What is most valuable?
- The GUI is very impressive and clean (even cleaner and minimalistic in v7).
- JobQueueInfo does an amazing job tracking all processes.
- Synchronizations are easy to set up.
- Reporting capabilities are fantastic once you get the hang of using Report Editor.
- WebDesigner allows a lot of customizations to be added to the web project.
- Schema and table names are very logical. It is very easy to find something in the database just because of the fact that the naming convention in the schema is very logical and consistent.
- It's a feature-rich product: a suite of very powerful tools with a lot of functionalities once you get the knack of them.
How has it helped my organization?
- Auditing becomes easier from an admin perspective.
- There is more control over everything.
- Processes are much better defined.
- People tend to take some functional roles much more seriously. There were some roles that were very old in the organization but the legacy implementations did not grant much value to them. Q1IM's implementation of those roles really enhanced the value and the role members had clear responsibilities/tasks defined that they had to abide by.
What needs improvement?
- DBQueue processes can bottleneck the system at times. In v7, its apparently re-architectured, and is better. There can be too many of them and they process very slowly, causing actual processes to take a lot more time to complete.
- There should be a way to define fail-over job servers in process steps. Job servers can become a single point of failure.
- Better support for Oracle back end databases. SQL support is good and KBs are easy to find. The same level of support should be available for Oracle if the product claims to support it.
- A better migration tool for v6 to v7 upgrade, especially for the Oracle back end.
- There should be a way to separate out the front end (IT Shop) from the back-end processes. If the submission of a request through the web portal is done and it gets stuck computing something in the back end, the front end control should still be granted back so that the user can continue navigating freely across the site. Currently, if a request is submitted and it is taking time to process, the front end just gets stuck on a spinning wheel (loading wheel).
For how long have I used the solution?
I have used it for ~2 years.
What was my experience with deployment of the solution?
If the requirements can be met through product configuration, then issues don't arise as often. Customizations (depending on complexity) can be problematic at times.
Transporting change labels across environments can be confusing. It should be noted that the content contained in change labels should be documented right from the beginning of the project and all team members should be on the same page.
It's more about getting used to the correct way of working with the product rather than issues with deployment.
What do I think about the stability of the solution?
I have not encountered any stability issues.
What do I think about the scalability of the solution?
We implemented the tool in an environment with roughly 35,000 active employees and over 2,000 service accounts. A few things I noted were:
- The web portal (IT Shop) tends to get a bit slow loading information for certain roles that have access to lookup all employees.
- The admin tools can also get a bit slow while loading too much information at once. For example: Loading user account information under the Active Directory tab in Manager can take a long time.
- We had various rules defined in our scripts for central account generation. One of those included a check in a history table to avoid granting a user name which has already been used in the past thus avoiding collisions. This caused our contractor account requests through the web portal to become extremely slow. Submitting a user account request from the IT Shop could take up to four minutes at times. We had all necessary columns indexed and the code to generate CentralAccount was written by the vendor team itself but the slowness could not be tackled.
- There was always a direct relation between the slowness we faced and the number of employees the environment managed. For example: Account requests used to take roughly 20 seconds in our development environment which had roughly 15k users and almost 25k entries in the history table we maintained to avoid username collision. In our production environment, it took way longer since the number of employees increased to ~35k and entries in our history table exceeded 150k records.
How are customer service and technical support?
Customer service was just average during implementation phase. Technical Support
Technical support is decent overall. However, some SRs took way too much time to resolve for the value they provided.
Some escalation engineers are very knowledgeable and troubleshooting sessions with them can be really worthwhile and informative.
Which solution did I use previously and why did I switch?
We previously used legacy scripts with Microsoft FIM as the backend. FIM was too old and not user friendly at all. It was ancient in terms of IDAM and there were far better products with a lot more capabilities.
How was the initial setup?
Setup was straightforward. Initial JobService configurations ends up being a bit confusing.
What about the implementation team?
It was a hybrid implementation: We had an in-house team and a vendor team during the time of development for the first phase of the project. The second phase was done purely in-house.
The vendor team was not good. It was just average. There were a lot of times when we felt communication was lacking from the vendor side and at times, there were mistakes in the implementation, also. We recognized some errors long after the product had gone live. Overall quality delivered during development was not up to the mark. Average experience during the first phase with the vendor caused us to stick to a complete in-house implementation for the second phase.
Vendor teams (at least in the US) should be trained more about the tool's capabilities. I have heard that European vendor teams are much better with a lot more knowledge about the product.
Which other solutions did I evaluate?
Before choosing this solution we also evaluated TIM, OpenIAM, OIM, and SailPoint. All had week-long PoCs with us. We chose Q1IM (at the time, D1IM). SailPoint was a close second.
What other advice do I have?
It is certainly a leading product in the IAM sphere.