One Identity Manager Reviews

We're a consulting company and provide professional services. If the customer has the solution, we end up using it. 

It offers really powerful processes. For example, when a person is joining a company, or changing teams, or leaving, it's easy to create a management flow for the onboarding or offboarding process. It helps manage all of the accounts a person might need to have access to. It integrates with several platforms and has specific connectors that make it very useful. It works with the majority of applications an enterprise might be using, such as Salesforce or various cloud providers. It also integrates well with SAP. 

It provides a unified view of logically connected solutions. It can connect to accounts related to employee identities under governance. It's probably the main reason a client would use the solution. The entire reason to deploy such a solution would be to have governance over accounts and have access to the life cycle of the account. 

The solution is a single platform for enterprise-level administration and governance of users, data, and privileged accounts. 

It can be fairly easy to customize, depending on a user's particular needs. If you are integrating with some very common solutions, it's pretty straightforward. 

The solution offers various business roles to help map company structure, name, and provision. You can tie permissions to specific roles very effectively. You can implement role-based access control.  

We've used it to extend governance to cloud apps. This is important to us. The common trend is to move to cloud applications. Even local clouds afford the same level of permissions. Having a standardized layer in between definitely helps. 

We immediately noted the benefits of the solution. However, it depends on the type of user. Common enterprise users can get quick results. Those responsible for identity access management or compliance see the results quickly. They'll benefit almost immediately. The normal user, however, may not understand the difference. 

You can use the solution to minimize security gaps and close the gaps between privileged and standard users. 

It can help consolidate procurement and licensing. It can help you understand how many users need access to specific applications to help you get better numbers as to what is needed and not overbuy licenses. 

The solution helps us streamline application access decisions, application compliance, and application auditing. You can get reports. It's nice. It helps with visibility and planning. 

It helps reduce footprints and minimizes access from unrelated teams. 

The user interface can be a bit clunky. It could be more modern. 

Its documentation could be better, especially around complex configurations. 

Support could be better as it is part of the user experience of the product itself.

I've used the solution for the past year. That said, we do not use the solution in my company directly. 

The solution is pretty stable. I haven't experienced any major issues. 

It's a scalable product. You can integrate with many platforms, and it works well with the majority of common enterprise platforms. It's pretty scalable overall. 

I've contacted support in the past. There is premiere and regular support, and I've used both. I work mostly on the client's behalf, which I would reach out to would depend on the client's contract. 

Premiere support has more advanced engineers and is more available to the users.

Normal support could be better in terms of the level of service. They should offer more services during the initial deployment and configuration. 

Neutral

I have used competitors in the past.

One of my colleagues handled the configuration and setup process. I've never experienced a deployment. 

If any maintenance is needed, it will depend on the deployment model. For example, if it is on-prem, it would need a bit more maintenance than if it were deployed on the cloud. There may be access and configuration reviews or integrations with other platforms that may be ongoing on occasion. 

Given the fact that you can save a lot of time and headaches around compliance, it is worth paying for this - if you are an enterprise. SMEs may find the cost high, even though they could benefit from the offering. 

We're One Identity partners. 

I'd rate the solution seven out of ten. 

I am a consultant who works on the backend of One Identity. When a client has a requirement, I add it to the back end. 

One Identity Manager simplifies procurement and licensing. Using business roles helps a lot. Provisioning enables users to make application governance decisions without involving IT personnel. It makes it easier by using account definitions and business roles. 

You can assign different AD groups and applications and enable them for specific users depending on their roles. This minimizes gaps in governance coverage among test, dev, and production servers and makes things easier. 

One Identity is a complete solution that has everything we need. We can use it to manage SAP. It connects SAP to employee identities under governance. This functionality is critical. One Identity Manager provides IGA for the more difficult-to-manage aspects of SAP, which is also crucial. The SAP-specialized workflows are easy to implement. 

One Identity provides a single platform for the administration and governance of users, data, and privileged accounts. It provides a complete overview of all these things. The user interface is intuitive and nice. It shows everything. Customizing the interface isn't hard. You can create custom fields. This is one of the most important things.

The documentation is poor. For example, the synchronization editor has a lot of things happening, but there's just a description. If you want to do something specific with that like create custom views, they just say go to the extension and select the UUID. However, if we don't have a UUID for this view, it will not work. That isn't in the documentation.

It extends governance to cloud applications and it's complete, but there needs to be more connectors for it. That's the only thing I don't like.

I have used One Identity Manager for a year and five months.

I rate One Identity's support eight out of 10. We use the standard support. They send you a link to the documentation or a forum where someone else had the same problem. However, sometimes the documentation isn't useful, so they need to escalate the user to the product leads. In those cases, it takes weeks to resolve. 

Positive

The initial deployment was easy and could be completed in one or two days if we only consider the installation and synchronization of target systems. However, it takes longer to set up the business roles and all that. 

I rate One Identity Manager nine out of 10. The only issue I have is the documentation. 

One Identity Manager is an identity governance and management tool. Our customers have defined policies based on their infrastructure but not an intelligent centralized system that handles all the application and user information. When a user requests access to an application, we're the first ones to get that info and perform corporate operations like onboarding and offboarding. We also provide the necessary access. 

We manage about 200,000 users. A bank is one of our biggest clients, so managing their systems is a little more complex. They have multiple streams, making it somewhat complicated. 

One Identity provides our customers with a holistic, centralized automation process. Security compliance is the primary thing. When we audit the report, we can track what applications they are using and ensure that everything they do is within the security system. We can prevent incidents, but if something does happen, we can block that user or that system from accessing other resources.

The solution minimizes governance gaps across environments. When you're working with a large corporation, you can easily find gaps in the security. For example, accounts may be outside of the security system, or the creation and onboarding may be delayed, causing challenges. We can automate the entire process with a centralized platform to ensure the work is done on time. 

Having a centralized system to maintain everything saves time and avoids confusion. It ensures that everything is under the scope, improving security compliance. As companies grow, they face more security challenges, and this solution helps to address them. 

One Identity improves customers' operations by increasing security and reducing costs. Everything will be in line, from onboarding to offboarding. In terms of user privileges and access, everything stays within the scope. Companies can secure their resources and make them available as needed. It's a completely automated process that happens daily. Companies can cut costs by automatically removing access to paid users on leave because we usually pay a per user cost for services. 

Privileged access is part of company policy, and we provide access based on that criteria. The hierarchy will differ depending on the application. A privileged user will have access to the bigger applications or they will have admin role access. One Identity gives us a centralized system to do that.

Let's say a company has infrastructure, development, and finance teams, each with a separate IT shop. From this information, we know that this person belongs to the finance department, so they will receive all the access for someone in finance based on company policy. However, sometimes, the financial department isn't allowed to use the technical systems. We consider the policy criteria the user meets. 

If somebody requires access to something else, they can request access to those applications. Once an application is aligned with One Identity, we will have the application information and know how many users are on boarded to that application, so we get updated information about the number of users with access and how many use it. We generate reports each month on which applications users access and how often. 

I like One Identity's reporting features and the single sign-in option. Users can skip multiple logins. It also gives us a centralized system that lets us know about a user's access. This is an automated process. If a user leaves the company, One Identity will ensure their application access will be removed after a certain date. When the user joins a company, it ensures all privileges are created and active by the start date.

Using an open-source integration platform, we can integrate any service provider with One Identity. I think the user experience has been positive. Customizing the solution for each company's requirements has been challenging and interesting. Some of these companies are massive and have significant requirements, and we need to ensure that everything is under the scope.  We are collaborating to test and incorporate other functionalities. Corporations might also have their own applications, so we should be aligned with those. 

One Identity could add more connectors for various services we integrate. We need to build and configure custom connectors for our clients with complicated environments and multiple data streams. 

I have used One Identity Manager for two years.

One Identity is stable, but I can't say there are no issues. It depends on the server load and everything. 

One Identity is scalable. 

I rate One Identity support seven out of 10. They respond immediately when we reach out, and you can also get answers through their user community. 

Before One Identity Manager, we used a solution by Dell. A lot of things are in the cloud, so we cloud-native Azure and AWS tools to cover those. 

I was not involved in the deployment. Regarding maintenance, we have multiple teams working with One Identity to maintain and monitor it. Around 40 to 50 are working on this tool.

I rate One Identity Manager 10 out of 10. Before implementing One Identity, you should review the company's policies and all of the systems within its scope. From there, you can decide what the best solution is. For example, if you have an Amazon cloud environment, you should probably go with the AWS solution. 

I have implemented One Identity Manager in banking for research access and education for onboarding diverse users, managing identity lifecycles, and automating processes like account activation and provisioning. It is crucial for securing and streamlining identity management in both sectors.

One Identity Manager has enabled us to implement an Identity-centric zero-trust model, enhancing our access management system. This has strengthened security by granting users precise and necessary access, contributing to a more robust and secure environment for our company.

The most valuable feature of One Identity Manager for me is its Designer tool. This tool allows me to write custom code and provides flexibility to customize and adapt the system to meet specific business objectives.

There is some room for improvement with One Identity Manager. The Metamodel is not developer-friendly, and the web designer customization could be simplified. The report editor tool needs an update as its underlying technology is outdated. Additionally, a stronger community portal for quicker support responses would be beneficial.

I have been working with One Identity Manager for eight years.

I would rate the stability of One Identity Manager as a ten out of ten.

One Identity Manager is suitable for handling up to around five million records, but scalability becomes a challenge with larger datasets, such as over seven million people.

The biggest value of having premium tech support with One Identity Manager is the quick and efficient resolution of issues. However, there have been instances where the support response time could be improved. Overall, I would rate the support as a seven out of ten.

Neutral

The initial setup of One Identity Manager was not overly complex, and the documentation could be more user-friendly with additional visuals. We took the help of a consultant during deployment, involving five people. Maintenance is handled in-house as it is an on-premise solution.

One Identity Manager is affordable.

I appreciate that One Identity Manager is a suite with separate tools for managing and governing users, data, and privileged accounts. I find it beneficial that they have organized functionalities into distinct tools rather than consolidating everything into a single screen.

The user interface of One Identity Manager is intuitive for script writing and configuration, offering flexibility and a clear view of user attributes. However, the web application tool for end-user requests and the reporting tool is less user-friendly, especially for the web designer, which can be complex and not developer-friendly.

I use One Identity Manager to extend governance to cloud apps. This is crucial as cloud migration is widespread, and it is important to seamlessly onboard users and ensure governance on these cloud applications, aligning with the industry trend towards cloud adoption.

Using One Identity Manager, specifically the Safeguard tool, has helped me establish a privileged governance stance to bridge the gaps between privileged users and standard users. It provides a distinct solution for managing both types of users effectively.

One Identity Manager assists in streamlining application access decisions, ensuring application compliance, and conducting thorough application auditing.

One Identity Manager has empowered application owners and line-of-business managers to take charge of application governance decisions independently. The platform provides user-friendly tools, reducing the dependency on the IT team for these processes.

My advice to others is that before purchasing One Identity Manager, assess if it fits your use cases, especially considering the size of your user base. Ensure you have a skilled IT team for maintenance. Engage with the One Identity Manager team, conduct a proof of concept, and validate its suitability for your needs. Overall, I would rate One Identity Manager as a nine out of ten.

My clients use One Identity Manager to streamline and enhance their identity and access management processes. Whether it is a university simplifying student onboarding, or a global corporation managing employees across multiple branches worldwide, One Identity Manager helps them efficiently onboard, move within the organization, and offboard individuals. 

One Identity has transformed our organization, particularly in streamlining the join, move, and leave processes. It has shifted these from being manual or non-existent to around 80% automation, making a significant and beneficial impact. Clients, especially in large enterprises, have experienced drastic improvements with One Identity.

One Identity Manager has helped minimize governance gaps, particularly in the transition from test to development and production servers. This has significantly streamlined our operations and simplified the delivery of functionality for our customers who utilize One Identity Manager.

One Identity Manager has helped establish a privileged user governance stance, particularly in recommending regular reviews or rotations of privileged accounts. This approach is not only for privileged accounts but also for general usage analysis, ensuring unused accounts are closed, and optimizing licensing. Overall, it contributes to a more robust IT governance framework.

One Identity Manager helps consolidate procurement and licensing processes effectively.

The most valuable features are centralized Identity Management, robust Access Governance, and One Identity Manager workflow automation, simplifying user management and compliance.

In terms of improvement, the web portal for end-users in One Identity Manager has improved but could still see enhancements. The training for admins is crucial, and once you gather the knowledge, it becomes fairly easy. However, documentation could be better, especially for new features. It currently doesn't cover everything comprehensively, making it challenging to navigate some aspects. Improvements in documentation would be beneficial.

I have been working with One Identity Manager for four years.

It is quite a stable product. I would rate the stability as a nine out of ten.

I would rate the scalability of the product as an eight out of ten.

As a partner, we have access to a higher level of support, either gold or platinum. The support experience is generally good, and I would rate it around an eight out of ten.

Positive

Compared to Microsoft, One Identity Manager provides more granular and customizable solutions,  and although it can be used for managing cloud applications and user directories, it's primarily made for managing on premise tenents. The downside of OneIM is the documentation and training. 

The initial deployment of One Identity Manager can be straightforward with the right tools and knowledge, especially if using specific deployment tools. It typically takes around two working days for a basic installation. The solution requires maintenance mainly in the form of periodic upgrades to stay current. Other than upgrades, regular day-to-day maintenance is minimal, focusing on ensuring the application is up and running.

We are consultancy specialising on OneIM implementation. We are experts.

When properly planned and executed,  it should be pretty decent ROI

One Identity Manager is fairly priced, especially for large corporations or enterprises.

We use One Identity Manager for SAP integration, but it has some limitations. Managing logically disconnected SAP accounts can be challenging, and the solution feels somewhat incomplete. As a consultant, there is often a need for additional customization to address the intricacies of SAP integration within the broader One Identity Manager framework.

One Identity Manager connects to SAP accounts for identity governance. However, it is not the primary feature our clients emphasize. While useful, it is not the main driver for most organizations adopting One Identity Manager.

One Identity Manager provides Identity Governance and Administration for challenging aspects of SAP, including key codes, profiles, and rules. In a broader sense, it addresses these complexities within the SAP environment.

One Identity Manager is a solid choice for enterprise-level administration and governance. It effectively handles users, data, and accounts. While not perfect for privileged accounts, its integration with a complementary solution makes it a sophisticated option in the on-premise IGA landscape.

The user experience of One Identity Manager is unique, but it is not straightforward for an outsider. It requires some learning, and the navigation can be challenging without guidance. Overall, it is a complex system that benefits from the expertise of consultancies like ours.

Customizing One Identity Manager depends on your expertise. For experienced users, it is straightforward, but for beginners, especially in the first year, it often requires consulting with senior experts. Customization can be simplified with the right knowledge.

I use the solution's business roles to map the company structure for dynamic application provisioning. The business role functionality is crucial for us and our clients.

We use One Identity Manager to extend governance to cloud apps. It is essential, and I would rate its importance around seven on a scale of one to ten. Many customers, including us, find it valuable even if they don't plan to move entirely to cloud servers.

One Identity Manager helps streamline aspects of application governance, particularly in making application access decisions. The effectiveness largely depends on the implementation by the consultancy. If done correctly, it can greatly enhance application governance.

One Identity Manager has enabled application owners and business managers to make governance decisions without involving IT. If implemented correctly, there is minimal to zero IT involvement, allowing them to approve applications, manage access, and handle licenses directly through the One Identity Manager web UI. This aligns well with achieving an identity-centric zero-trust model.

I would recommend One Identity Manager, especially for large enterprises. However, it is crucial to consult with the customer first to ensure it aligns with their specific needs and requirements. Performing a proof of concept could be beneficial to validate its suitability for their environment. Overall, I would rate the product as an eight out of ten.

The use case is like any other identity management solution: to provision and de-provision software accounts and entitlements for new hires and terminations, and to update name changes, leaves of absence, and those kinds of business cases. The goal of the tool is to automate processes of updating or modifying user access.

One Identity Manager is going to improve your CIS standards, or any other security framework, because it going to help automate account management and entitlement management. It's going to help organizations run a certification campaign and implement role-based access processes.

It also helps consolidate procurement and licensing. You can configure the tool to track cost-center expenses or licenses of software assigned to users' workstations. Typically, One Identity Manager is not used for that purpose, but it has those capabilities.

Another benefit is that it helps streamline application access decisions, application compliance, and application auditing. You can implement a request process for onboarding of any application, meaning a user can request access to an application and it will follow a workflow approval process and the request can be approved or denied. Once access is granted, One Identity Manager will provide access automatically to the target system. You can also define certification campaigns to recertify access for users. On top of that, you can configure segregation-of-duty rules.

In addition, if the application owner has all the information or the criteria to make a decision—i.e. all these users need access to my application, and all these users don't need access—we can integrate that application within One Identity Manager and enable a request engine process for that application. For example, if a new employee needs access to that application, they need to submit a request for access and the approval process will be directed to the application owner. The application owner can approve or deny access for that person. In that way, the entire decision process belongs to the application owner and not the IT department.

One Identity Manager can also help achieve an identity-centric Zero Trust model. You can configure the tool to identify the different departments, call centers, and locations to give them the minimal permissions necessary to perform a task. Furthermore, if you have critical access or entitlements that need to be recertified, you can run a certification campaign against an Active Directory group or Google group or SIP entitlement to recertify that these entitlements in Active Directory, for example, are assigned to these 20 users. You can then ask someone to certify this critical group and determine if all 20 users are still needed. If the decision-maker denies access to some of those users, the tool can remove the access automatically. It definitely gives you that flexibility.

It helps in managing SAP. There is a connector that you configure with the tool and it helps to provision accounts and assign roles or permissions in SAP. If there is a disconnected SAP application and you want to bring it on board, One Identity Manager gives you the tools to do so.

One Identity Manager connects SAP accounts to employee identities under governance. Although each organization is different, what is typical in some organizations is that it is important for them to meet security compliance regulations like CIS controls. They use the solution to meet those requirements.

In addition, healthcare companies have to be HIPAA compliant. One of the HIPAA rules is related to terminations. They need to make sure that every user or employee who is terminated is denied access within 24 hours. One Identity Manager helps you to implement that kind of case. If we connect One Identity Manager with the human resources system, we can read the employee's end date and automatically disable access for that user in less than 24 hours. In fact, we can disable the employee, once we have connected to Active Directory, in five minutes or less.

One Identity Manager doesn't have a privileged access management model but we can create one. A robust solution is based on the Windows platform. To address this use case you need a SQL Database and Microsoft Internet Information Services. If your organization is a Windows environment, One Identity Manager is a good option for your company.

In terms of the user interface, Quest, the vendor, follows up-to-date web standards for development. Currently, they are moving to implement Angular as a framework to implement end-user UIs. As a result, end-users will see a pretty nice website, a web portal where users can approve requests, submit password changes, or submit new requests. Also, if there is a certification campaign running, the web portal is very user-friendly. The manager can log in and see items that need approval or denial. The current version is designed to support mobile, tablets, and web browsers.

We also make use of One Identity's business roles to map company structures for dynamic application provisioning. That is a very important feature because most companies want to implement role-based access. Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments. For example, if you know all the people in your sales department, you can configure a business role so that anybody who is a new hire in that department will get certain accounts or certain access or certain groups in different applications. Doing that in One Identity Manager is a very simple task and it is very well organized.

The product can also be extended to support any of the SaaS or PaaS applications on the cloud. Nowadays, identity manager solutions are focused more on managing of identities and entitlement access on-premises. But companies are moving to the cloud and it has become very critical for solutions to start handling user accounts and permissions in the cloud. One Identity Manager is specifically a product that is moving in that direction and providing connectors to the cloud. It's a gap that needs to be closed and not many providers are investing in that. I've been implementing One Identity Manager for 12 years and I still haven't seen any other company doing cloud identity management, 100 percent. Hopefully, next year and in the following years, more companies are going to start adopting that technology.

And whenever you implement test, dev, and production servers, it will help minimize gaps in governance coverage among them. Using the solution you can connect and configure users in production, but if you configure dev or test instances, you should absolutely be able to handle ID and governance access for those applications.

End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes.

There is also a lack of connectors. One Identity has between 10 and 20 connectors compared to SailPoint IdentityIQ, which has about 100 connectors. Quest is improving on that. They do have cloud connectors and you can expand the number of connectors. They know there is a gap. But the connectors One Identity has are the most common connectors among all organizations.

I have been implementing the solution for about 12 years.

I don't use the solution as an end-user, I just implement it as a consultant for multiple companies. When a company wants One Identity Manager, I gather requirements, do the design, implement the solution, and train people on how to use it.

The product is very stable and performs well for medium-sized organizations with fewer than 200,000 users. For organizations with over half a million identities, there are some performance issues that have been found in previous versions, issues that affect the end-user experience. For example, if you run an attestation cycle or a request for a deployment with half a million identities, the system becomes a little slow in processing end-user requests to refresh a page, because of the amount of data.

Once you go into production and you have a stable system, you have it for a year or two, as long as there is no major issue that you find in your deployment, something that can be fixed in the next release. Typically, customers have the same version for one or two years before they decide to do an upgrade. Going through an upgrade to the next version means a lot of production testing of your current implementation.

The scalability is very good. You can scale the application job servers or web servers. They are very easy to scale. Once you have identified your gap or your need for scaling in your current deployment, it's just a matter of adding a new server, configuring it, and you're done. It's highly scalable.

The only advantage of their Premier Support is that you have an agent from the vendor assigned to your account, someone you can contact for any kind of product updates or fixes. That person will also tell you, "Hey, the next release is coming and these are the new features, these are the hotfixes." You get the added value that if you open a support ticket with them, your Premier Support agent will try to get a response a little sooner than usual.

Neutral

The deployment is in between easy and difficult. On a scale of one to 10, where 10 is "easy," it's an eight. It's not difficult to implement and use the out-of-the-box functionality. I can have a company running in two weeks, including connecting the tool with Active Directory and creating and updating users.

When a company wants more customization, that is when it starts getting more complicated. But if a company is looking for basic use cases and not too much customization, from the start of gathering requirements, though deployment in production and Active Directory, could take three to four weeks. That is fairly simple.

You have the option of deploying the solution on-premises or in the cloud or using Quest's cloud. The solution requires application or database servers in a web server. You can deploy it on-premises or, if you have Amazon or Azure components, you can deploy the solution there. And Quest, as a company, offers cloud services, where you pay for a One Identity Manager instance with the number of users you need, and they will do the installation and configuration for you, and they will take care of all the technology. You then just need to implement your use cases. So there are three options: On-premises, where the customer handles all the servers, in the cloud, where the customer handles all the servers, or through Identity Manager on Demand, where Quest manages all the infrastructure and servers and the customer just implements the business cases.

The number of people involved in an implementation depends. I have led teams of two people and teams of 20 people. I have implemented the solution for companies with 10,000 users and I have done an implementation for a major company with about half a million identities. For that instance, we had 10 dev servers and 20 people involved, including developers, testers, project managers, et cetera.

At the very least, when the vendor releases hotfixes every three or six months, you will need to do maintenance if there is an issue with your implementation that has been addressed in that release. Typically, customers do upgrades once a year to the next version. But the solution doesn't require a lot of attention.

My advice is to review your business cases and try to use most of the out-of-the-box features of the product, instead of asking a consulting company to customize the solution. Adding customizations will add some burden when you need to upgrade to the next version or make changes. They will increase the chances of failure and your progression and smoke testing. Try to reduce the amount of customization with this tool.

When it comes to customizing One Identity Manager for particular needs, it's like any other tool. When the tool is implemented we try to push customers to use all of the functionality. If there is a need to customize, on a scale of one to ten, where ten is easy, customizing it is a seven.

And as a tool, on its own, it does not create a privileged governance stance to close the security gap between privileged users and standard users. It needs to be integrated with another product. One Identity Manager does the user provisioning, de-provisioning, and access requests and management. But if you want a full integration with a PAM solution, Quest has a different solution called One Identity Safeguard. Safeguard is the solution for privileged access management and can be connected with One Identity Manager. By connecting the two tools, you can keep track of the submission of requests with One Identity Manager and the fulfillment of the requests in the privileged access management tool, which is Safeguard.

I designed and implemented One Identity Manager for clients across various companies. This involved a wide range of use cases, including standard employee lifecycle processes like onboarding, transfers, offboarding, and location changes. I also implemented more sophisticated use cases, such as automatically creating Active Directory groups and service accounts based on user requests and approval workflows.

One Identity Manager's enterprise view for managing logically disconnected SAP accounts is good.

One Identity Manager acts as an Identity Governance and Administration solution specifically designed to address the complexities of SAP systems. This deep integration allows for advanced features like implementing Separation of Duties rules, ensuring a more secure and controlled SAP environment.

One Identity Manager delivers important SAP-specialized workflows and business logic.

One Identity Manager provides one platform for enterprise-level administration and governance of users, data, and privileged accounts.

One Identity Manager, while not boasting the absolute best user interface, offers an intuitive experience. Through its integration with SAP, it provides a comprehensive solution for managing the entire user permission lifecycle, including SAP roles and transactions. I was particularly impressed by its ability to seamlessly read details from the SAP system using a standard connector.

One Identity Manager simplifies backend customization by allowing us to implement custom processes, functions, scripts, and more. However, customizing the web portal, especially the new Angular web portal, is a more challenging task.

One Identity Manager offers a sophisticated model for the business roles to map company structures for dynamic application provisioning.

The functionality of the business role is important because if we build the right business structure, we can simplify the permission manager.

One Identity Manager helps minimize gaps in governance coverage among test, dev, and prod servers.

One Identity Manager helps create a privileged governance stance to close the security gap between privileged and standard users. This has improved our security posture.

One Identity Manager helps streamline aspects of application governance which simplifies the reporting.

One Identity Manager enables application owners and line of business managers to make application governance decisions without IT. Being able to see what users have access to and make the decision regarding the request from one platform, saves us time.

One Identity Manager helps us achieve a zero-centric trust model. 

One Identity Manager stands out for its modular design, allowing us to easily customize it with specific components, and its flexibility to handle any identity and access management scenario we encounter.

One Identity Manager doesn't provide all the user interfaces we need for business users out-of-the-box. This means we need to customize the web portal to display all the information we want to make available to them.

The ROM control modeling has room for improvement.

The user experience can be more user-friendly.

How One Identity Manager deals with disconnected systems needs improvement.

I have been using One Identity Manager for over ten years.

I would rate the stability of One Identity Manager ten out of ten.

One Identity Manager's scalability is the best in the market. From a technical perspective, the number of identities and entitlements we can manage with the overall architecture is good.

The One Identity Manager support is good.

Positive

I previously used Oracle Identity Management and SailPoint IdentityIQ. I switched because I was interested in One Identity Manager which is more popular and trusted in our country.

The initial deployment is straightforward. While the initial software deployment itself can be completed in a day, a full rollout typically requires additional time for configuration, customization, and other necessary steps to tailor the software to our client's specific environment.

One Identity Manager is expensive.

I would rate One Identity Manager eight out of ten.

One Identity Manager requires one to two people for maintenance per project.

I recommend using a partner to evaluate and implement One Identity Manager.

One Identity is used to create, sync, and delete accounts automatically across multiple systems. The product allows employees to be managed from our Human Resources system, while consultants and temporary personnel can be managed manually. The system provides automated workflows and birthright assignments for easier management of similar accounts or those in the same department or role. 

With the system synchronized with our HR database, new account creations are automated and include an email to managers providing users with their credentials for initial login. Only the hiring manager will receive a copy of the initial username and password, helping further secure this information and have it readily available before the employee begins. 

The automation of employee creation and de-provision has streamlined the process in many areas. For employees, all actions begin in the HR department and flow downstream, keeping all systems synchronized with the same data.

Since the system is tied to our HR database, automation has allowed us to immediately terminate accounts based on employee status instead of waiting for notification from a manager.

Consultant accounts are also set on an automated schedule to send an email if an account isn't used within eight days. The account is also automatically disabled if not used in ten days. This provides additional security by not having accounts enabled but not in use.

Several employee data fields are synchronized to Active Directory, providing easy access to other applications (office, address, description, telephone, employee status, etc.). The update process is scheduled and automated to run multiple times a day, so Active Directory is always up to date with different employee data.

The One Identity birthright process has helped generate user accounts more accurately and quickly. Our Service Desk ticketing system is now used to complete user accounts and provide only what isn't common across their department or team. 

The One Identity system is very modular. The product is similar to an erector set, where you can do the same thing in many ways. While this is great, it also can allow you to set yourself up for failure later. The product does require some level of developer skills, so having the ability to make system changes without being a developer would be a plus. 

A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly. It would be helpful to have a tool to more easily find common groups across departments or teams so more groups could be managed in an automated fashion.

I've been using the solution for seven years.

The One Identity platform has been a stable system that provides consistent results. 

This product is extremely scalable. The more development knowledge you have, the more you can do with this tool.

Support has always been responsive and helpful.

Positive

We did use Hitachi IDM. The tool was a first-generation IDM tool and was very difficult to manage.

The initial installation was fairly complex as it is capable of integrating with so many different systems. There isn't an easy wizard to walk through and get you going.

Professional services were used for the initial implementation of the product. We found a different partner for ongoing work and support. Their knowledge of the product is excellent. 

One Identity, in partnership with our consultant partner, has allowed our company to streamline many processes and save employee time for other important tasks. 

I would advise finding and using a development partner for implementation unless you have a dedicated identity management team. Ensure your environment is licensed properly, as One Identity has an active Compliance department. 

No other products were found worthy of trial when surveying the market at the time.