Tech specs
1-8 of 109 reviews
What is our primary use case? We use One Identity Manager for user lifecycle management and access management. What is most valuable? Since I am placed in the business organization, I see smooth processes for joiner, mover, and leaver, and a compliance perspective. We are getting cost savings by automating system integrations. Previously, people handled access rights manually for each system. Now, after integrating about half of our systems, we are saving approximately three FTEs, and expect it to double. Line managers can see team members' access rights and do attestations in one view. We have integrated requesting of access rights also to external systems via the web portal to remind leaders about access rights management also for leavers and movers. Automation of these processes improves security and compliance by meeting auditor requirements. What needs improvement? There are functionalities we needed to build ourselves, such as cleaning the direct entitlement assignments if inderect exists. The user interface can sometimes be a bit confusing for end users, for example during attestations, as completed tasks simply disappear without indicating that there are no pending requests left any more and therefore end-user is unsure if they have completed all theirs tasks. For how long have I used the solution? We have had it in production since autumn 2023, approximately one and a half years. What do I think about the stability of the solution? I rate stability around nine out of ten. What do I think about the scalability of the solution? We have around 8,200 employees using the system to request access rights. Scalability is not an issue, so I rate it a nine out of ten. How are customer service and support? I rate customer support at eight out of ten. The response time has room for improvement as it can take quite a long time in some cases. How would you rate customer service and support? Positive Which solution did I use previously and why did I switch? Previously, we used an old Microsoft MIM solution. We transitioned to One Identity Manager for improved functionalities like handling mover situations and integrating external systems for better security compliance. What about the implementation team? We implemented it through Tietoevry, a partner. Initially, we had an unsatisfactory experience with a different partner, which delayed our project by a year. After switching to Tietoevry, the project improved significantly. What was our ROI? Annually, we have saved three full-time employees as a result of deploying One Identity Manager. We anticipate doubling this saving once all current integrations are completed and even more when we add Segregation of Duties rules. What other advice do I have? I would recommend One Identity Manager due to the improved security and compliance it offers. We have achieved considerable productivity gains through automated processes. I rate One Identity Manager a nine out of ten. Which deployment model are you using for this solution? Public Cloud If public cloud, private cloud, or hybrid cloud, which cloud provider do you use? Other Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
What is our primary use case? We use One Identity Manager for workforce identity and access management. We have implemented basic controls like joiner, mover, and leaver processes for our employees. We are integrating our most critical and important business systems and applications into it, handling the access management to those systems using One Identity Manager. What is most valuable? I like the solution since it is very flexible, and I can basically do everything that I like and need with it. I appreciate its automation capabilities a lot. Through automation, we have been able to reduce the number of service requests and tickets to our vendor. We have also managed to reduce the cost quite drastically in that sense. Additionally, by automating the access reviews, we have saved considerable time for our business leaders, even talking about several full-time equivalent savings concerning access review automation. It works well at an enterprise level. We use it as a centralized platform for the whole identity. It is a flexible system and we can customize it the way we want. We use the business roles to map company structure for dynamic application provisioning. This is a very important aspect of the solution. We use the solution to extend governance to cloud apps and this is very useful for us. Through automation, we have been able to reduce the number of service requests and service tickets towards our vendor, and we have been able to reduce the cost quite drastically. By automating access reviews, we've been able to save quite a lot of time - up to several FTEs. When we launched the system, we had quite a wide scope and saw results immediately. The solution helps us achieve an identity-centric zero-trust model. As you are getting your identity only through a centralized system and also getting all the accesses attached to that identity and all the accounts attached to that identity through one system, then it is possible. We also handle access to any system through that one solution. When we do that, we have a full picture of the identities and what kind of accounts and entitlements they have. Having the full picture and having the governance of the whole entity when it comes to access management allows security to be tight. Also, the controls that we have in place then, for example, joiner, mover, leaver, that helps in maintaining that zero trust principle. What needs improvement? In regards to the front end, the portal that is offered to our users needs improvement. There is room for improvement on that side, particularly in user experience. It is not as intuitive as I would like. If there is something to improve in One Identity Manager, it is the end-user experience. The database structure is quite complicated. I don't know if it can be improved or if it can. It will probably be a long journey. The most important thing is to think of our customers, and then the user interface is the part of the system that needs some improvement. We can customize it, however, we need skilled resources to do so. There aren't as many skilled people in the market. For how long have I used the solution? We launched it in October 2023. However, we started implementing it in 2021. How are customer service and support? We rely on vendor support, and I would rate it as ten. We mainly receive support through their partner. How would you rate customer service and support? Positive Which solution did I use previously and why did I switch? We did quite a large comparison when we chose this system, and I see that there are systems in the market which offer the same functionality. However, there are also a lot of systems that are more restricted in the functionality they offer. There are maybe a couple as large and with as many capabilities as One Identity Manager. One Identity Manager is one of the top systems in terms of capability offering. That's the reason why we chose it for our company's purpose. How was the initial setup? Our experience was complex, however, it was not due to the system. It was due to the wrongly chosen partner who didn't have the needed skills to implement it properly. It also depends on the scope of what needs or is wanted to be implemented as the minimum viable product. I wouldn't say that it's complex, however, maybe not easy either, so maybe something in between. What about the implementation team? We implemented via a partner. They are the ones doing the customization if we do any currently. Our partner organized the training, however, the training was given by One Identity itself. What was our ROI? We have been reducing costs and saving several full-time equivalents by using automation. What other advice do I have? I would rate the solution overall as eight out of ten based on the bad user interface. Which deployment model are you using for this solution? On-premises Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
What is our primary use case? We use this solution to enable a lifecycle for all the accounts we have in our Active Directory. One Identity Manager helps us enforce rules and renewal periods. It assists in tracking useless accounts to ensure that we do not retain people's accounts once they leave the company. We are extending the solution, highly customizing it to associate almost every object in our Active Directory with an identity. Every identity has a lifecycle and specific rules enforced by One Identity Manager. How has it helped my organization? The benefits are significant for us. We had no real central governance before implementing One Identity Manager. Being a large organization operating in 60 countries, it has helped us regain control over Active Directory. By enforcing rules, processes, workflows, and account lifecycles, it aids in cleaning our Active Directory and enforces strong workflows in user management. What is most valuable? One of the best features of One Identity Manager is its high level of customization. Since deployment, the solution has been tailored extensively to fit our specific needs. Its out-of-the-box capabilities are commendable, allowing for evolution and integration within an on-premise environment. For us, being able to customize the product to our requirements has been incredibly valuable, turning it almost into an in-house solution. What needs improvement? The new portal is in a specific technology that is more difficult to program. While it is a specific decision, the customization will become harder. A real SaaS solution could be provided rather than an on-premise product deployed on One Identity Cloud. Although we are not the target for this kind of improvement, a pure web-based SaaS solution could be beneficial for smaller companies. For how long have I used the solution? The solution started deployment in 2018. My personal experience as a Functional Analyst with the solution is approximately two and a half years. What was my experience with deployment of the solution? I was not part of the company during the initial deployment. However, it was relatively easy because it came out of the box. Upgrading is more challenging due to the extensive customizations we have, but this difficulty is more related to our use of the solution rather than the solution itself. What do I think about the stability of the solution? We have not experienced many issues with the tool itself. The problems we face are more related to our database consumption due to the high number of users. In terms of stability, I would rate it highly. What do I think about the scalability of the solution? We have not needed to increase scalability much, and One Identity Manager supports a large number of users effectively. I would rate its scalability as strong since we have not experienced any significant challenges. How are customer service and support? The technical support could be improved, particularly for architects with advanced knowledge. I have heard that the forums, moderated by One Identity experts, are helpful. Although sometimes support can take time, we have not raised any serious alerts about the quality of support from One Identity. How would you rate customer service and support? Neutral Which solution did I use previously and why did I switch? We had no Identity Management solution before One Identity Manager. Compared to our previous situation, the solution provides significant benefits in terms of automation. How was the initial setup? The initial setup was straightforward as the solution came out of the box. What about the implementation team? We are working with a consulting company that provides specific support and resources for us, but they are not direct partners of One Identity. What was our ROI? One Identity Manager saved us approximately thirty to forty percent in terms of time, money, and resources compared to our pre-deployment setup. It significantly improved our control and management efficiency. What's my experience with pricing, setup cost, and licensing? We have a global ELA, which means we do not have licensing issues. The price is correct and the relationship with the sales team is excellent. They are open to discussions whenever savings are needed. Which other solutions did I evaluate? I have no other experience besides Okta. Okta is more of an out-of-the-box solution with less customization opportunity, while One Identity Manager is a full product. What other advice do I have? I would recommend One Identity Manager due to its customization capabilities. It allows you to adapt the solution to your specific needs. However, for smaller companies without high-level expertise, a pure SaaS solution may be less intimidating. I would rate One Identity Manager at a seven out of ten overall. Which deployment model are you using for this solution? On-premises Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
What is our primary use case? I am a consultant for One Identity Manager and implement it for clients. They use it for ordering permissions, attestation of permissions, and reporting on permissions. How has it helped my organization? Customers use One Identity Manager to manage SAP. SAP integration is very important because clients have critical business processes in SAP systems. Governance of SAP users and permissions is important. One Identity Manager is a good solution for providing a single platform for enterprise-level administration and governance of users, data, and privileged accounts. You have a view of all the users, permissions, and connected systems, and you can have a whole range of connected systems such as Active Directory, SAP, Entra ID, Exchange Online and others. You can import identities from HR systems or create them manually and join them with their accounts and permission. It gives you a view of the permissions and roles people have in different target systems. You can combine that with roles that are automatically populated through inheritance. You can also combine it with attestation so that you have an approval process for those rights. You can basically check that they are not assigned forever or when not needed. Customers use One Identity Manager's business roles to assign permissions based on membership in organizational structures, such as departments, locations, job functions. This functionality is very important because you can model your business as a hierarchy and inherit permissions and accounts along with this hierarchy. It is a good solution to assign permissions automatically. For example, if you have different locations for your business, you can model those locations in the business roles and assign people to those roles automatically through HR import. That makes life easy and gives you a graphical view of that structure in One Identity Manager. For people who are not too technical, it makes it easy to understand how permissions are inherited. It gives an overview of licenses. For example, in One Identity Manager, you can have an overview of Office 365 licenses being used. Apart from that, you can see how many and which accounts are being used, but it is not a license management tool. Attestations help you determine if someone should have a certain permission or not. You can also have recurring attestation where, for example, a manager can decide if certain permissions are needed for certain people. For compliance, you can implement segregation of duties where you can specify that if you have permission A, the users cannot have permission B. For auditing, you can see the permissions and the accounts people have, but it is a view from a certain point in time. There might be some gaps or synchronization delays between One Identity Manager and the target system, such as SAP. For auditing or a tracing without any gaps, you need tools that monitor permissions in those systems in real-time, similar to Change Auditor from Quest. It helps to create a privileged governance stance to close the security gap between privileged users and standard users. You can have different types of identities. You can have a person with a non-privileged identity and also a privileged identity. It helps to separate those, but at the same time, you can see what kind of permissions a person has in total. You have a view of both the non-privileged and privileged identities. What is most valuable? It is very comprehensive. There are a lot of features in the product. The strong points are that you can model your organization in One Identity Manager and create roles. There is a Webshop where end users can order permissions and accounts. These are its strong points. What needs improvement? What is missing is a mobile user interface for the end-users so that they can do simple things on their mobile phones on the go. The time it takes to synchronize a large target system is often significant, often taking multiple hours. That is something that could be improved. I am aware that it is often due to the performance of the target systems, but it is a problem in day-to-day operations to have slow synchronization. For how long have I used the solution? I have been using it for 12 years now. What do I think about the stability of the solution? It is stable. I would rate it a nine out of ten for stability. One Identity Manager has improved in terms of performance and added functionality. There is better stability. They have invested in more modern web interfaces and are moving to the cloud as well. You can run it on prem, in your own private cloud, or you can have a SaaS solution nowadays. What do I think about the scalability of the solution? It is scalable. I would rate it an eight out of ten for scalability. I have seen it work well in large environments. How are customer service and support? There are different support tiers, some with 24/7 support and a dedicated technical account manager. If you have outages or critical production problems, you can count on the manufacturer to help resolve the situation. Minor questions are not always treated as fast as one would wish, but for the critical stuff, you can rely on them. How would you rate customer service and support? Positive How was the initial setup? Its implementation effort depends on what you want to achieve, but it is not straightforward. You need solid knowledge of One Identity Manager. You also need a good strategy and information about what you want to achieve with One Identity Manager, how you want to connect to your target system, and what kind of processes you want to have in One Identity Manager. But you can rely on the manufacturer and partners to help you with that. In terms of maintenance, you have to update it regularly to be in support. Otherwise, after some time, there would not be any support from the manufacturer. Also, the manufacturer is fixing bugs and extending the product, so it makes sense to be current with the software. What about the implementation team? As a consultant, I help the in-house team deploy the solution. What was our ROI? It saves an enormous amount of time. If you do not see it as purely an Identity Management tool but as a possibility to automate processes in the company, it provides a huge amount of value. If you use it the right way and think of which processes in terms of Identity Management you can automate, it will save a whole lot of time. The time savings depend a bit on what you are automating. For example, if you can automate assigning accounts and permissions by making use of the organizational structure and let managers order permissions through the web shop, you accelerate your business processes and reduce the amount of manual labour involved. What's my experience with pricing, setup cost, and licensing? My clients have been using it for a long time now. They have looked at other products as well, so it seems worth the price. Which other solutions did I evaluate? One Identity Manager is the most complete offering because you have the connection to the target systems and you have inheritance, which is powerful and not something every other vendor has. They have a Webshop with approval processes for ordering accounts and permissions. It is a complete package, and you get all this in one product. In terms of functionality, it is very good compared to other products on the market. What other advice do I have? If you are a user, it is not too difficult to get into it. You have to be familiar with the concepts of Identity Management, as well as inheritance of roles and permissions and how to use the tools. It is manageable. If you want to be a developer in Identity Manager, that is a different thing because it takes way longer to get into. For example, the new web portal has an Angular web front. If you have Angular web development skills, you can more or less get straight into it. One Identity Manager has a certain complexity, and it is not always easy. From an end-user perspective, there is a web interface to request permissions, reset your password, or manage your account in some aspects. However, when you get into the management of One Identity Manager itself, you need some knowledge, and it is not always straightforward. It is complex. When it comes to customization, the ease depends on what you want to customize. Certain aspects of the product are easy to customize. You do not need programming knowledge, or you can do it with minimal programming knowledge. For some aspects, you need programming expertise in Angular or other programming languages, such as .net. You need to have a good grasp of how the Identity Manager works. My recommendation is to first determine your needs and then look for a product that addresses them. One Identity Manager is a big product that provides lots of functionality. If you do not need lots of features, you could go for a SaaS solution, maybe also from One Identity. Set up a strategy and do a proof of concept. Validate some of the requirements to see if it is a good fit and implement One Iden... Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
What is our primary use case? The overall purpose for using this product is for identity management, which is our core requirement. How has it helped my organization? We adjusted the number of authorizations given to a person. Before, it used to just collect and collect under people. Now, we can adjust and remove authorizations so they don't just stack up. It's reduced the number of authorizations assigned. The workflow has improved from request to assignment. We've been able to accelerate the speed significantly. What is most valuable? I like the workflow engine and the deep integration with SAP products, including SAP authorizations. In the market, there aren't many products that can deliver this feature. The possibility of customizations is a significant aspect that makes this product stand out from others. Additionally, the number of connectors they support is commendable. Reducing the number of authorizations given to people on average is beneficial. Previously, individuals had accumulated authorizations as they moved between departments over their careers. Now, there's an attestation process when a person moves to a new department, allowing managers to decide on reassigning authorizations. This has led to fewer authorizations being assigned, which is one of its most important benefits. Moreover, the time taken from an authorization request to an assignment has also been accelerated. One Identity Manager connects SAP accounts to employee identities under governance. We have an HCM connector, and we have built up the complete life cycle of an identity. TThis means when a person leaves the company or has a transition to another department, we also have processes implemented that we take care that they lose the authorization. The solution provides IGA for difficult-to-manage aspects of SAP, like profiles, rules, etc. We use transaction codes and activities, and so on, on the lowest sub-authorization level for segregation and security checks. We assign roles, composite roles and single roles. In terms of user experience and intuitiveness, there is always an issue from one product to another. In the beginning, the users may find it a bit complicated. However, they get new functions and a fancier UI. Overal, it provides a good impression. It's easy to customize. The product has a huge number of possibilities or ways you could go. That said, you need good knowledge of the product. It's complex. This product needs a deep understanding of how the product works and how the implementation needs to be done. You need an external partner with good experience. We make use of the product's business roles. We try to catch 80% of the authorizations so only 20% of authorization would need to be requested. We have connected cloud applications, including SAP cloud systems. These extensions to governance are very important. They need to be integrated. Our aim is to integrate every system where management takes place under one solution. One Identity Manager helps minimize gaps in governance coverage among test, dev, and production servers. Now, we can identify when users have no need anymore to have certain authorizations on a special system or special groups. Our user life cycle takes care of this. When they are not in the department anymore, they won't have access. It makes access to special systems more secure. It does help with licensing. If two licenses are similar, we can look at the settings and make sure that users are getting more licenses than we need, and when they leave, the license can be removed. It helps save license costs. The solution helps with application auditing and compliance as well as access decisions. We've been able to achieve an identity-centric zero-trust model. We have other applications around this, however, we are able to give authorizations only to one person and so that no one has more than they need to avoid security risks. People only get authorizations to that which is a user's core functions. We have more complex approval processes for normal authorizations. What needs improvement? The user interface is good, however, there is space for improvement. Specifically, the way information is presented in the system could be refined so that users are not overwhelmed with technical details. They require more business information. We believe there is substantial room for enhancement in this area. There is also room for improvement in how we integrate systems. In some instances, we could achieve deeper integration. However, it requires effort, and we must decide if it makes financial sense. The downside of the product is it is complex and you need an implementation partner to help you develop it. You can't do it on your own. For how long have I used the solution? I have used the solution for over four years. Which solution did I use previously and why did I switch? We missed functions in SAP, and there was no further development to meet our needs. There was also no future strategy, and they have discontinued the development of this product. This made us decide that this was not the product for the future. How was the initial setup? The deployment was easy in some aspects and complex in others. There is maintenance needed in the form of upgrades and daily maintenance of one to two hours a day. What about the implementation team? Our partner helped with the implementation. It was, at points, a complex migration and implementation, and we are satisfied with the collaboration. What's my experience with pricing, setup cost, and licensing? We are in the upper quarter regarding cost, so it's expensive. However, it is definitely a product with the best future perspective. In terms of function and support, it offers a fair price yet remains an expensive product. What other advice do I have? We're a medium-sized company with locations across several countries. We have around 50,000 external and internal users. One Identity Manager was the right decision in comparison to other market products. With other products, we would not have made such a good decision. We had a partner that provided training, coaching and implementation assistance. They were more focused on integration and helped with complex customizations and post-implementation support. We don't need as much support anymore. Overall, I rate the product an eight out of ten. I'd recommend it to other users. It was the right decision for us to go with this product in the end. Which deployment model are you using for this solution? On-premises Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
What is our primary use case? Our primary use case for One Identity Manager is focused on automatization and digitalization, specifically in introducing identities with appropriate permissions across various IT systems. What is most valuable? One of the most valuable features of One Identity Manager is its availability as an on-premises solution and as infrastructure-as-a-service in the cloud. Additionally, the reporting capabilities, powerful synchronization engines, and workflows, including the SAP connector, are highly beneficial. The solution provides an identity-centric approach which supports achieving a Zero Trust model, and it significantly reduces operational costs by allowing the same number of support team members to manage a greater number of systems. What needs improvement? The user experience has been a concern in the past, particularly with the web interface, but improvements are expected with the transition to Angular. The support from One Identity is very poor. The response is often delayed and lacks actionable advice, such as suggesting updates without confidence in their effectiveness. It is crucial for them to expand their support team to match their product's success. More comprehensive testing and detailed best practices in handbooks could enhance problem resolution. For how long have I used the solution? We have been using One Identity Manager for quite some time, starting with their former product, ActiveEntry, since 2007. What was my experience with deployment of the solution? Deployment is complex due to numerous prerequisites that must be met. Installation takes longer than expected, but after a solid design and documentation, it works well. How are customer service and support? Customer service and support for One Identity Manager are poor. Despite thorough pre-case activities, responses are often delayed, inadequate, and lack confidence in solving issues. The current support team is overwhelmed by the product's success, and more personnel are needed to improve service. How would you rate customer service and support? Negative How was the initial setup? The initial setup of One Identity Manager requires a solid design and documentation. It is not a tool to be used without thorough planning. The primary installation is complex, with many prerequisites and conditions that must be addressed. Successful deployment requires careful consideration of all design and documentation steps. What was our ROI? It is difficult to quantify the exact return on investment, but we have observed significant benefits in terms of operational efficiency. The same team can now manage many more systems than before, which is a remarkable advantage. What's my experience with pricing, setup cost, and licensing? One Identity Manager is positioned as a premium product. It falls between middle and high in terms of cost, approximately a six to seven if ten is expensive. What other advice do I have? More tests incorporating different use cases and scenarios would be beneficial. It would be advisable for One Identity's testing processes to include real-world feedback and use cases, allowing for more thorough and robust product improvements. I rate the overall solution at least eight out of ten. Which deployment model are you using for this solution? On-premises Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
What is our primary use case? We are using One Identity Manager to change our previous old identity access management platform. Currently, the separation of duties is the most important aspect. How has it helped my organization? It delivers SAP-specialized workflows and business logic. It meets the needs of the most common use cases. It also supports customization for special cases. Its biggest benefit as well as its biggest problem is that it is highly customizable. Usually, customers do too much customization, and then it is not great performance-wise. We started to see how to optimize or support audit processes with One Identity Manager about a year ago. It has been helpful there. It saved quite a lot of time. It did not help us to achieve an identity-centric Zero Trust model, but that is because we need more push from the business or management. It helps automate processes. Our company uses One Identity as an enabler, which would be nice to change. It helps us save on license costs through effective license management. What is most valuable? It is highly customizable, a feature that influenced our company's decision. We can easily customize it. I find it user-friendly. Once you have some experience, it demonstrates best practices and guides you on the correct way to use the tool. What needs improvement? Default connectors work fine, but certain connectors, such as SCIM to SAP Cloud Identity Services connector, have quite a few bugs. They are not so great. Their support can be better. They can also improve testing of their product before releasing new versions. We have had a few critical issues after upgrading to a newer version, which also caused problems with auditing. For how long have I used the solution? Our company has been using One Identity Manager for around seven years, but I have personally used it for four years. I became its developer four years ago. What do I think about the scalability of the solution? We are using it at one location. We have about 30,000 active identities. We have five people working with this solution. How are customer service and support? There is room for improvement. For each ticket, they require logs or traces from the system, even when the issue shows no logs. This requires sending the information back and forth, which consumes a lot of time. After submission, they contact the product team, which often takes one or two months to respond. How would you rate customer service and support? Neutral Which solution did I use previously and why did I switch? I have not worked with other solutions. How was the initial setup? I was not involved when they started implementation, but it was complex. This complexity was not due to the difficulty of implementing One Identity Manager, but rather a lack of business support for our process decisions. Deploying the One Identity Manager solution itself is easy. The documentation is clear. You can do customizations. It can be customized, but it is hard to customize correctly without affecting the system. What about the implementation team? IPG is our partner. They have helped customize the solution for our needs. Their support was alright. It is important that the partner advises to follow the standards because customizations can cause issues. It is better to change the process instead of going for customization. We received very good support from them post-implementation. It is of high level. I would rate our One Identity Partner a ten out of ten in terms of value. What other advice do I have? I would recommend One Identity Manager for sure. It is quite easy to use as long as you find a good partner who can facilitate changes in the process rather than customize it for every single case. Many issues arise from the misuse of the system due to extensive customizations. If used correctly, there would be fewer issues, and it would be a fast, quick system. It can be a bit complex to learn for new users when there is a lot of customization. It has a lot of potential. We try to use it as much as possible, but we are not using it to its full potential. The problem is business support. Overall, I would rate One Identity Manager an eight out of ten. Which deployment model are you using for this solution? On-premises Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
What is our primary use case? It is mainly an identity governance tool. It is being used to collect, for example, any new employee records or employee records in general from HR systems, such as Oracle, SAP, and Workday, and then push it downstream for systems such as Active Directory, Exchange, etc. This is the main functionality of it. The other functionality for it is to have a request platform, such as a web portal, for requests for access, approval, and user-based grants and reviews. How has it helped my organization? It helps the organization to simplify its control over enterprise access and makes the new joiner's process easier. In a small organization with 40 to 50 users, it is not a big deal. You can have one IT guy who is responsible for creating an email account, Active Directory account, Azure account, etc. It will take him one or two days to do it, but in a big corporation with more than 500 employees in different time zones, doing that is a big challenge. One Identity, and IGA products in general, excel at onboarding and offboarding employees with the linking and synchronization with the HR system. This is what they are best at. They remove the complexity because you have your Active Directory created, updated, and disabled on time, and there is no issue with that. There is one fabric for identity lifecycle management, and the access is based on that identity lifecycle management. This is applicable to the whole market for identity governance. It is not just One Identity. You have SailPoint, Saviynt, and others. All of them are good in this aspect. They do improve the organization like that. We can customize it to integrate with any system or application, and we can go deeper in analyzing people's access, creating roles, dynamic roles, and RBAC. They have a very strong RBAC offering, which is a role-based access model offering. If you structure it right, you can do an RBAC with One Identity. I use it for two customers. One is in the Middle East and one is in Europe. I represent the client side, and mostly I see a robust onboarding and offboarding operation with this product. It is very good for both experiences. It is a very structured way of doing things. Movements across the departments and things like that can be handled. It is quite customizable. It is quite good. When it comes to intuitiveness, the clients using IT Shop people are complaining. I have had a client in the Middle East, and then I have had a client in Europe. They all say that IT Shop is not intuitive. It is the same feedback. One Identity is trying to make it better with Angular, but there is a fifty-fifty split. One aspect is how the vendor has designed the portal and the other aspect is how you structure the request and approval process. We are as guilty as the vendor. The vendor has a bad portal, but most of us also have a bad way of thinking as clients. People are not advised well because the adoption and the usage should be driven by the vendor. Instead of doing that, the vendor is just selling. If you talk to a partner, they might advise you, but if you have the wrong partner, you are in trouble. So, people complain about the intuitiveness of the portal, but they are confused because the process is being showcased in a very bad way. To customize IT Shop, they had a strange tool called Web Designer. It is one of the seven tools or seven clients they had. It was not easy to find anyone worldwide who knew how to handle it. You can find developers who have One Identity skill set, but only one out of ten of them would know how to handle the designer tool. In case you need to customize, it was a tough journey. That is why One Identity flipped the narrative by saying that they are going with Angular. We need to run Angular, and they have the REST API. I told them that this is a bad approach because they are assuming that clients have Angular developers, but some clients or some small clients do not have Angular developers. Some clients might have Angular developers but they are assigned to all business units. They are asking us to start hiring an Angular developer or rely on a partner, but is their partner certified to do Angular or not? To me, they did this conversion without any proper thinking or from a very narrow perspective. I do not have complaints about the backend of this tool. Frontend is a major issue. Their roadmap has no consideration for the clients. In the CAB meetings, I have seen how they manage relationships in general. The company mindset is a bit strange. They look at big clients for feedback and opinions, but they do not look at small and medium businesses. They do not care about hearing us, but when it comes to big companies, you see their engineering team circling around them. They have this cultural problem in the company. They are not only selling the products to just a few big companies worldwide. They are selling it to everyone, but there is a lack of inclusiveness. They assume that all the clients have the same technical skill sets to operate this tool, but that is not true. There is an issue with their roadmap and way of thinking. I have also provided this feedback to the head of the company, Mark Logan, during a cab meeting. I told him that they need to fix how they collect feedback and maintain customer relationships. We use business roles to map company structures for dynamic application provisioning. It is very good for that. It works very well. If you implement it right and you are advised very well, it can be magic. It can make people very happy about the tool in the company, which was the case when I was working in the Middle East for my first employer. If you do it wrong or are not advised well about it, it can lead to disaster, which is the case with my new employer where I have been working for two years. We have reached a point where we have 50 roles with the same entitlements, and people do not know which one is which. It is not the fault of the tool. The lack of advice on how to structure and design it well can lead to issues. It is not a technical issue. From a technical perspective, it is very flexible. It can do whatever you want. Partner implementation is the main issue. It can help minimize gaps in governance coverage among test, dev, and production servers, but I have not seen it in practice. Some people do it where you can connect One Identity to One Identity Manager with a direct connection. You can have that. That is one option. The second option is something called transport packages, so it has a good change management label and transport package solution. They have a partner called Intragen, which is a Dutch partner, that created a new product called Deployment Manager. That product does the release management process and testing for CI/CD to a very good level and in an automated fashion. You can buy a product like that and hook it up to One Identity. The tool has the framework to handle this. It is okay in that sense. From a change management and release management perspective, the product has principles. It is not lacking there, but it needs modernization for complete CI/CD. It is very good at helping you streamline application compliance and application auditing if you know how to integrate applications. Most IAM programs or projects focus on users and users in groups, but handling single entitlements or a cluster of entitlements is a different board game. However, I cannot say that it is a One Identity problem. One Identity is customizable, and it is equipped to do that. You can do that. It is an investment issue rather than a One Identity issue. What is most valuable? The best feature of this solution is its flexibility to be customized. It is like a framework. You can customize it very far from its core functionality, and it will still work. The second best thing about the product is that it is rich in concepts of orchestration and event-driven architecture. It works well if you have a development team. For a team that has developers with VB, .NET, or C# skills, it is a very good product. Another thing that is good about this product is its stability. In general, it is very stable. It does not go down that easily. It does not crash frequently. Especially since version 7 or 8, accessibility has been a very good factor. These are the main aspects that make it one of the best products. What needs improvement? In terms of providing a single platform for enterprise-level administration and governance of users, data, and privileged accounts, One Identity is not yet there. One Identity recently bought OneLogin. They already had Safeguard and One Identity Manager. They have started integrating these three tools. I am also on the customer advisory board (CAB) of One Identity, so I have more insight into these things. I know that they started to integrate OneLogin and One Identity just recently. OneLogin is their access management tool. They use it for authentication and for SSO. It is a competitor for Entra and Okta, whereas Safeguard is competing with CyberArk, Delinea, and BeyondTrust. One Identity has indeed done good integration between their three products. However, the platform is not unified. You still need three URLs, which is not optimal. They are going there, but it will take them time. The second thing they are not yet good at is their SaaS offering. They are behind in the market. They started with something in Safeguard, but it is a pretty basic offering. It is still a new baby. They have Safeguard On Demand, but it is just a hosted PAM solution. I did PoC for Safeguard twice. This is how I know this, but I have not used it. As PAM, Safeguard is a good product, but it is not a full-featured PAM like CyberArk or BeyondTrust. They are lacking in that aspect. The integration between One Identity's products is similar to BMC's integratio... Disclaimer: I am a real user, and this review is based on my own experience and opinions.
