What is our primary use case?
Our clients use it to onboard apps for provisioning, not just collections. They use Omada for provisioning to business applications, such as SAP and PeopleSoft. They use ServiceNow as the front door to that but Omada is for their accounting and their HR business applications. It's mostly used for the governance piece, certification—GRC.
Compliance is often what the issue is for our customers. They want to hurry up and get these products onboarded and set them up for provisioning for their business application, so they can meet whatever regulatory compliance controls they're trying to meet.
We're an Omada partner/vendor. We implement both their on-prem and SaaS versions.
How has it helped my organization?
From a security perspective, we've got customers that are failing audits or that are in danger of failing audits, because they can't do certifications. While it's not necessarily an improvement to the way their business functions, Omada certainly helps customers remain compliant with those audits. It makes them more efficient, and it's easier for them to support the audit requirements they have to remain compliant.
The solution also helps reduce total cost of ownership. In cases where they're swapping out Oracle, or they're swapping out RSA's Aveksa or IGO product, it's certainly reducing total cost of ownership. And, when we're moving clients from an on-prem, legacy IGO or IGA solution to the cloud solution, they no longer have the infrastructure issues and it's a lot easier to maintain. It's not as complex as an Oracle. Certainly, when we're replacing some of those legacy systems—IBM, Oracle, CA—it definitely reduces total cost of ownership.
Another benefit is that it has helped to reduce the number of helpdesk tickets and requests, specifically when combined with ServiceNow, which we've done in a couple of instances. In that scenario it drastically reduces the helpdesk tickets. Omada has the workflow built into it that allows a lot of work that used to be done through the helpdesk to be automated. We try to build more automation into the system in an effort to reduce the amount of support that's required for it.
It has also absolutely reduced the number of audit fines that our customers receive. A few of our Omada customers have either had audit findings, or did a pre-audit and knew the findings were coming, or they were trying to clean up from an audit finding by using the solution to do so. We see a reduction in audit fines in at least half of the cases where we implement the product.
What is most valuable?
The most valuable feature in Omada is the governance. We work with other products and other product vendors, but the sweet spot in the market for Omada is where things are heavy on governance.
What needs improvement?
I would like to see them expand the functionality of the tool to continue to be competitive with the monsters out there. For example, they could add functionality on the authentication side, functionality that Octa and SailPoint have. But they should do that while maintaining the same simplicity that makes Omada a product of choice today.
For how long have I used the solution?
We've been working with Omada for four or five years now.
What do I think about the stability of the solution?
We have a lot of choices out there in the market to spend our time on. We've chosen Omada as one of the products that we support. It has been very stable. We haven't seen any issues related to stability so far.
What do I think about the scalability of the solution?
When it comes to scalability of Omada's cloud-native SaaS solution, we've used it with a Fortune 10 customer and a Fortune 100 customer. It's definitely scalable. The fact is, we're connecting it to SAP which is running the internal organizations of some of these companies. It's a new product, so it probably hasn't gone through enough Fortune 500 companies to say that it has been fully tested at that scale, but the customers that we work with are pretty significant customers.
In terms of our customers increasing usage of Omada, if they've gone through the process, they have a prioritization of the applications that need to be onboarded to an IGA tool. Once they get those high-priority applications onboarded, there's the never-ending list of additional applications to get onboarded. The priority for onboarding applications could be business-related, it could be audit-finding related, or it could be SOX-related. The client makes that determination.
We've integrated the product with CyberArk and ServiceNow, to automate some of the helpdesk support that is typically required. Most of our customers are at the stage where they're saying, "Hey, let's get this Oracle HR product onboarded as our system of record, and work from there to onboard the other apps." Most customers, even the small customers, have an endless list of applications that need to be onboarded, once they have onboarded their highest priority applications.
How are customer service and technical support?
We have relationships with Omada from the chief revenue officer, all the way down. When we really need to make something happen, we can put that call in and make it happen.
But from what I know from our customers that have used Omada's technical support, they seem to believe those guys to be as adequate as any of the competitors in the space.
How was the initial setup?
The complexity of the initial deployment of Omada depends on the customer. But one of the reasons we chose to become a product vendor for Omada is because of the simplicity. It's the perfect fit for a lot of customers that don't need the complexity of an Oracle, or of a CA, or even a SailPoint. That's one of the main factors that attracted us to the product.
The implementation strategy is going to depend on the customer and where they are in the process. The pre-implementation strategy is to find customers that meet what we've defined as the sweet spot of customers, where Omada is the best fit for them. They are customers that are looking for this, this, and this, they're this size, and they're at this stage in their maturity model. We like Omada for the SMB market because you can get your hands around an implementation. You can get them on the cloud version and get them up and running pretty quickly.
If it's a customer that doesn't require a lot of complex workflows, it's a simple product to get installed and get up and running. However, it still does have the heft to be able to support some of the more complex custom configurations and workflows, if they need that in the future.
There is no such thing as an "average deployment," but 90 days would not be a stretch for getting some of our clients up and running and getting an app or two onboarded, with some pre-built-in workflows.
The number of staff required for deployment is also deployment-specific, but we'll typically have a team of between two to ten people, depending on the size of the deployment and what the customer wants to do.
Some of our legacy clients—and when I say legacy, I'm talking about two to three years ago—are using the on-prem version. Whether a client goes with the SaaS or the on-prem really depends on what the customer is looking for. A lot of customers are going for SaaS because of the "flash-to-bang." The pitch is that with one of the starter packs, you can get them up and running with a system of record in a shorter amount of time than with the on-prem version. That's typically the preference. Customers want to get up and running. They're running from an audit, they're running to meet compliance, they're running for a deadline. They typically want to go SaaS so they can get some quick wins under their belts. The on-prem takes a little bit more coordination with their onsite technical and security guys.
What was our ROI?
The ROI that we see is the "flash-to-bang." You can get in there and get the implementation up and running.
There is definitely also ROI, that I can't quantify, in getting clients compliant with findings and in getting their highest priority applications up and onboarded.
Where we do see a lot of ROI is with the cloud version in particular. When we do these implementations, we require time from the customer's internal IT staff. With COVID, those guys have been busy making sure folks can work remotely and protecting themselves from all the different threat vectors that have presented themselves during COVID. The cloud version requires the least amount of time of the internal IT staff, so there is definitely ROI there.
What's my experience with pricing, setup cost, and licensing?
Omada continues to be very competitive on pricing, especially on the Omada cloud product.
Which other solutions did I evaluate?
In terms of the solution's IGA features, I'm not going to say Omada's are pretty broad but there is enough breadth there to support some large customers that are using that product. It's definitely compatible, in terms of breadth, with other products out there in the market.
We support SailPoint. We've done a little work with Saviynt. We've worked with some of the legacy solutions, like Oracle OIG and RSA. We're familiar with other IGO and IGA solutions in the market.
Compared to some of the more complex tools, with Omada you can cut the implementation time in half, or even more than that. We look for the customers that fit that Omada mold. For the customers that don't have the complex workflows, and where you don't have to wade through 37,000 guys in their IT shop to make something happen, it's certainly a much easier product to get installed. That's why we like it.
But there is competition. All these vendors are now offering cloud solutions, like SailPoint's IdentityNow. Saviynt is a cloud-based solution. But when it comes to some of the legacy ones, you can certainly reduce your implementation time by 50 percent or more.
And on the pure governance part, Omada is definitely maintaining some of the same functionality as the other vendors out there in the market. It's not going to have all of the functionality of the SailPoint on-prem version. But it's more than adequate for the average customer.
What other advice do I have?
The only advice I would give is the same advice I give anywhere: Know your requirements and then make sure that the Omada product is the product that best fits your requirements. If it does, you can get it in and up and running in a more reasonable amount of time than some of the competitors on the market.
What I've learned from using the solution is that Omada has a certain place in the market. When we find a customer that has the set of requirements that Omada is a really good fit for, we can get them up and running pretty quickly, without their having to spend a ton of money, and without their having to spend a ton of their internal IT resource time. Omada is probably marketing to everybody, but for us, there's a certain customer where we say, "Okay, they're heavy on this, they're light on this, they want this, they have this issue, that issue, and this requirement. Okay, perfect fit for Omada." When we find that, we end up with really happy customers because we can show them some progress in 30, 60, or 90 days, as opposed to a two-year deployment in other cases.