OpenText Identity Manager Reviews

NetIQ Directory is the main function of the product. As far as I know, it is the only event test directory that exists. It has all the potential for event-based testing. It has rules, connectors, and access manager. It uses Directory data.

NetIQ does not have a limit on the number of users. The tool is secure by nature. It can have more than one billion users. Event-based systems know what has to be changed. SQL-based systems can only change using time and date. Event-based systems provide immediate results, while SQL-based systems need time to sync.

It is totally different from a security perspective. Event-based systems can update all the systems in seconds or minutes. Other systems do it within 24 hours. The basic event-based system is AI-driven. It has some kind of robotics and programming. Other tools need programming. I like systems that have prebuilt ideas of security.

NetIQ has been in the market for a long period. It has all the systems and connectors. There is not much coding. We just need to configure the products. We need not do any programming. I haven't seen any other product that needs only configuration to do the job.

Most products in the market are SQL-based. They need programming. Some service providers who sell other products to customers do not sell NetIQ because they can make more money by selling solutions that need more consultancy and programming. More hours lead to more money.

The tool is used mostly in big systems to understand what is happening. There are not many technicians who know how to use the product. The vendor must provide an easier console for configuring things for smaller customers.

The vendor does introduce new solutions, but they are usually for big customers and high-end technicians. Some companies do configuration without high-end technicians. The vendor must provide a limited and easier console for smaller companies.

I have been using the solution for as long as it has existed.

The pricing depends on whether we buy the solution as a service or a license. The license is expensive. If we buy it as a service for a large number of users, it is the cheapest tool we can get. The cost of the tool for small systems is a problem.

The solution is a successor of another identity manager called eDirectory, created in 1993. I have worked on many projects in and out of the organization. SQL-based systems have limitations because it is a database. It is inside Windows. SQL-based systems can have only 20,000 to 50,000 users. There are regulations. GDPR is one kind of regulation. The regulations are in place because the solutions are unreliable. We cannot trust the systems.

Organizations that cannot afford the solution must opt for standard products instead of SQL-based tools. SQL-based tools will have problems with the databases, directories, and synchronization. NetIQ is suitable for service providers but not for end customers. End customers might need help daily or weekly. LDAP helps if there is a hierarchy in the directory. AD has some kind of LDAP interface. However, LDAP is far better than AD.

We can use solutions with attributes similar to LDAP. We can connect such systems to anything. The ease of use of NetIQ Identity Manager depends on how much we understand the system. If we know deeper things, we can use the tool easily.

Nowadays, some people say that they are specialists. They might know how to install Windows by themselves. Systems other than Windows are difficult for them. They must understand at least a few operating systems. They must know the basics of data communication, databases, and directories. I have been teaching these for 20 years.

I work with big security integration systems. We cannot have a secure system if we do not know the parts we are connecting and the parts that the data communication is calling. Many high-end projects fail because the people who do the complicated integrations are newcomers. Both the consultant and the customer are newcomers. It is a highly secure system that controls all the users and usage in an organization.

The product is owned by OpenText. It is a big organization. It might have many technicians because the product is used in many big companies. Every system is now on the cloud. The solution has native cloud support. I am a freelancer.

Overall, I rate the tool a nine out of ten.

I use NetIQ Identity Manager to streamline user provisioning, access control, and compliance management for large companies and local banks in Brazil

The most valuable feature of NetIQ Identity Manager for identity synchronization is the ability to provide users with all necessary access on day one through automated provisioning, facilitated by approval workflows. Additionally, the ability to remove access through similar automated processes ensures consistency and end-user control across integrated applications.

Areas for improvement are further enhancing the access granting process to reduce time and improve accuracy, as well as ensuring consistency of user information across integrated applications.

I have been working with NetIQ Identity Manager for ten years.

The product is very stable. Occasionally, heavy usage might affect performance, but it is easily resolved by adding new servers and balancing the load.

I would give NetIQ Identity Manager nine out of ten for scalability. It handles millions of users in the US and almost two hundred thousand in Brazil, which shows it can grow with demand.

I would rate their tech support as an eight out of ten. They used to have local support in Brazil, but now calls are directed to a call center in Costa Rica, which can sometimes cause delays in response times due to serving multiple countries in South and Central America.

Positive

Both NetIQ Identity Manager and ForgeRock have similar structures with LDAP directories and connectors. However, ForgeRock offers the advantage of being a SaaS solution which eliminates the need for on-premises implementation. They also provide three environments with the license, facilitating development and testing processes.

The initial deployment of the environment typically takes about a day to a day and a half to install and configure all the servers. Integrating applications can vary, with easy and well-documented integrations taking around 40 hours, while more complex ones may take up to 80 hours or more. However, integration with applications can vary in complexity, depending on their documentation and APIs. We prioritize integrations based on customer needs, starting with HR systems and adapting to their specific requirements for user configuration.

Typically, a deployment team consists of up to four people, depending on project size, with expertise in operating systems and integration. For ongoing management and maintenance, at most two people are required to monitor servers, and integrations, and address any issues that arise.

We use NetIQ Identity Manager to sync employee data from HR systems to LDAP directories and various applications like SAP, automatically provisioning user accounts based on criteria such as department and job function, while additional access is assigned through workflow processes, streamlining user provisioning across multiple applications.

NetIQ Identity Manager supports compliance and audit processes through reporting capabilities that provide insights into user access. Additionally, the Identity Governance product facilitates access reviews, allowing for the generation of reports to prompt access reassignments or cancellations based on predefined criteria.

One challenge we have encountered is integrating applications without defined APIs or lacking expertise in integration from application administrators, prolonging integration timelines.

Role-based access control in NetIQ Identity Manager improves our security posture by enabling us to track user roles and associated access across applications, detecting potential security breaches, and ensuring visibility into user access permissions at any given time.

Since implementing NetIQ Identity Manager, we have seen significant improvements in managing the user lifecycle. First-day access provisioning is streamlined, reducing manual processes and saving time, especially during periods of high employee onboarding. Enhanced access control and reporting capabilities ensure comprehensive user information for auditing purposes, facilitating better security and compliance measures.

Overall, based on my experience and flexibility, I would rate NetIQ Identity Manager a nine out of ten. It is highly flexible with many connectors, allowing for diverse integrations. While some solutions like Salesforce may connect more easily, they lack the flexibility of NetIQ Identity Manager.

We use it for access management, as an identity repository, and for access provisioning.

We use it for manual provisioning, where we log incidents on our service management platform. We have two types of automated provisioning. 

• One type involves provisioning accounts and group memberships directly in various LDAP directories. 

• The other type of auto-provisioning is fully customized for specific needs. 

We use all three main types of provisioning. However, it has not improved access management by itself since they are different products. Where Identity Manager and access management products potentially leverage each other is in instances where Identity Manager provisions in all directories, which makes it easier for applications to authorize users or for leveraging password authentication from an Access Manager. Aside from that, they are independent products.

NetIQ Identity Manager easily integrates with our existing IT infrastructure.

The access request management has improved significantly in terms of its user interface. What sets it apart from competitors like SailPoint is that it's an event-based solution rather than schedule-based. That's a key differentiator.

It also offers self-service capabilities like Access Request Manager platform is self-service. 

Additionally, we use NetIQ's self-service password reset tool, which integrates with the directory leveraged by Identity Manager. So, we utilize self-service for both access request management and password management.

From an Identity Manager perspective, we do have role-based access control for a portion of our users. However, the capability is not as mature as what you'd find in other products. It lacks advanced features like the ability to mine tools or make decisions based on the roles assigned to others, offering very basic role management capabilities.

The solution architecture is somewhat complex. For some components, the necessary resilience is not inherent. 

Introducing artificial intelligence to assist people and line managers in understanding what they are requesting or approving would be beneficial, enhancing the capabilities that are currently not as advanced as those in more popular products.

I have been using it for ten years. 

I'd give its stability a seven out of ten. There are occasional glitches and downsides.

I would rate the scalability a six out of ten. While some components can be scaled horizontally, others can only be scaled vertically, which is problematic.

There are around 40,000 end users using it in my organization. 

The main issue is the response time. Cases can drag on for months without immediate feedback or guidance, it is not uncommon for cases to remain open for over six months.

Neutral

We work with several of NetIQ's access management products, including Access Manager, Identity Manager, Advanced Authentication Framework, etc.

The setup process is complex, attributed to our long journey with the product over more than ten years. A lot of capabilities were not available by default at that time. 

While installation is straightforward, customizing the system to meet specific needs and performance requirements demands expertise.

We use an on-premises deployment model.

Identity Manager is more cost-effective for my company. It's a better option compared to more popular products that might require expensive upgrades.

I would rate the pricing a two out of ten, with one being low price and ten being high price. It is significantly more cost-effective than the major players in the market.

I would prefer to explore other technologies, SailPoint and Saviynt, are better as they are leaders in the space. However, due to cost considerations, NetIQ Identity Manager is more cost-effective for my company than more popular products at the moment.

Overall, I would rate the solution a seven out of ten. If finances are a major consideration, then it's a good option. However, if budget is not a constraint, I would opt for one of the more mature players in the field. 

Technology and thinking in identity and access management have evolved, and unfortunately, NetIQ has not kept pace with these changes as well as some competitors.

The solution is used to manage SSO and login for internal applications.

The product enables detailed user management. The product is easy to use. Our users found it easier than Microsoft Identity Manager.

The solution must add more configurations. There are different types of user identity in different applications. The integrations must be made easier.

I have been using the solution for two years.

I rate the tool’s stability an eight out of ten.

We have around 5000 users in our organization. The maintenance period is already finished. We do not do maintenance anymore. We have around 15 engineers and support personnel in our technical team. I rate the tool’s scalability an eight out of ten.

The technical support team is not very knowledgeable about the product.

Neutral

The installation took a few hours. The installation was quite straightforward.

The vendor does the installation. They are very experienced. It doesn’t take them much time to get it done.

The solution is quite affordable. It is reasonably priced. I rate the pricing a five out of ten. There are additional charges for customization.

We evaluated Microsoft Identity Manager, but its latest version is on the cloud. We needed an on-premise solution. So, we chose NetIQ Identity Manager.

If we get experienced support engineers, NetIQ is a good option. Other than support issues, the product is quite good. Overall, I rate the tool a seven out of ten.

The most valuable features of NetIQ Identity Manager are the synchronization of different directories, such as Active Directory. We have many Active Directory systems, not only one.

We have another system that is using the SAML system, and we also integrate with Active Directory only. If NetIQ Identity Manager can integrate directly, we would not need to use the Active Directory directory.

I have been using NetIQ Identity Manager for approximately 10 years.

The stability of the NetIQ Identity Manager is good.

NetIQ Identity Manager can improve the bulk account uploads, it's very slow. You need to do it one by one. We work in the education sector, and every year we have approximately 20,000 accounts to create in a very short period, the NetIQ Identity Manager has a problem with this, we need to use a batch job. For example, we cut it into 10 batches and execute them one by one, so that it will not interrupt our production environment.

Even though we have upgraded the hardware, the software used for NetIQ Identity Manager could improve. The scalability can be better.

I have not used the support from NetIQ Identity Manager.

I have not used other solutions.

The initial setup of NetIQ Identity Manager is straightforward.

I rate NetIQ Identity Manager an eight out of ten.

I am an independent training provider. I'm teaching this application. It was originally made by a company named Novell. I have used the Novell XML, which is the origin of Identity Manager. I think they did that in '96 or '97. I was a certified Novell trainer, and I was training those applications myself. I started the first testing center for Novell products in Europe in '92. I have a long history because I started with those basic products in '83 and did 10 years of training for those products. I've also been using them for my employers or for the customers as a consultant. Now, I'm doing training again but in schools. I am teaching adults so that they can change their careers or start a career in cybersecurity or IAM.

I always try to use the latest versions. In terms of deployment, you can call it cloud, but it's a VMware environment.

I like the eDirectory feature.

It needs some modern features. They should improve and modernize their management interface. It has been created over years and by different persons. You can see different applications, different management consoles for different things. There should be an integrated interface.

It should also be easier to install. There should be an easier testing system for applications for students or consultants to try it themselves. The system to download or get your applications for testing is not so easy.

They can clarify how to install it for different Linux versions as well as how to use it for local private cloud use and public cloud use. It seems that you have to install many incarnations of basically the same product.

They should make it free for schools for teaching purposes. Their competitors are giving it for free. By not doing that, they are losing market to competitors.

I've been using it since '83. I've been working for companies that have been using this application. I've been in consultancy implementing this application to customers, and now, I am teaching this application.

It is stable, but its implementation is hard. After that, it runs.

I haven't dealt with it, but I would like to have a channel. 

Its implementation is hard. It should also be easier to install. There should be an easier testing system for applications for students or consultants to try it themselves. If we are doing just testing, it's complicated because they are basically supporting SuSE and Red Hat. If we are doing testing, we don't want to pay for the server systems. There is no documentation and information about how to install it with some other Linux versions. There is no documentation for implementing it on other systems.

The deployment duration depends on what we are doing. We are not doing production systems. We are doing production-like teaching environments. We are basically running systems that can be production but the use is just for training purposes. Later this year, we are doing production environments. We are doing the whole process of how to create implementation, how to implement it with some applications for IDM, some applications with access management and SSO, and so on.

It would easily help them in getting more market and more customers if more consultants knew about their software. If they could keep it free for schools for teaching purposes, it would be good. I had to pay myself to get it and use it for training. Their competitors are giving it for free. I had to pay for it myself. They are losing market to their competitors.

I would advise others to read the manuals carefully and do the testing systems first. That's because it has all the bells and whistles when it comes to features, but they are not so easy. It is a full package for everything, but it is not so easy to implement. You should basically clarify things because there are different kinds of doors for different kinds of things.

I would rate this solution an eight of 10.

We use NetIQ Identity Manager for identity management.

The most valuable feature of this solution has been the ability for us to integrate a lot of external systems, and the automatic transfer of a lot of identity information. Additionally, the customization is very good.

NetIQ Identity Manager could improve by updating the user portal, it is out of date.

I have been using NetIQ Identity Manager for approximately 15 years.

The solution is stable.

NetIQ Identity Manager is very scalable and complete. It covers all the areas we need it to.

The technical support has been good.

For us the installation was easy. However, we are an IT company that understands what we are doing. I would consider the solution not to be easy to install if someone does not have the experience.

The price of the solution is a bit high and could be reduced.

I would recommend this solution to others.

I rate NetIQ Identity Manager a nine out of ten.

I design, deploy, and use NetIQ Identity Manager in different environments. It's mostly to provision user accounts in AD, but I also use NetIQ Identity Manager to provision (to and from) accounts with the following applications and systems:

Oracle and PeopleSoft, Office 365 and Azure, EasyVista, IBM AS/400, Oracle E-Business, etc.

Thanks to the role-based access control included framework, we give initial access to business resources as from the start date of the employee.

NetIQ Identity Manager provides workflow and forms that allow all managers to initiate new employee provisioning under the control of the HR or finance department. This reduces the number of accounts created out of control.

NetIQ Identity Manager can integrated with Identity Governance administration and this is a great benefit when governance needs are present.

The Identity Engine is event-based and provides real-time synchronization and password synchronization to more than 40 different applications and services.

The new version 4.8 is now available since mi-November 2019. It provides a newer workflow engine that will increase form creation.

With the latest version, a subset of NetIQ Identity Governance is included.

There are some limitations in the custom workflows, mainly in the GUI presentation, but the latest release improved.

The newer workflow engine shipped with latest version 4.8 provides more features and possibilities than the current legacy system.

The legacy system is still supported and currently there is no migration tool available.

More than five years.

The IDM engine and drivers are based on more than 20 years product and very stable and reliable.

The IDM engine setup is quiet straightforward it you master product. The Role base & workflow module is more complexe and the reporting module installation must be definitely improved.

We use this solution primarily for access.

The main value lies in the simplicity of implementation, as well as its customized look and feel.

I cannot specify any areas of improvement. There's no huge thing missing because it's already comprehensive. Now and then, however, there might be a minor issue.

We don't have any issues with stability.

We work in a huge environment and we can scale as much as we want. We have eight million users.

Technical support is average. When it's come to complex issues, it takes longer than expected to solve.

We used to sell SailPoint as well as the CA solution. SailPoint was part of the OEM in the NetIQ. The technology product is very complex to implement.

The initial setup was straightforward. The setup alone takes a couple of hours. Full deployment time depends on the customer and what they need.

Micro Focus is flexible when it comes to price. The cost varies from customer to customer. There are no additional costs, though. Everything is included.

Do not look at features; look at real-time implementation experience.

You need organization support, high-level support from management to do the change needed to implement it right.

I would rate it as nine and a half out of ten because there is always something to improve.

We did an exercise, but it was a long time ago. I know that we had a lot of manual work that we saved by using the product. So on a monthly basis, we would hire ten or so users per day, ten times, over twenty days, so two hundred in total.

Each user would take between ten and fifteen minutes, so let's say two hundred times twenty minutes, is four thousand minutes, or sixty-six hours. There were more functions that we'd do as well.

I would say you would save like around one-hundred person-hours, per person per month. That's big savings.

It's a very flexible tool, so you can synchronize multiple sources of data and you have multiple connections to various kinds of systems.

The most valuable features are that it's a very flexible tool and it's connected to multiple and various data sources.

The product, the technology itself, is really good.

The problem is the ecosystem. There's not a lot of people that know the product, so it's hard to find someone to work with the product. Sometimes you need to deploy something that's a little different. It requires development, and it's just hard to find people. It requires training, because, in each event, you need to learn the specific language that the product speaks. So it's a directional language and you need someone with some knowledge with it to deploy it.

They have graphical interfaces and you can get away with the basics, but it gets a little bit more complicated once it's a little bit more customized. If it could be operated in such a way that anybody could use it, with just the user interface, and there's no need for programming, then that would be a great improvement.

They need to go to a cloud service solution because everyone's looking forward to the cloud now. Everything that I worked with was on-prem system deployments. 

The stability is solid. You don't touch it. Once you deploy it, it just works.

In terms of scalability, it depends on how much you want to spend to scale because they charge for connectors. You can connect virtually everything to it. They have connectors for most of the systems in the market including databases, cloud solutions, etc.

The company just launched an update so they are upgrading. They need to connect to the new SAP version. They were planning on connecting to the latest version of existing systems. 

Technical support was good. I had to use them a few times and they were very knowledgeable and they were quick. I always had a quick turn around from support.

The initial setup has medium complexity. It depends. The previous version was more complex. Now they've made it better. They knew that the tool was complex so they tried to enhance and simplify the installation. I would say it's not too hard today to get you going on the basics. The more approvals and workflows and the more components you add to it, the more complicated it gets and you need more specialized people. You just make sure that you train your personnel.

If this product was more widespread and people knew more about the language then you wouldn't have this issue about when you need to add people to the system.

I wasn't there when the implementation took place, but I think services were from the actual vendor, Micro Focus, itself.

Some products, typically security products, the moment they're implemented, their ROI is instant because you know security is invaluable and data loss is something that needs to be halted right then and there. Your return is guaranteed because the product saves so many person-hours over the years.

I'm not sure of specific pricing, but I know they have different licensing, depending on your organization. Governments, for example, have special pricing. Education would have different pricing because it's more like a sector.

There might be additional costs too, and it depends on which system you are integrating. So let's say user x needs one AD account or an Oracle or SQL. You would have the base license plus per connector. You just need to be aware that the more systems you connect, the more license fees you have to pay.

The way it was implemented for the company was mostly for HR integration. So we would synchronize data from SAPHR to an Active Directory. So all the new hiring, all the user provisioning was made by HR on the SAP system. This system was responsible for creating the accounts on the network and mailboxes and all that from that system. So no one has ever created a user manually in AD. It's all automatic.

It's a solid product, it's a mature product. You just need to make sure that your IT personnel is properly trained. When you purchase a license, make sure you have support engaged as part of your contract and you'll get your team trained.

I would also recommend a proof of concept for sure. That way you can show clients how flexible the product is.

I would give the solution a rating of nine out of ten.