What is our primary use case?
We are using it for rights and roles of our users. When we hire a new employee in our municipality, we have their information exported to Omada and, based on which department they are hired for, they will get roles and rights for the IT systems. That's what we use it for right now. We have plans to do more with it, but identity management is a life-long task to enjoy.
The solution is on-premises.
How has it helped my organization?
When it comes to IT audits and reviews, before we had Omada there were a lot of findings about employee accounts that were not properly shut down. They were not in the municipality anymore, but they still had an account that was active. And as soon as the auditor found one, he would go further and dig more. Every time he was here, he found something. We had to spend a lot of energy trying to make this situation better. But as soon as we got up an IDM system that automatically shuts down the Active Directory accounts of people who are not employees anymore, this problem totally went away. We don't have this as an issue anymore. And the auditor is very pleased when he hears that we have an identity management system that automatically closes down these accounts.
The solution has helped to reduce the number of helpdesk tickets and requests. While I don't have exact numbers, our statistics show that the number of tickets is going down. However, that's not only because of Omada. There are other areas where we have improved and become more professional and have helped our users.
What is most valuable?
The most valuable functionality of the solution for us is that when employees stop working for the municipality, they are automatically disabled in Active Directory. Omada controls that 100 percent. They are disabled for 30 days, and after that time Omada deletes the Active Directory account. The same type of thing happens when we employ new people. Their information is automatically imported to Omada and they are equipped with the roles and rights so they can do their jobs. Those are the two main benefits we have at the moment.
The identity governance and administration features are also really good in Omada. There are a lot of possibilities for controlling access rights. We are only using a little bit of all the possibilities in the platform right now, but of course we want to go further and use more of the functionality.
What needs improvement?
Generally, I find the whole solution to be very good. But the way errors in the system are handled could be improved. If you find an error and you need it fixed, you have to upgrade. It's not like they say, "Okay, we'll fix this problem for you." You have to upgrade. The last time we upgraded, because there was an error in a previous version, we had to pay 150,000 Danish Krone (about $24,000 at the time of this review) to upgrade our systems. This is a very big issue for us because 150,000 Krone is a lot of money. And because we have production, test, and developer environments, we had to upgrade them all. The fact that we can't have an error fixed but, rather, we have to upgrade, annoys us a little. That means that we have to pay to get errors fixed that Omada has made in programming the system. I hope they change this way of looking at things.
For how long have I used the solution?
We have used Omada Identity since 2018.
What do I think about the stability of the solution?
We are now at 14.0.6 and its runs very good, - we have no problems.
What do I think about the scalability of the solution?
The scalability of the solution is fine. There are a lot of possibilities to scale from a small business to a big business. You can use part of the system or use the more advanced functionality for creating roles.
We currently have 5,633 employees in the system, and there are 59,000 citizens in our municipality.
We're looking to expand our use of Omada Identity by providing more functionality to the users and the managers in our municipality. Right now, Omada is running in the background. Nobody actually knows that it's there. It's doing its job and people are happy, but no one in our business has access to the platform. We want to make it more visible and to exploit some functionality for the managers, for example, so that they can do more themselves. We also want to have managers do access reviews for all roles they are responsible for. That way, they can say, "Okay, this employee has access to this, this, and this, which is okay. But he also has this right of access and he doesn't need it anymore." This type of access review is something we are still planning to implement, but we are not there yet.
Which solution did I use previously and why did I switch?
Before Omada, we had a solution called NetIQ. That platform was very expensive and there were modules that we didn't buy. If we were to continue with that system, first we would have had to upgrade it, and that would be very expensive, and we would also have had to buy some extra modules, which were very expensive. So instead of just blindfolding ourselves and ordering an upgrade, we examined the market for IDM systems. We took the best-known and looked at their ratings in industry reviews to see which were at the high-end. We invited them for an interview and a demo of their systems, and Omada scored the highest. That's why we choose them.
How was the initial setup?
When we started with this system, it was Omada that hired some temporary project managers to implement the solution at our place, and they did not do a good job. We found out later that something was just not implemented. For example, if we rehire a former employee, we have no process to handle that in the system. We only found out about this after the original implementation. Today, they use their dealers to implement the system. I don't think Omada itself implements nowadays. Maybe it's better that way, but we were not satisfied with the way that it was implemented originally.
Our deployment was a long story because, in the middle of the implementation, Omada gave up and said, "You can go further with a dealer called ICY Security." They handed over the implementation to this dealer. It's difficult to say exactly how long it took, but if I have to give you a number, we are talking about between six and eight months.
Up until now, it has been our dealer, ICY Security, that has maintained the system. We recently took over maintenance of the system and the databases ourselves. But if there is development needed, it will still be our dealer that helps us with this. The whole area of identity management is complex, but ICY Security is doing a good job to help us grow in this system.
What's my experience with pricing, setup cost, and licensing?
It's a fair price for the on-premises system. Compared with what we had before, it's much cheaper and we get all the modules in one.
We tried to go with the cloud, but it was far too expensive. We calculated the costs and to go cloud, it would mean four times the expense for us. That was more than we could get budget for. We have had meetings with Omada to tell them that we want to go cloud, because that's our strategy in many other fields, but that the price is way too expensive. We have told them they have to reconsider the price for it because they will never get any customers to go cloud when it's that expensive.
Which other solutions did I evaluate?
Among the solutions we looked at were SailPoint IdentityIQ, Micro Focus NetIQ, KMD IDM, Ca and 2ndC/Atea.
In scoring the solutions, we focused on user-friendliness. The NetIQ system that we had before was very fixed. You couldn't design it as you wanted. If you adjusted a screen the way you wanted it, there was often something that didn't function. We didn't have the ability to customize it the way we wanted. As a result, the usability of the system was very bad. It was so bad that we couldn't give it to our managers and say, "Here's a platform you can use for self-service." That's why user-friendliness was a significant part of our scoring.
We also wanted to be able to adjust the system ourselves without having to hire consultants. With NetIQ, we had no clue how to do stuff in the system. It was so difficult that we had to call external help every time, and that was not for free. We had to pay every time. Our wish was that, in the next system, we would be able to do minor adjustments ourselves.
And, of course, price was also an issue, not that we needed to buy the cheapest one, but pricing was a parameter that we were looking at. In terms of a reduced total cost of ownership as a result of choosing Omada, I don't have a specific number. Some things are difficult to put a value on. But for sure, we have a better system, a more user-friendly system, and the cost for licenses is much lower. Also, the way that Omada sells the system is that you get the whole package. It's not that you have to buy a module here, and if you need more functionality, you have to buy another module there. You get it all in one purchase. That has also reduced the total cost because we have all the modules.
As for the time it took to get up and running with Omada compared to NetIQ, it's a hard thing to compare because NetIQ was our first IDM system. Before the NetIQ deployment, we had to do a lot of preparation to go into identity management. Implementing Omada was easier, but mostly because we knew more about identity management at that point compared to when we implemented NetIQ.
Finally, identity governance and administration functionality are a lot easier to manage in Omada than in NetIQ. Much easier.
What other advice do I have?
Make sure that all processes are dealt with in Omada. We had some processes that were not described and, therefore, we had problems afterward. The implementation of the system is very important. For example, be sure to have valid and correct data. Garbage in, garbage out. All the work before you push the "Go" button is very important. I think we may have underestimated that when we were implementing Omada.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?