What is our primary use case?
We had several tools over time to try to gain control of IAM, but none of them were capable enough for our needs. We simply had too many systems to work with. We wanted one digital identity for each user and a comprehensive view of each user’s entitlements.
How has it helped my organization?
Before the implementation, it was necessary to create user accounts to give access to every single information system and application. A lot of resources were needed for development, implementation, support and control of identities and their entitlements. Employees had up to ten credentials for various applications. Now, our users have just one digital identity for all of our systems.
One Identity Manager provides one digital identity for each of the university’s 20,000 users. It also unifies and automates all processes in staff’s and student’s lifecycle by interfacing with other university systems. IAM is now more transparent to IT, students and staff, and helps reduce risk by automatically controlling access according to a user’s status.
This new approach to IAM has created huge efficiencies for IT, especially when it comes to managing more than 300,000 rights. Compared to the situation we had before, IT staff now spend less or almost no time for managing identities and rights.
We are located in Europe, so GDPR is a must for us. So, One Identity solution is helping with this topic too.
What is most valuable?
- It gives the best user experience, enabling us total transparency in user access rights.
- We unified business processes for students and staff at enrollment/hiring/graduation/termination of contract in all organizational units of the university.
- It reduced risks by granting adequate access rights to users.
- The best feature is that HR finally took responsibility of it, so not everything is on IT.
- The policy and role management features are important for identity management.
What needs improvement?
Improve the implementation of additional One Identity Manager’s features. This we are going to focus on after an upgrade to release 8.1 will be finished.
For how long have I used the solution?
What do I think about the stability of the solution?
Generally speaking, the solution has great stability, modularity and scalability. We have not had many stability issues until now. However, my opinion is there is still some space to improve performance. Sometimes synchronizations take too long.
If you previously used a different solution, which one did you use and why did you switch?
We had several tools over time to try to gain control of user accounts and their privileges. But none of the solutions were capable enough to cover all our our needs. We simply had too many disparate systems to work with. We wanted one digital identity for each user and a comprehensive view of each user’s entitlements. Plus, we needed to ensure we could control those entitlements easily.
We noticed that One Identity Manager was positioned well in Gartner’s Magic Quadrant for User Administration and Provisioning, based on its evaluation of One Identity Manager.
How was the initial setup?
The initial setup was complex. We have a lot of different systems. But, we started step by step with connecting active directory for employees to the IAM system and with data and business processes consolidation. Then, we used the same approach for all our students’ identities and related processes. Many processes we had to redesign, but the main benefit is the processes are much more simplified now. Yes, the journey from introducing One Identity Manager solution to joining all the systems was difficult, but we have reached our final goal.
What about the implementation team?
We have a valuable partner located in Slovenia, who is helping us with analysis and architecture. They advise us with many best practices and are responsible for the implementation and technical aspects of the solution.
What was our ROI?
This solution helped us to reduce help desk calls. Before the implementation, people were calling because they didn't have access to some systems, etc. After the implementation, we implemented the application access metrics - authenticated users may conduct only previously authorized transactions. Now, all our users have access to these applications when they get their digital identity. Thus, there are no more calls to help desk.
What other advice do I have?
While our journey to find a solution was tiring and we invested a lot of work and knowledge, our expectations have been reached and even exceeded. It's really good to invest time and money in a solution which offers you something that all users, not just IT, can use.
Sometimes, the solution is flexible. However, the customer should sometimes be flexible to the solution, as well.
Those who worked on this implementation now spend less time on user rights, etc. While it lowered their workload with this solution, they are now working on something else.
Disclosure: I am a real user, and this review is based on my own experience and opinions.