 10.

On-premises

My use case for One Identity Manager is identity governance and administration. I am an implementation partner for One Identity Manager.

One Identity Manager has improved our organization significantly; for instance, the automation of the provisioning workflow is very useful. Moreover, the de-provisioning usually represents a challenge in the provisioning process as it consumes time and working hours, wasting time for new employees or employees who require more privileges. It helped reduce pain in the business. In de-provisioning, this has helped significantly with risk management and removing potential threats for people who have more privileges than they should, and the attestation is crucial; attestations and attestation workflows are very crucial in this area.

One Identity Manager provides a single platform for the administration and governance of users, data, and accounts. It's quite comprehensive, which is a positive aspect. 

One Identity Manager extends governance to cloud apps using StarLink integration, which benefits clients significantly despite some resistance due to additional licensing requirements.

The solution helps consolidate procurement and licensing with a straightforward process. It aids in achieving an identity-centric zero trust model, helping clients comply with regulations and minimize risks.

The best features in One Identity Manager, which I appreciate the most, are the ability to extend it and the capability for customization and integrating new target systems. 

The ease of use of One Identity Manager could improve as the web portal is not the most user-friendly, and there are many places where the settings exist which can make it fuzzy and difficult to figure out the location of specific settings you want to configure. 

The solution's intuitiveness requires almost a complete redesigning in terms of user experience. It needs a lot of work and updates to improve the user experience. 

The solution helps minimize the gap in governance coverage for test, dev, and production servers, though migration between environments could be more straightforward.

There should also be more focus on the governance part, business, and marketing.

I have been using One Identity Manager for approximately four years.

One Identity Manager occasionally has bugs, but overall, it is pretty stable.

Regarding scalability, One Identity Manager rates a nine out of ten as it is suitable for enterprise clients. 

We rarely use their support. The support that the vendor provides has improved recently, but the documentation lacks significant information.

Neutral

Its deployment is of moderate complexity. Deployment time for enterprise clients takes days.

The solution requires daily maintenance, with many clients requiring resident engineers for managed services.

One Identity Manager definitely saves time, money, and resources. Although the exact percentage is unclear; it is very helpful, similar to any identity and access management solution.

The pricing for One Identity Manager is competitive in our region, so there is no issue with the license pricing. However, aside from the license for the StarLink apps, the cost is justified.

When comparing One Identity Manager with other solutions, there is a challenge in the MENA region due to its weak presence, particularly in Egypt. SailPoint seems superior in terms of governance, but One Identity Manager is better in terms of administration. For provisioning, de-provisioning, and integration with different target systems, One Identity Manager is superior, while SailPoint excels in governance, attestations, and reporting.

One of the most important functionalities is the business roles to map company structure and dynamic application provisioning, serving as a backbone for role administration and provisioning in general.

I believe it's easy to customize. I don’t have much experience with other solutions, so I can't compare it directly. However, it's not hard, but it's also not entirely easy. There are many ways it could be improved. That said, it's still quite decent overall.

I would recommend One Identity Manager for large-scale or medium enterprises in our region, but not for small companies due to cost considerations for licensing and services.

I would rate One Identity Manager an eight out of ten.

On-premises

One Identity Manager serves my primary use case based on business team requirements, focusing on identity creation, business roles, end-to-end identity creation, JMLs (Joiner, Mover, Leavers), product entitlements uploading, provisioning, reconciliation, synchronization, attestations, and end-to-end product management. The solution handles identity lifecycle management and product lifecycle management through end-to-end testing of a product's provisioning, de-provisioning, and auditing purposes.

The implementation depends on business requirements. For example, with RSA as an application integration, One Identity Manager Web Shop is used for requesting user accounts and entitlements. The request goes through an approval workflow that selects appropriate approvers. Once I log into One Identity Manager Web Shop as an approver, I approve the request, and it proceeds to workflow completion. Upon completion, provisioning is triggered to the target systems. Since the system uses cloud infrastructure and CSM target systems, it goes through One Identity Manager Cloud and Starling Connect, ultimately reaching the RSA target system to validate that the user account is provisioned. Once the user has an account, entitlements can be ordered for that user as well.

One Identity Manager offers customization with separate tools that have positively impacted my organization.

One Identity Manager has been particularly helpful during audits when auditors request logs showing how a user gained access or their current access status, whether through a business role from the front end or through a dynamic role running hourly or per configurations. Provisioning to different target systems is streamlined, making it easy to store the logs, which is the most important aspect for us.

The Job Queue manages jobs triggered from One Identity Manager, and the Sync Editor manages different target system synchronizations. These are the two major tools I use regularly.

One Identity Manager could be enhanced by developing an Android or iOS application alongside the Web Shop to enable mobile access to the application.

I have been using One Identity Manager for seven years.

One Identity Manager is stable.

Before choosing One Identity Manager, I considered SailPoint, but it cannot be heavily customized. One Identity Manager was selected because it provides greater customization capabilities.

One Identity Manager has made the audit process smoother for my team and organization, which is the most important outcome.

I would advise others considering One Identity Manager to recognize that it is both user-friendly and auditor-friendly.

One Identity Manager is a really good product. I have worked with the same product for almost seven years across two different clients, and both clients are satisfied with the product. I provide this review with a rating of nine out of ten.

Private Cloud

Microsoft Azure

One Identity Manager streamlines our entire identity lifecycle management. It handles onboarding new joiners, assigning and controlling roles with role-based access control, and automates user access reviews twice a year. Additionally, the system facilitates reporting for audits, providing auditors with necessary information on demand. This centralized system acts as a one-stop shop, managing everything from onboarding and role assignment to offboarding and emergency access control.

With centralized user management, data is effortlessly pulled from various systems like SOAR and HR, simplifying user creation and data maintenance. This allows for easy user editing, role assignment based on HR attributes or department affiliation, and streamlined account allocation based on review levels, departments, or the entire organizational structure.

Our Access Control in One Identity Manager is 99 percent automated saving us nearly 100 percent of our time.

One Identity Manager simplifies SAP administration by providing a centralized view of even logically disconnected SAP accounts. It offers a flexible helpdesk approach. We can either leverage its built-in model or create our own UI accessible to specific teams based on their applications. This ensures each team sees only relevant tickets for their area, streamlining access management for disconnected applications.

One Identity Manager can connect SAP accounts to employee identities under governance.

One Identity Manager simplifies Identity Governance and Administration for SAP, a complex system to manage in this regard. It empowers us to effectively manage SAP profiles, roles, and groups, ensuring their proper assignment to corresponding SAP accounts.

The solution delivers SAP-specialized workflows and business logic.

One Identity Manager integrates with its Privilege Access Management solution to provide more granular control. This means we can define different account types within One Identity Manager, such as normal, admin, and privileged accounts. By assigning privileged access only to designated accounts, we can restrict access and permissions and enhance overall security control.

One Identity Manager offers a user-friendly experience with an intuitive interface. It even provides a webshop for end users, allowing them to easily request new roles or accounts in various systems with a simple two-click process.

Having the right resources makes customization a breeze. While understanding customer needs and translating them into technical specifications requires some processing upfront, One Identity's suite of tools simplifies the actual back-end work. From drag-and-drop interfaces for workflows and reports to scripting and C# coding supported by existing SDKs, customization options cater to all users.

This dynamic application provisioning solution uses business roles to map our company's organizational structure. In other words, access to applications is determined solely by our assigned role within the company hierarchy. This role-based approach ensures users only receive the permissions they need based on their specific function, preventing unnecessary access.

One Identity Manager streamlines our cloud governance by providing a centralized platform to manage user access permissions across all connected cloud applications. This eliminates the need for individual provisioning for each app, ensuring efficient authorization control.

We have significantly improved our compliance posture with One Identity Manager. Previously, auditors identified numerous findings during manual audits, requiring extensive time and resources to address. With One Identity Manager, we've automated the onboarding, offboarding, and joiner processes, achieving a 95 percent closure rate on audit points. This centralized solution streamlines the auditor experience, allowing them to efficiently obtain information from the IAM team, saving both the organization and auditors valuable time.

We have minimized inconsistencies in how our governance policies are applied across test, development, and production environments.

One Identity Manager helps us create a privileged governance stance to close the security gap between privileged users and standard users by managing those accounts separately. This segregation prevents unauthorized access, as standard accounts cannot hold privileged rights and vice versa. This clear separation helps to close the security gap between these user types.

One Identity Manager streamlines our procurement and licensing processes, allowing our initially large operations team to focus on more strategic tasks. By automating license management for connected applications like SAP and Azure Active Directory, the solution eliminates the risk of human error – forgotten access removals for unused licenses are a thing of the past. Now, licenses are automatically assigned and reclaimed based on user activity, ensuring efficient resource allocation. This means new hires receive immediate access, and vacated licenses become readily available, freeing the operations team from manual license management headaches.

One Identity Manager streamlines application access decisions by automating the provisioning and de-provisioning of user access based on HR data. This eliminates manual intervention and delays for both HR and department personnel. When an employee changes departments, their access permissions are automatically updated in the identity management system, granting them the necessary tools to perform their new duties immediately.

It also streamlines the automation of identity and access controls, making it easier to implement a zero-trust security model where every user and device is verified before granting access.

While our audit processes were once cumbersome, requiring auditors to chase down reports from individual SAP administrators, everything is now centralized. One Identity Manager stores all application and database information in a single location, streamlining reconciliation efforts.

One Identity Manager stands out for its extensive functionality. It allows us to perform nearly any customization a customer might require, unlike other products with limited customization options. One Identity Manager's wide scope for tailoring configurations makes it a versatile tool. It can connect to various target systems, including Active Directory and schema-based systems like REST APIs. This makes One Identity Manager a great fit for our organization's end-to-end needs, from user provisioning and auditing to onboarding new joiners. It seamlessly fits all our requirements.

Transitioning from legacy technologies, like for a seasoned web designer moving to Angular, can be challenging and requires dedicated learning. To ease this shift, One Identity Manager could provide reusable components, similar to other systems, which would streamline the learning process and allow for greater customization.

I have been using One Identity Manager for almost ten years.

Offers a user-friendly experience with an intuitive interface and makes customization a breeze

I would rate the stability of One Identity Manager ten out of ten.

One Identity Manager is highly stable when used with its built-in features, but customized scripting introduces an element of user responsibility - any instability caused by custom code would be due to how it's written, not the software itself.

I would rate the scalability of One Identity Manager ten out of ten.

You only need premium support if your One Identity software is outdated. Standard technical support, which comes with your license, covers the current version and usually the one before it.

The technical support offers a good experience. They provide a portal to submit issues, collect all necessary information, and have an L1 team address them. If the L1 team can't resolve the problem, they typically escalate it to the L2 or L3 teams for further assistance, demonstrating a commitment to finding a solution.

Positive

We migrated from Oracle Identity Governance to One Identity Manager due to licensing costs, limited functionality, and Oracle's decision to retire the product.

The deployment took one week and required five people.

VMDH assisted us with the initial setup, and for any future support, we can contact One Identity directly or reach out through their authorized partner.

One Identity Manager has positively influenced our ROI in terms of security and compliance. 

One Identity Manager is cost-efficient. The license is based on the number of identities we have.

We use a One Identity partner, VMDH for our licensing.

I would rate One Identity Manager nine out of ten.

We have 3,000 front-end users in our organization. While we only have a single instance of One Identity Manager, for redundancy purposes our servers are spread across different data centers. This means if one data center experiences an outage, the application can fail over to the remaining servers in another location, ensuring continued functionality.

One Identity's partner, VMDH did a good job training our staff on the solution.

Six years ago, VMDH provided us with initial assistance customizing One Identity Manager. We have since developed our expert team and now primarily rely on them for our One Identity needs. We only contact VMDH in critical situations when we require immediate help from One Identity experts. In such cases, we typically reach out to One Identity directly, but if there are delays, we will then connect with them through VMDH.

One Identity's partner was on standby in case we required any post-implementation support.

The customer service we received from the One Identity partner was good.

I found the One Identity partner to be valuable, rating them a nine out of ten.

One Identity Manager is designed for low maintenance, requiring infrequent patches and updates to keep it running smoothly.

One Identity Manager offers a unified approach to identity and access management. It eliminates the need to cobble together multiple products from different vendors for functionalities like Identity Access Management or Privileged Access Management. This saves your organization's time and resources.

Hybrid Cloud

I usually provide consultancy for clients and help the team work with the technology.

Business roles in One Identity Manager is something that we normally use and it is very important for the clients. The usability of the platform is good.

The feature that provides the most value to me in One Identity Manager is the customization that can be made within it. It is a very customizable tool. One Identity Manager is very well prepared for any possibility of the clients and it is a comprehensive tool where you can make everything.

There is a specific part in One Identity Manager for clients so they do not see the entire solution. This helps clients who do not have all the knowledge to use the platform. That part is very user friendly.

You can extract the information that you need from One Identity Manager. Usually the clients do not have any issues with this part.

I think that One Identity Manager is a solid eight. AI, intuitiveness, and automations could be improved. Better documentation is needed. One Identity Manager is a complicated solution and needs more documentation, more explanations, and tutorials. This would help partners and clients because documentation should be created for clients as well.

I am using One Identity Manager for one year.

If it is Entra ID from Microsoft, everything is fine. With others, it is more complicated.

It depends on the clients. There are times when clients have a better price and that is acceptable for One Identity Manager. For others, the price is in the normal range for the market.

Saviynt and SailPoint are competitors. I think that they are in the same way as One Identity Manager.

One Identity Manager is very easy to deploy.

The first deployment of One Identity Manager to not be totally functional takes less than one week. If we consider everything that could be involved, such as human resources and Active Directory, it can be more. It can be around six months or something like that.

One Identity Manager does require the normal updates. There are some situations but nothing special.

At first, it is difficult to understand everything in One Identity Manager. Probably no one knows everything, but when you know how it works, most of the platform can be easy.

One Identity Manager is working well in every part. Probably in the Angular part, but they are working on that, so it is fine. They are doing good work.

I recommend One Identity Manager. If a client sees everything about the technology and about the solution, they can make a decision to implement One Identity Manager because it is a very good solution. Sometimes they are a little confused about all of the information that they have.

One Identity Manager is in the top of the solutions, probably with one, two, or three more. The decision is not really about whether the solution is better or not. It depends more on whether the client has any knowledge or experience with that or something like that. It is not actually a matter of whether it is a better solution or not. It is more about a commercial thing or client knowledge.

One Identity Manager has been integrated and in use for two years. The primary focus is on integrating One Identity Manager for other customers, particularly mid-sized financial institutions. The implementation targets unifying user access across internal applications, cloud platforms, and third-party partner systems.

While specific details cannot be shared due to NDA agreements, one organization had multiple identity systems: one for internal employees, one for external employees such as contractors, and another for partners. This fragmentation caused inconsistent access, security vulnerabilities, and slow onboarding and offboarding processes. One Identity Manager was implemented to consolidate these systems, resulting in significantly faster operations.

One Identity Manager's best features include fast setup with the ability to be configured locally for direct database access. The solution provides specific procedures for onboarding and offboarding, and supports the use of custom connectors.

One Identity Manager has positively impacted the organization by reducing account creation and access approval times from days or weeks to minutes or hours through automated workflows. Self-service access requests are routed through a central portal with defined approval paths, which minimized manual work and accelerated onboarding. Governance functions such as attestations and access reviews are now enforced consistently, which was not the case previously.

One Identity Manager can be improved in the areas of documentation and training, both of which are severely lacking.

Three years have been spent working in the current field.

One Identity Manager is genuinely stable, particularly the LTS versions.

One Identity Manager's scalability performs comparably to other One Identity products and scales effectively from very small organizations to large financial companies, including major banks and other large entities.

One Identity Manager's customer support is good. Response times average four to five days, sometimes extending to six days, but the support team has been genuinely helpful in addressing cases in a timely manner.

A different solution was not previously used, as the customer specifically requested One Identity Manager.

Specific details regarding pricing, setup cost, and licensing cannot be shared. However, One Identity is quite affordable, particularly with partner status.

Other options were not evaluated before choosing One Identity Manager.

One Identity Manager is the industry standard for valid reasons, which demonstrates its quality. It is backed by a large and reputable company and is genuinely easy to learn and implement. The documentation is adequate. One Identity Manager's onboarding and offboarding processes are considerably faster than previous methods, resulting in significant time savings that translate to cost savings. The overall impression of One Identity Manager is positive, and a rating of 8 out of 10 reflects the value and effectiveness of this solution.

On-premises

Our primary use case for One Identity Manager is focused on automatization and digitalization, specifically in introducing identities with appropriate permissions across various IT systems.

One of the most valuable features of One Identity Manager is its availability as an on-premises solution and as infrastructure-as-a-service in the cloud. Additionally, the reporting capabilities, powerful synchronization engines, and workflows, including the SAP connector, are highly beneficial. The solution provides an identity-centric approach which supports achieving a Zero Trust model, and it significantly reduces operational costs by allowing the same number of support team members to manage a greater number of systems.

The user experience has been a concern in the past, particularly with the web interface, but improvements are expected with the transition to Angular. The support from One Identity is very poor. The response is often delayed and lacks actionable advice, such as suggesting updates without confidence in their effectiveness. It is crucial for them to expand their support team to match their product's success. More comprehensive testing and detailed best practices in handbooks could enhance problem resolution.

We have been using One Identity Manager for quite some time, starting with their former product, ActiveEntry, since 2007.

Deployment is complex due to numerous prerequisites that must be met. Installation takes longer than expected, but after a solid design and documentation, it works well.

Customer service and support for One Identity Manager are poor. Despite thorough pre-case activities, responses are often delayed, inadequate, and lack confidence in solving issues. The current support team is overwhelmed by the product's success, and more personnel are needed to improve service.

Negative

The initial setup of One Identity Manager requires a solid design and documentation. It is not a tool to be used without thorough planning. The primary installation is complex, with many prerequisites and conditions that must be addressed. Successful deployment requires careful consideration of all design and documentation steps.

It is difficult to quantify the exact return on investment, but we have observed significant benefits in terms of operational efficiency. The same team can now manage many more systems than before, which is a remarkable advantage.

One Identity Manager is positioned as a premium product. It falls between middle and high in terms of cost, approximately a six to seven if ten is expensive.

More tests incorporating different use cases and scenarios would be beneficial. It would be advisable for One Identity's testing processes to include real-world feedback and use cases, allowing for more thorough and robust product improvements. I rate the overall solution at least eight out of ten.

On-premises

I used it in my last organization. We wanted to publish the applications present in the Oracle Database on the IAM portal. We used One Identity Manager to publish the apps on the portal so that end users could access product policies and workflows from this website. This included handling approvals, user workflows, SOD violations, SOX compliance, and other aspects.

We had users from Germany who wanted an SAP system accessible through One Identity. To integrate, we simply followed documentation from the SAP team and One Identity's website. 

One Identity Manager connects SAP accounts to employee identities under governance. For end users, logging into SAP systems is simplified as authentication is needed only once if SAP is linked with Active Directory accounts. 

We used the solution’s business roles to map company structures for dynamic application provisioning. For the Oracle EBS application, we used to have hundreds of business roles. A user used to get assigned roles automatically based on the team joined.

From an end-user perspective, it is very easy to use. There is no need to follow extensive documentation; you just need to go through the process while raising a request. From a developer's point of view, self-practice is essential to grasp the necessary tasks, as initial use might be confusing. The first time, you have to use the documentation. Once you are familiar with concepts, it gets easy.

There are occasional issues with the UI or errors when servers are not up and running, often requiring a restart from cache memory and other related areas. For instance, I experienced delays while working in India. Canadian or US teams would restart systems in their morning, leading to wasted workdays for us, as we had to wait an additional four to six hours. This lack of 24-hour support is problematic from a testing and development standpoint.

I have used One Identity Manager from October 2021 to July 2024, totaling nearly two and a half years.

Servers occasionally malfunctioned at their site, necessitating restarts. This issue occurred approximately once or twice a month, specifically affecting the test and development environments, not the production environment.

The system is quite scalable. In my project, we used to handle 50,000 to 60,000 records of Active Directory. For SAP, we used to have around 40,000 records. We could handle about 1,00,000 records for different users. It also depends on the server being used for One Identity. We had an on-premise server, but we did not manage it. Another team managed it.

We used their regular support. If they were online, their response was prompt. If I raised a request while they were active, I received responses within an hour. If needed, I could connect with them over a meeting link. In such cases, support was swift.

I would rate them a nine out of ten. When they are online, they are good. The speed is quite fast.

Positive

The initial setup depends on the application. For SAP, LDAP, and other basic applications, it is relatively straightforward. However, more complex systems like Oracle Fusion can present challenges.

The maintenance was handled by One Identity.

While one person can handle the deployment, we typically engage two to three people. This allows for comprehensive planning, ensuring all necessary tasks are covered. If a single person is responsible, it is crucial for them to record the meeting to capture errors and share them with the team if needed.

From a developer's point of view, you can get used to it by doing some labs. If you are using it for the first time, you might not understand all the things that need to be done. Self-practice is a must for a developer.

It is important for users to do self-study, particularly in the test environment, before engaging with a project. There is a trial version available and possibly some videos, though not many. Users should focus on exploring features independently, such as how to sync users, use different tools, and manage mail templates, policies, and workflows. Much of this understanding depends on the user's initiative rather than external instruction.

Overall, from an IGA perspective, I would rate One Identity Manager an eight out of ten.

On-premises