Omada Identity Reviews

Our final goal is the entire process of identity management including provisioning, de-provisioning, roles-based access, review-based access, and things like that, but first, we needed to replace the old legacy system. That was successfully done last summer.

The main business case was realizing a unique joined identity process because we have students and we have employees. We have external contractor employees, and we have partners who work for our organization and need digital or physical access to our environment. Because of that, Avans wants to use a single identity and an identity for life. If a student who once studied at Avans becomes a teacher or an ICT employee five or ten years later, he or she should have the same identity back with the same UPN or email address, so we have to guarantee an account for life.

Because of the source systems, we know it is a student, which studies they do, and, for employees, we know which department they work for and if they are a teacher or non-teacher personnel and things like that. Based on all those attributes, we have business rules guiding them towards a set of rights. From the moment they agree on the standard basic rules, we get their accounts created. We allow them to have access to that particular account. After the account is created, group memberships are assigned. Through runbook script, Omada sets the right into our Azure Entra ID environment.

Every implementation has some hurdles. Not everything goes 100% smoothly. In our organization, we have a lot of processes and an enormous amount of students starting the study year on the first of September. During this period, we have a lot of students coming in. We have been able to clear any hurdles because everything is traceable within Omada, and we also got the help of the Customer Success engineer from Omada. We were able to pinpoint any problem that would have impacted not only one person but hundreds or thousands of students or employees. In a very short duration, we were able to solve all the problems. That gave me a good feeling. We were expecting problems, but when any problem occurred, they were flexible and very fast in providing answers and solutions.

We did an evaluation almost three years ago in which Omada won. Within Omada, a lot of things are possible, and we have used only a few features. We had a go-live in July, and we are now closing the last features that are a part of the delivery plan for the go-live. So far, the implementation that we have is a replacement of the business logic of our old system. We are aware that Omada Identity can do more, but first, we need 100% synchronization with systems like Azure Entra ID. We are not there yet, but we are aware that it is possible. We have a standard way of onboarding, so we also know what to do when someone leaves a branch to remove those rights. However, within our organization, we still have other groups that are given access manually within other systems. We first have to synchronize with those systems or align with those systems before we can use Omada Identity to take control of removing an employee's access as soon as that employee leaves our organization.

We use Omada Identity for role-based access, but it is still very basic. It is on our roadmap for this year to continue with role-based access and provide departments and teams with the ability to add people to their environment based on the workflows available in Omada for group membership. The group membership is done by roles, and based on what kind of role someone has, the person is provided with certain software licenses, certain applications, certain data structure rights, etc.

Omada Identity has helped to automate reviews of access requests and reroute them to the appropriate people.

Omada Identity has had a good impact on our IT Team's operations efficiency. More and more things are automated. Only a few steps require manual decision-making. Its effect is very positive on our daily activities, and it will improve more and more.

What I like most is that we can always find a solution, and we can also find the cause when something goes wrong. I like that the most because everything is in one way or another traceable. That is what I like most. I like its reliability. 

Omada keeps on releasing new features within their product. We also have our own functional features. The roadmap of Omada quite aligns with our roadmap. The features available in Omada Identity suit our business case.

In our organization, all the data is event-driven, which means that if an attribute is changed in the source system, it can be updated within a few seconds in all end-user systems. There is room for improvement in Omada regarding that. Omada is still batch-based for some processes, so sometimes it can take an hour or even four hours before the execution is run and the update is sent. We know that 100% real-time synchronization is not possible. There is always a delay because of system utilization and things like that, but we try to achieve near real-time. If someone is locked out for a reason, we want to find the reason, resolve the issue, and resume the access for that user to enable him or her to log in within a few minutes. With Omada Identity, sometimes, it takes a quarter, and sometimes, it takes more than an hour. It sometimes also takes more than a day before access is given back to their user. There is always a good explanation for that, but that does not bring us as real-time as we want it to be. In the future, Omada should move towards a real-time and event-driven system.

We have been using Omada Identity since July last year. We have been implementing it for two years upfront.

It is stable. I would rate it a nine out of ten for stability.

We have about 32,000 students, but that number fluctuates. Overall, we have about 4,800 identities for the staff. Some of the teachers work only one or two days, and some of the interns work only a few days.

It is very capable of scaling based on the needs of our organization. We have just started. We have to see how things go in the future, but I am very confident of that.

So far, we have Mads as our customer success manager. He is a very good engineer. He is almost a part of our team, so that works fantastic. We are now closing the go-live, and as we start using more and more roadmap features ahead, I hope that Mads will keep that connection with Omada for us. That was the biggest part of the success.

Positive

We had a Novell solution based on Novell directory services, and later on, that changed to the Micro Focus NetIQ solution. In addition, as our IBM tooling, we had a home-built database platform where we had some processes provisioned. They have already been migrated to Omada, and there are still some more to come.

Avans University is quite ambitious. As per our goals that we wrote down a few years ago, by 2025, we want to be more flexible. We wanted to provide students with a more flexible way of doing their studies. Until now, students come to an institute and do a course, and in that course, the path is already defined. The future students would be in control of their own study much more than in the past. A student in the future can decide to have a part of its curriculum from Avans and another part from Amsterdam University or another university. When they have enough certificates within a branch, they get their degree. It is no longer required that everything is done within one institute, so a student can follow a particular course, and then follow another course in another city or institute. For us to be able to do that, we have to be more flexible. We have to have a system that can cope with a lot of changes coming in the near future. The solution we had was not capable of doing that, so we ended up doing a new tender and looking for a solution that was cloud-based and flexible enough for a constantly changing environment. Our organization will constantly change, and the IAM system must be flexible enough to cope with that.

Omada has not helped us consolidate disparate systems for access management. We replaced the old system, so that is a one-on-one replacement. Now that we have installed it, we can start using Omada for workflows and things that we have automated in other systems. In the future, we will have more processes provisioned through Omada. It will start helping us there.

For us, it is a SaaS solution. Omada was one of the top solutions in our tender because of the capability of doing all from the cloud. Its implementation took us about two years.

In terms of maintenance, we have to execute the updates ourselves. Omada tells us that there is a new release, and we can execute it ourselves. Within a time period, we can allow it to happen, which is nice. Within the system, we also have our configured workflows. We have to keep checking that everything is running properly. When there is an update done by Omada, we test it in staging before releasing it in production. We want to ensure that our most important flows are doing exactly what they are supposed to do. That is what I call maintenance.

Omada used a value-added reseller to do the implementation, and things went wrong there. They were not capable of doing SaaS implementations. They were capable of doing on-prem implementations. We were the first or second SaaS customers, and they were not capable of delivering the solution we requested in our tender, but we knew that Omada was capable of doing so. Omada then took over in March or April 2023, so the actual implementation started in March or April, and we went live in July 2023. At the end of February 2024, we are closing the activities from that go-live in July. For me, it was successful when we directly got it implemented from Omada. 

When Omada took over, there were no issues at all. They provided us with what we needed. The most important feature for us was the identity join check process for which we needed an improvement. It was quite a big improvement, but Omada fixed it with extra code, specially built for Avans.

I would rate Omada's implementation services an eight out of ten, and I would rate the third-party provider one out of ten for the effort.

It is not cheap. It is expensive, but compared to what we did almost three years ago, it is value for money. It is worth it.

I would recommend Omada Identity if you are an institute like Avans or an enterprise. If you are a small business, I would not recommend it.

We plan to use more features as we go on. We will use the governance features of Omada Identity as we go on. We have not prioritized the governance features of Omada. They are very important to us, but we have to first align and connect a lot more systems before we can fully profit from the governance possibilities. Similarly, we have not yet used Omada Identity Analytics. Our go-live implementation was a replacement of our old system. Since then, we have released some of the end-customer features, and now we are starting with extra features.

Within the educational IT environment, security is our top priority. It has always been a priority and in the future, we need to prioritize that more and more. Omada helps us, but our Security and Safety department itself has ICT security as the top program running right now where security must be in every part of our environment at every second and in every decision we make. Having Omada implemented during that program makes us aware that we are quite good, but there is always room for improvement. Omada can help us with that a lot.

Omada Identity has not yet saved us time. We have mostly replaced the functionalities that we had from our old system. In the near future, we will have more automatic provisioning. People will also be able to provision other colleagues and things like that. It will help us a lot in terms of time savings, but so far, the time savings are similar to what we have had in the last five years.

Overall, I would rate Omada Identity an eight out of ten.

In general, we use Omada Identity for managing the lifecycle of identity access. This includes onboarding new employees and granting them access to various resources within our company, such as File Share or Ship Insight, among others. Additionally, for organizational transfers, when employees change departments or switch to a subsidiary, we rely on the old identity lifecycle management for the workforce.

Omada Identity provides a clear roadmap for deploying additional features. We maintain regular communication with Omada, engaging in daily contact. They organize various meetings, team meetings, and Omada user groups where they provide us with insights regarding their upcoming plans. 

The Roadmap helps us to get additional features into production. Omada has a user voice portal where customers can vote on different feature requests, contributing to the advancement of the roadmap. Omada listens to the customer and responds to our requests. 

Before we had Omada Identity, we had developed our own solution, which was somewhat redundant from a process standpoint. Consequently, there was a lack of connection between systems. We faced a shortage of connections and connectors to other IT systems. Omada Identity presented a significant improvement for our IT department. For instance, SAP and our HR system were not integrated with our identity access management systems at all. Therefore, every onboarding, offboarding, or organizational transfer required manual entry into both SAP or HR system and the IdentityX management system. However, with the implementation of the Omada Identity Suite and its connector, these processes now occur automatically.

Omada Identity Analytics enables us to make informed decisions more quickly than we could without it. Previously, we lacked any form of reporting. Our previous version had its own developed Identity Management system, but there was no reporting capability. In the past, we had to extract data from CSV and Excel files. Since implementing Omada Identity, we have extensively utilized the reporting and Key Performance Indicators along with the compliance dashboard to identify unapproved access. This is particularly important for access management and understanding what is happening in the background. We can now easily identify instances where there are no approvals or instances of non-compliant access permissions that have been manually granted by an administrator, bypassing the IM process. This has been tremendously helpful. Additionally, we now have the ability to provide heads of departments or team leaders with specific reports on their employees and their access permissions, which was not possible before.

The manual overhead from an IT perspective is practically nonexistent now unless we need to deploy another report. Previously, when we didn't have it at all, the IT workload perspective was at 100 percent. Currently, I would estimate it to be around five percent. However, this five percent only applies if there are questions regarding specific reports or KPIs, or if a new KPI or report needs to be defined or created. But when it comes to generating them, the workload is reduced to zero. The type of work has shifted from creating reports, KPIs, and views to the current situation, whereas before it also involved creating exports and delivering them to the department head or team leader.

Omada Identity Analytics has helped to reduce the cost of our IGA program. Every manager or project leader can generate their own report with just a click of a button, without having to wait for filing a service ticket. Instead of relying on a support person to pull the ticket, create the report, and send it back, there is now minimal back and forth to ensure the answer is appropriate for the question, thus saving time.

Omada Identity is configured to revoke an employee's access immediately upon their departure from our organization. If an employee encounters an issue during the day or engages in activities that violate company policy and are non-compliant, there is an emergency lockout procedure in place to swiftly restrict access to their account.

We frequently utilize Omada certification surveys to certify positions and ascertain their relevance to our audit requirements, such as ISO or TFAX, as well as when an employee undergoes a role or department change.

The recertification is primarily based on resource levels. There are only a few roles assigned by HR. For example, if the head of a department has specific access to certain resources such as mailing lists or SharePoint sites. However, if they lose this title, they will automatically lose these permissions or access. This is the only aspect related to roles. Everything else is based on explicit resource permissions. Therefore, it requires explicit requests and approvals, and it also needs to be explicitly recertified. 

Omada Identity helps us maintain compliance and security. We no longer encounter the classic scenario where a student or someone moves between departments, collecting permissions from each department along the way. As a result, we don't end up with the most powerful employee in the company. This is because every time someone changes departments, a recertification process is initiated to verify if their access is still appropriate for their current or future role. Additionally, this system helps us identify obsolete resources. We can now see resources that have been inaccessible to individuals for months. This enables us to reach out to the resource owner and inquire if it is still necessary to maintain access to a particular File Share or SharePoint site, given that nobody has accessed it for the past three months or so.

Omada Identity helps save time on provisioning access for identities. Because we have a better ability to utilize connectors, such as those for SAP or Azure Active Directory, we have been able to connect an increasing number of systems over the past two and a half years. This is a significant improvement compared to our previous capabilities thanks to the ability to set up connectors. I understand that this improvement is not unique to Omada, but it has greatly enhanced our operations compared to what we had before. The process of connecting, provisioning, and de-provisioning is all automated.

Omada Identity is more sophisticated than the previous version, so we transferred the access request reviews to Omada. As a result, we now have the ability to incorporate more approval steps for medium-level permissions. This process is automated through the workflow. While we had this capability before, it doesn't represent a significant gain for us. The only advantage we have now is the inclusion of multiple improvement steps that were previously absent. For instance, the head of a department and someone from the finance team can both provide oversight since this involves financial reporting and control. Additionally, these steps must be approved by someone from the controlling or finance department.

The most valuable feature for us is the ability to set up connectors to various IT systems and offer a wide range of supported connectors. These predefined connectors include ones for SAP or Azure Active Directory. Moreover, if these are insufficient, we have the option to create our own connectors by scripting using different script languages.

The web GUI can be improved. 

I have been using Omada Identity for two and a half years.

The technical support team has specific response times. Additionally, we have an Omada consultant present on our site every day. In case the discussion with the support team veers off track, the consultant steps in to redirect it. Moreover, they have access to internal information and can communicate with the support team internally. Having these on-site consultants gives us an advantage, as we are not solely dependent on tech support.

Neutral

We switched from our previous solution because we wanted to eliminate the platform. Our previous solution was driven by IBM Lotus Notes, and we had a significant project years ago when we transitioned from IBM. At that time, we moved from IBM Lotus Notes, which included email, shared collaboration, and identity access management, to Outlook, Skype Teams, and SharePoint. The decision to move away from the IBM Lotus Notes platform was primarily driven by the need for a different platform. 

Due to our prior experience with the system, which had thousands of users and resources, the migration process was relatively straightforward for us. Since it was not related to the grid field, we had all our necessary resources. We had to migrate both our system and our processes, including company policies for onboarding employees and the necessary steps that should occur, such as setting up an executive account. Overall, the migration process was relatively straightforward due to our existing processes and the commitment of our management.

I give Omada Identity an eight out of ten.

The user-facing web front end has some confusing features. For instance, while the website is loading, it does not block user input. This means we can type while the website is loading, but everything we typed is lost once the loading is finished. So, to simplify, both the web front end and the user-facing interface need improvement. Omada is aware of this and acknowledges it. Although it may not be openly discussed, the people behind the product are dedicated to making it better. It's actually a compliment that the people are more impressive than the product itself, and it should always be this way. They are actively working on addressing the issues and we have seen some improvements over the years. In the last couple of months, they introduced a new user interface, but there is still room for further enhancement.

We use Omada Identity for role-based access control when the roles are coming from HR, the head of a department, the project manager, and a few others. These are the only roles we currently have and use. However, I wouldn't blame Omada for this. It is because our organization has not yet defined these company roles. Currently, we are in the process of identifying the first responders within the company. These roles include IT service desk agents and similar positions, but they are still being developed from the company side. Once that is completed, we will discuss it with Omada and, in fact, we have already begun the setup process in Identity Suite over the past few weeks. But for now, it is mainly driven by HR.

We have centralized IdentityX management for the entire organization. This was the case before the introduction of Omada Identity, and it continues to be the case with Omada Identity. There are certain situations, particularly those involving high confidentiality and secure financing matters, where we do not use Omada for provisioning and de-provisioning. For instance, we do not utilize it for high-privileged domain administrative accounts. The reason for this is that if we were to do so, the consultants working with us on a daily basis would have implicit full permissions to our critical systems. Hence, we have imposed an access level limit. In cases where we do not fully integrate Omada Identity, we manually set and provide the highest level of permissions, in line with company policy.

For training reasons, we were unable to keep pace with the accelerated development in the warehouse. We lacked the necessary system connectors, and HR was handling onboarding in the HR system and our IAM solution. Developing an HR connector internally proved to be beyond our capabilities, as it falls outside our core competence in the current business cases. Therefore, this becomes an additional reason for considering the Omada Identity platform.

The comprehensiveness of Omada's out-of-the-box connectors for the applications we use is, for the most part, satisfactory. They generally perform their intended functions effectively. If we have specific requirements, they accommodate them by allowing us to input our username, password, or tenant ID for Azure Active Directory. They continue to fulfill their designated tasks without issues. Therefore, there are no complaints about this aspect. However, if we have additional requirements, we may need to make adjustments accordingly. Nevertheless, for the most part, we can configure everything within the web portal without resorting to complex modifications in files or the database.

We use it for identity management. Our source system is SAP SuccessFactors. It is a human resource assistant. We do imports there, and we have connections to other applications. For the suppliers that we have, we make partner identities.

We also use it for resources. People can ask for resources through the Omada portal. As a resource owner, you can deny access to a resource. If someone no longer needs access to a resource, you can revoke the access. You can do a lot with it. It is a wonderful system.

We have used Omada's certification surveys to recertify roles or to determine if roles are relevant. It depends on the application, but we do surveys with the resource owners and system owners as well. System owners are the ones who have to say whether a role is okay or no longer necessary. They have to let us know. We do this for the administrator accounts. We have some roles, and when people ask for an administrator account, we can choose the right role. Previously, the way we worked was that we were told that someone needed the same role as so and so. The problem was that some people had been working for a long time and had more rights than what was necessary for their current job. With roles, we can give people the right amount of rights for the job they are doing at the moment.

It helps us to stay compliant and secure because there is an end date and rights and roles are disabled. If somebody does something that is not alright and we want to block the account immediately, we have a process. It takes a few minutes, and the account is blocked and the pass that they have for the building no longer works. They cannot get into the building. It is more secure now.

We use Omada for role-based access control. The system for the pass that you need to access the building is joined with Omada. If you work in a special organization unit, you have more rights than everybody else. It is very easy to give the right roles and rights to people. If your application is joined with Omada, we can easily do that for you.

In terms of time savings, I do not have the metrics because we first started with MIM and then came to Omada, but I know that when we started with EIM in general, we cleaned up more than 500 accounts of people who were no longer working here but still had access to the system. That was a huge eye-opener as well. It is a lot safer now. We probably do not have to make accounts by hand anymore, and everything goes automatically. Even our administrator accounts are made through Omada, so it is automatic. We can make an account in five minutes, and if we have 100 people every month, it is a lot of time-saving.

Omada has helped to automate reviews of access requests and reroute them to the appropriate people. We have a process for that. You can request for anything that is possible. You can ask for the application-specific roles. You can ask for the administrator role. You can ask for everything in Omada yourself. You do not need anybody else. The resource owner and the system owners decide whether it is okay.

You can make resources. You can import them from Azure or Active Directory and put them in an application. For example, if there is an application that uses a lot of Active Directory groups, you can make the groups available for people. If they need to access that application, you can tell them the resource groups you have for that application. People can do everything by themselves. They do not need anybody else. They can just go to the Omada portal, and they can do it all by themselves. That is terrific.

We are still on Omada on-prem, but I understand that when Omada is in the cloud, you cannot send an attachment via email. We have some emails with attachments for new employees because we have to explain to them how to register and do their multi-factor authentication. All that information is in the attachment. People have to do that before they are in our system. We cannot give them a link to our Intranet and SharePoint because they do not yet have access. They have to register before that, so I need to send the attachments, but this functionality is not there in the cloud. They say it is not possible to add an attachment to the email, but for us, it is very important to be able to do that. I heard from my consultant that they informed Omada about this bug, but Omada said that it was not a bug. That is a bit of a shame. They should look before they say no because if it is a bug, people can work around it with PowerShell or something else. However, it is always better if you do not have to work around it because then you have a layer of PowerShell scripts around Omada to get it working, and I do not think that is how it is meant to be.

When there is something wrong, you have to look at the error code book in Omada, which is very difficult to read. You sometimes get an error, but the message in the error does not say anything. It does not help you to know what is wrong. For example, today, I did a survey, but the email was not sent. I do not know why. We did the same in the test environment and then moved it to production. In the test environment, emails were sent, but in production, emails were not sent, and I cannot find out why. There is also no error. It is sometimes difficult to know why things are not working. It should be easier.

We started with Omada Identity sometime in 2017. We had to first make everything ready in a test environment. We went to the production environment at the end of May 2018.

It is good. Omada is better than working with MIM. It is more stable.

We have about 8,500 people in our organization using it. Our team has six administrators, but not all of them are working with Omada all the time. I am the one who works the most with Omada.

We have a consultant from Traxion. He helps us with everything related to Omada. If there is something wrong, we go to Traxion.

From Omada, I only get emails when there is an update, and I can join their sessions where they tell you what is new. I do not get a clear roadmap from Omada for getting additional features deployed, but I have a terrific consultant from Traxion who tells me about a new feature, explains what it does, and asks if we can use it. I get all the information from him, not from Omada itself.

I had not used any other similar solution previously. 

I do not know if Omada has helped us consolidate disparate systems for access management. I did not work with the IT organization before I went to EIM, so I do not know what there was. Most probably, there was not anything. What I do know is that they started the project to get Identity and Access Management four times before they got it on the road with NIM and then with Omada. So, four times, they could not get it on the road or in production. It did not work, but we now have a very good working system. We only have Omada. Since July, we have not had NIM. We still had some of the things in NIM, but now, everything is in Omada, and it works.

Its deployment was very easy. To get everything ready, it took about a month or a little bit longer than that. We already had MIM, so everything that we had in the portal had to be built in Omada.

It is deployed on-premises, and we are using its latest version. We are working very hard to get everything standardized so we can go to the cloud. We have a lot of custom stuff, but we are doing our best. The email attachment issue is a big issue for me because I do not know how to get the right information to the new people then.

I was in a project in 2017, and we had to assess Omada to see if it had a better portal, and it was user-friendly. We started with Omada at the front end. I was like a functional advisor. I was involved, but I could not say which tool we would use. It was more like, "We are going to use Omada, and you have to learn to work with it and do your thing."

To those who are interested in using this solution, I would advise starting with it. It is terrific. It is a nice program. For users, it is very easy to access.

We recently let another potential customer of Omada see what we do with Omada. They were so happy. They said to us that they would contact Omada to get it.

Omada can be set up to remove an employee's access as soon as that employee leaves the organization, but we have a grace period of seven days. We have some managers who sometimes forget to extend the account and change the end date. When the first of the month is on Saturday and their employee has to work on Monday, they have to expand the account and change the end date. So, as a grace period, for the first seven days, we do not revoke any rights or resources. After seven days, we do that. The only resource we revoke right away is the Office license because that is a lot of money.

Omada Identity helps to save time when provisioning access for identities, but in my human resource organization unit, there are some people who make mistakes, and most of my time goes into cleaning up their mess. They put somebody in their system twice, so I have them twice in Omada, twice in Active Directory, etc. I have to bring this to their attention and ask them to hide one because otherwise, everybody can see them in the address book. They have to clean it up. After they clean it up, I can remove them from Omada. Humans make mistakes.

Overall, I would rate Omada Identity an eight out of ten.

We are using it for rights and roles of our users. When we hire a new employee in our municipality, we have their information exported to Omada and, based on which department they are hired for, they will get roles and rights for the IT systems. That's what we use it for right now. We have plans to do more with it, but identity management is a life-long task to enjoy.

The solution is on-premises.

When it comes to IT audits and reviews, before we had Omada there were a lot of findings about employee accounts that were not properly shut down. They were not in the municipality anymore, but they still had an account that was active. And as soon as the auditor found one, he would go further and dig more. Every time he was here, he found something. We had to spend a lot of energy trying to make this situation better. But as soon as we got up an IDM system that automatically shuts down the Active Directory accounts of people who are not employees anymore, this problem totally went away. We don't have this as an issue anymore. And the auditor is very pleased when he hears that we have an identity management system that automatically closes down these accounts.

The solution has helped to reduce the number of helpdesk tickets and requests. While I don't have exact numbers, our statistics show that the number of tickets is going down. However, that's not only because of Omada. There are other areas where we have improved and become more professional and have helped our users.

The most valuable functionality of the solution for us is that when employees stop working for the municipality, they are automatically disabled in Active Directory. Omada controls that 100 percent. They are disabled for 30 days, and after that time Omada deletes the Active Directory account. The same type of thing happens when we employ new people. Their information is automatically imported to Omada and they are equipped with the roles and rights so they can do their jobs. Those are the two main benefits we have at the moment.

The identity governance and administration features are also really good in Omada. There are a lot of possibilities for controlling access rights. We are only using a little bit of all the possibilities in the platform right now, but of course we want to go further and use more of the functionality.

Generally, I find the whole solution to be very good. But the way errors in the system are handled could be improved. If you find an error and you need it fixed, you have to upgrade. It's not like they say, "Okay, we'll fix this problem for you." You have to upgrade. The last time we upgraded, because there was an error in a previous version, we had to pay 150,000 Danish Krone (about $24,000 at the time of this review) to upgrade our systems. This is a very big issue for us because 150,000 Krone is a lot of money. And because we have production, test, and developer environments, we had to upgrade them all. The fact that we can't have an error fixed but, rather, we have to upgrade, annoys us a little. That means that we have to pay to get errors fixed that Omada has made in programming the system. I hope they change this way of looking at things.

We have used Omada Identity since 2018.

We are now at 14.0.6 and its runs very good, - we have no problems.

The scalability of the solution is fine. There are a lot of possibilities to scale from a small business to a big business. You can use part of the system or use the more advanced functionality for creating roles.

We currently have 5,633 employees in the system, and there are 59,000 citizens in our municipality.

We're looking to expand our use of Omada Identity by providing more functionality to the users and the managers in our municipality. Right now, Omada is running in the background. Nobody actually knows that it's there. It's doing its job and people are happy, but no one in our business has access to the platform. We want to make it more visible and to exploit some functionality for the managers, for example, so that they can do more themselves. We also want to have managers do access reviews for all roles they are responsible for. That way, they can say, "Okay, this employee has access to this, this, and this, which is okay. But he also has this right of access and he doesn't need it anymore." This type of access review is something we are still planning to implement, but we are not there yet.

Before Omada, we had a solution called NetIQ. That platform was very expensive and there were modules that we didn't buy. If we were to continue with that system, first we would have had to upgrade it, and that would be very expensive, and we would also have had to buy some extra modules, which were very expensive. So instead of just blindfolding ourselves and ordering an upgrade, we examined the market for IDM systems. We took the best-known and looked at their ratings in industry reviews to see which were at the high-end. We invited them for an interview and a demo of their systems, and Omada scored the highest. That's why we choose them.

When we started with this system, it was Omada that hired some temporary project managers to implement the solution at our place, and they did not do a good job. We found out later that something was just not implemented. For example, if we rehire a former employee, we have no process to handle that in the system. We only found out about this after the original implementation. Today, they use their dealers to implement the system. I don't think Omada itself implements nowadays. Maybe it's better that way, but we were not satisfied with the way that it was implemented originally.

Our deployment was a long story because, in the middle of the implementation, Omada gave up and said, "You can go further with a dealer called ICY Security." They handed over the implementation to this dealer. It's difficult to say exactly how long it took, but if I have to give you a number, we are talking about between six and eight months.

Up until now, it has been our dealer, ICY Security, that has maintained the system. We recently took over maintenance of the system and the databases ourselves. But if there is development needed, it will still be our dealer that helps us with this. The whole area of identity management is complex, but ICY Security is doing a good job to help us grow in this system.

It's a fair price for the on-premises system. Compared with what we had before, it's much cheaper and we get all the modules in one. 

We tried to go with the cloud, but it was far too expensive. We calculated the costs and to go cloud, it would mean four times the expense for us. That was more than we could get budget for. We have had meetings with Omada to tell them that we want to go cloud, because that's our strategy in many other fields, but that the price is way too expensive. We have told them they have to reconsider the price for it because they will never get any customers to go cloud when it's that expensive.

Among the solutions we looked at were SailPoint IdentityIQ, Micro Focus NetIQ, KMD IDM, Ca and 2ndC/Atea.

In scoring the solutions, we focused on user-friendliness. The NetIQ system that we had before was very fixed. You couldn't design it as you wanted. If you adjusted a screen the way you wanted it, there was often something that didn't function. We didn't have the ability to customize it the way we wanted. As a result, the usability of the system was very bad. It was so bad that we couldn't give it to our managers and say, "Here's a platform you can use for self-service." That's why user-friendliness was a significant part of our scoring.

We also wanted to be able to adjust the system ourselves without having to hire consultants. With NetIQ, we had no clue how to do stuff in the system. It was so difficult that we had to call external help every time, and that was not for free. We had to pay every time. Our wish was that, in the next system, we would be able to do minor adjustments ourselves.

And, of course, price was also an issue, not that we needed to buy the cheapest one, but pricing was a parameter that we were looking at. In terms of a reduced total cost of ownership as a result of choosing Omada, I don't have a specific number. Some things are difficult to put a value on. But for sure, we have a better system, a more user-friendly system, and the cost for licenses is much lower. Also, the way that Omada sells the system is that you get the whole package. It's not that you have to buy a module here, and if you need more functionality, you have to buy another module there. You get it all in one purchase. That has also reduced the total cost because we have all the modules.

As for the time it took to get up and running with Omada compared to NetIQ, it's a hard thing to compare because NetIQ was our first IDM system. Before the NetIQ deployment, we had to do a lot of preparation to go into identity management. Implementing Omada was easier, but mostly because we knew more about identity management at that point compared to when we implemented NetIQ.

Finally, identity governance and administration functionality are a lot easier to manage in Omada than in NetIQ. Much easier.

Make sure that all processes are dealt with in Omada. We had some processes that were not described and, therefore, we had problems afterward. The implementation of the system is very important. For example, be sure to have valid and correct data. Garbage in, garbage out. All the work before you push the "Go" button is very important. I think we may have underestimated that when we were implementing Omada.

Omada is used for identity access management. I previously worked as a database specialist but switched jobs when I switched companies. I joined this company because I connected personally with the company culture. As part of my new role, I received training on Omada Identity Cloud, which was being taught to new hires. During my first six months with the company, I worked from the Omada office, explicitly focusing on Kubernetes to gain a technical understanding of the system.

Developing new solutions and processes within the system can be very challenging for our customers, and it often requires highly qualified professionals to assist with the process. This is why companies typically hire consultants when they need to change their systems. I started as a consultant and am now a full-time employee. As such, I can leverage my expertise to provide valuable guidance and support to our clients needing assistance with their systems.

We have just under 3,000 users spread out across multiple locations in Denmark. Departments across the county can access the system from the cloud. 

Omada streamlines onboarding by automatically granting employees access to various IT systems. We can remove an employee's access immediately after they leave the company. It improves our security because people who have left can no longer access sensitive information, such as our finances and tax data.
We have also had cases where people continued receiving a salary after they quit. Previously, someone needed to remove the employee's access manually. Now, it is done automatically.  

It also helps us with internal and external audits. The auditors ask us why users can access particular systems, and we can produce reports for them. It saves us time because we don't need to spend hours looking through various systems to determine who has been given access. Omada documents who has requested or approved access. You can see when access stopped and why. 

Omada's surveys have simplified the process of assigning roles. We know that if we send 200 questions to one manager, he will accept everything. I don't have time to review 200 permissions. Based on the questions sent to one manager, we try to minimize that by grouping them as roles. You only have to approve six roles instead of 200 granular permissions. Omada has helped us to do that. 

We have to do this a few times every year. If we add a new role or access within a role, it must be approved by the access owner. We have fixed rules that every access has to be reviewed at least once a year. Some are done every three months. We prefer role-based access control, but you also need to do some at the granular level. However, we want to wrap everything into roles if we can. It makes things easier for the managers to understand. 

Omada worked well when I started at this company, but now we are provisioning identities even more efficiently. At other companies where I've worked, getting the proper access might take up to two weeks. Here, everything works on the first day. 

Omada's user interface is elegant and easy to work with. I like Omada's ability to automatically generate accounts for new hires and allow them access to all required systems by established policies. Around 80 percent of workers can start working immediately on their first day without requesting further access. 

No two-week waiting period is required to obtain the proper accounts and memberships in various AD groups. Many clients are unaware of our behind-the-scenes work because the system functions effortlessly, making us an indispensable partner.

Omada provides a clear roadmap for additional features. We use it to plan for the future and align it with our internal roadmap. We integrate many systems with Omada and need to plan for integrating new ones. They introduced advanced reporting and analytics in the latest version, but we're behind and haven't implemented that yet.

When making a process, you should be able to use some coding to do some advanced calculations. The calculations you can currently do are too basic. I would also like some additional script features. 

I have been using Omada Identity Cloud for approximately five years.

Omada is stable. It's always running, but I think we share resources with other customers. One resource pool is in Azure. It's slow at times but never crashed. 

I believe Omada is scalable. The product has had built-in connectors for integrating with our solutions for many years. The new ones may lack some features that you might require. It depends on the age of the implementation. We've had situations where we couldn't use the out-of-the-box connector because it was too simple, so we built our own. 

I rate Omada's support a nine out of ten. They respond in under an hour if we have a serious issue. 

Positive

Omada's solution is in the cloud, but it integrates with an on-prem agent. It was deployed when I joined the company, but I was told that a new Omada project can take one or two years. 

The integration is potentially complex because you might need to connect it with hundreds of other systems. However, you can quickly migrate data from your HR system and connect it to your Active Directory. The standard installation is straightforward but grows in complexity with each new system you integrate.

After deployment, the only maintenance is regular system updates. You can schedule those with your sales team. I prefer the cloud version because the on-prem solution requires you to do everything yourself. You have detailed knowledge of databases, operating systems, and communication between the various servers. 

We messed up the data a few weeks ago, but restoring a backup snapshot from the previous hour was easy. We rolled back the database by an hour and were up and running in under 30 minutes. It's easy and convenient for us.

I rate Omada Identity Cloud an eight out of ten. In most cases, whenever I have an issue with Omada or a feature I would like to see, I check the roadmap and realize it's already in the pipeline. Omada is constantly improving, so I give it an eight. 

They listen to their customers. You can submit a suggestion to their ideas portal, and other customers can vote it up. They prioritize new features based on the users' votes. 

I advise new Omada users to understand your data before implementing the solution. When you put people on the project, it should be people who know the HR data and the internal architecture.

The primary use cases are identity lifecycle, provisioning, and authorizations to our IT infrastructure. We use it for provisioning to our SAP platform. We also need it to make a survey of the IT authorizations. We need to make sure that our managers can review the authorizations of the employees in our company. 

We have a couple of secondary use cases as well, such as segregation of duties on provisionings to make sure that we have correct approval flows for authorizations. 

The automatic provisioning of a lot of authorizations has definitely lightened the load on the manual part of authorization management. It has not directly caused savings in our operations, but our administrators have seen a dip in the number of manual tasks they had to do. So, that's a direct business value for us from the platform.

It has helped in reducing the number of helpdesk tickets and requests by at least 30%.

The identity lifecycle support is definitely valuable because we are a complex organization, and there is a lot of onboarding, movement, and offboarding in our organization. We have 31,000 users, and there are a lot of users who are constantly onboarding, offboarding, and moving. So, we need to make sure that these activities are supported. In old times, we used to do everything manually. Everyone was onboarded, offboarded, or moved manually. So, from a business point of view and an economics point of view, identity lifecycle is most valuable. From a security point of view, access review is the most important feature for us.

Our internal customers are quite happy with the product, and we receive a lot of positive feedback. Its identity-governance and administration features are very broad. It can support a lot of use cases. I don't think we use a broad part of the product, but it is a very broad platform that can be used for a lot of different things.

It provides a lot of flexibility for our security operations. We can combine the security operations of the product with other security operations, such as logging, surveillance of our infrastructures, and things like that. I sit in the security office primarily, and identity governance is a part of our operations in security. So, it provides a lot of flexibility for a lot of different use cases.

Error handling can be improved. From an on-premise perspective, internal support can be improved. It is quite a technical and difficult application to maintain. A very specialized skill set is required to operate and maintain it, which is the most difficult part. The process to upgrade versions is also quite tricky.

One thing that we are not so happy about is the user interface. It is a bit dated. I know that they are working on that, but the user interface is quite dated. Currently, it is a little bit difficult to customize the user interface to the need of the business, which is a little bit disappointing. It needs it to be a little bit easier to operate, and it should have a better user interface.

Their technical support is good, but there is room for improvement. It is not an easy product to support. They helped us set it up a little bit, but it gets difficult for them to handle more complex problems.

I have been using this solution for the last year.

The product itself is quite stable. The problem is that it is quite complex with all the integrations, which is applicable to all IGA solutions. There is a lot of need for surveillance on the solution itself, but it is not because of the solution itself. It is because of all the integrations. So, the solution itself is quite stable, but the integrations make it quite vulnerable to all kinds of stuff.

It seems quite scalable in terms of performance and in terms of the ability to scale itself.

Their technical support is good, but there is room for improvement. One problem that we have discussed with Omada several times is their handling of a customer-specific problem and a solution-specific problem. The coordination between their technical support and their backend developers can be better. It becomes an issue when a problem is more complex. It is not an easy product to support. They helped us set it up a little bit, but it gets difficult for them to handle more complex problems.

It was an internally developed solution. We switched to Omada because our previous solution didn't support governance. It was only for ordering new authorizations, and the level of automation was limited.

It was a complex process in terms of technicality and the amount of effort needed for setting it up from Omada's point of view.

We started in August 2018, and we finally deployed the solution and were ready for production in June 2020. So, it took 18 months.

We had to deploy or onboard a part of our infrastructure at once. We onboarded a couple of applications and our SAP solution on day one. Omada would probably call it the big bang, but it was definitely not the big bang. We deployed a lot of functionalities at once, but it was a very limited part of our total application portfolio that we deployed with Omada. It is not yet done. The first one and a half or two years will go into implementing the rest of our application portfolio in the solution.

We used Omada itself as an implementation partner. The consultants themselves were quite adept at handling the product. From a technical standpoint, they were definitely above average. From a project management point of view, we would have liked to see some improvements. This is from the perspective of a very large customer. The problem for us was handling an organization of our size. If I have to choose again, instead of Omada, I would choose an implementation partner who is more used to handling large enterprises. That was definitely a pain point for us.

It is quite a technical and difficult application to maintain. It is a standard solution, but some parts of the solution make it difficult to upgrade and maintain the solution. A very specialized skill set is required to operate and maintain it. You should either pay Omada or another consultancy firm to maintain the solution, or you should have internal resources for maintaining the solution. 

We have around 10 people who are directly involved in its maintenance. They are on the business side, such as for onboarding new applications, front-end problem-solving, and incident-handling, as well as on the operations side, such as for ensuring data validation, handling integrations, and things like that. 

It is very difficult to say at this point. We are a municipal organization, and we do not, as such, do a very systematic review on the return on investment. I would say we have seen a positive ROI, but I'm not sure.

It is also very difficult to say whether it has reduced the total cost of ownership. My gut feeling is that it has, but we have not made a precise estimate of what economic impact it has had on us.

Our business is regulated and subject to audit fines, but again, it is too difficult to estimate whether it has reduced the number of audit fines we have received. It is too early to estimate that, but I would guess it has.

From an on-prem point of view, the cost is quite transparent and reasonable. The direct cost is primarily for licenses and maintenance on licenses.

We evaluated other solutions. I don't remember them all. We did a market analysis where we considered SailPoint. We definitely reached out to Microsoft as well but not for their identity solution as such. We reached out to them for their future solutions in this environment.

We only did a market analysis. Being in the public sector, we have a very strictly EU-regulated process for procurement. So, it is quite difficult to do a look-and-feel kind of selection of tools.

I was not directly involved in the market analysis. As far as I know, our tender showed that from a technical standpoint, all evaluated solutions were comparable in functions and features for our intent and purpose. They were not identical, but they were comparable in functions and features.

Any business interested in using this product needs to make sure that they are ready to either pay Omada or another consultancy firm to maintain the solution, or they should have the internal resources for maintaining the solution. It is quite a difficult solution in terms of maintenance.

It is very important to make sure that the master data is correct and is controlled by processes rather than humans. This is very important. We thought that we had a very good understanding of our master data, and it was mostly supported by processes and not by people, but we certainly were caught a bit by some of the things. So, having control over your master data is the most important thing. 

If you are a reasonable-sized organization, you should be very careful and make sure that the implementation partner has the correct implementation model that suits your need. You need to make sure that you have the correct support, or the means to find the correct support, for the application itself when you go live. These are definitely the three most important things.

I would rate Omada Identity a seven out of 10. There is definitely room for improvement, but it is not a bad product. It is a good product, and seven, in my book, is for a good product. 

We use Omada for identity and access management tasks. It is a great platform that manages everything related to user accounts, licenses, and access permissions. We integrate it with other services, so all our identity and access management activities are handled through Omada.

The main benefits of Omada for our company include its seamless integration with our existing software, making it easier for us to personalize our processes. The accessible support from Omada analysts is also invaluable. Omada's strong presence in Western and Central Europe adds to its reputation, and its user-friendly interface simplifies tasks such as access requests. Overall, it is a renowned platform known for its ease of integration and usability.

The most valuable feature of Omada is its API connectivity, which allows seamless integration with various services like SAP, GRC, and Microsoft licenses. Its versatility in integration is a major plus. Additionally, having a clear roadmap for deploying additional features and accessible support whenever needed is also highly appreciated.

There is room for improvement in Omada's integration capabilities, particularly in streamlining complex integrations and enhancing programming logic for better rule management. The ease of integration may vary depending on the organization's complexity and volume of data.

I have been using Omada Identity for four years.

Omada's stability is generally good, with minimal lagging, crashing, or downtime. Issues may arise when connected systems, like HR, experience problems, but Omada itself remains stable.

Omada's scalability is virtually unlimited as it can connect with a wide range of systems and services.

Tech support from Omada is extremely responsive, providing quick assistance through their ticketing system and internal platform. Their engineers are experienced and knowledgeable, offering mostly useful answers, with occasional requests for additional documentation. I would rate the support as a ten out of ten.

Positive

Since implementing Omada, our ability to deploy additional features has improved significantly. Previously, we relied on separate backend solutions like Microsoft AD Azure. Omada's integrated platform streamlines everything, making it easier for both end-users and administrators. The clean and user-friendly interface enhances the experience for everyone involved.

Deploying the identity governance administration took longer than twelve weeks; it was a significant project that spanned over a year, but less than two.

Omada Identity analytics helps us make faster and more informed decisions. With dedicated teams for implementation, support, and product management, Omada provides comprehensive assistance across all services and situations.

Omada's internal analytics, along with their training resources like recorded classes and workshops, have significantly reduced manual overhead in identity management. Their accessible support and educational offerings help us learn about new features and implementations, making the process smoother.

We have set up Omada to automatically revoke employee access when they leave the organization. For instance, when using SAP HCM for human resources, Omada can integrate with it to update user status based on HR actions like termination or leave. Similarly, when onboarding new employees, Omada can provision access based on HR data from systems like SAP HCM.

We have used Omada's certification service to ensure that roles remain relevant to our organization's needs. This has greatly enhanced security measures, as access to Omada is restricted to specialists in identity management, minimizing the risk of unauthorized access.

Omada has significantly saved us time in provisioning access for identities. With automated processes, when an employee is terminated, their access is revoked automatically, and when a new employee is hired, they are onboarded automatically as well. This automation greatly reduces manual intervention and saves time.

Omada has consolidated various access management systems, replacing the need for other solutions. The most appreciated aspect is their accessibility and helpfulness, which sets them apart from other platforms like Okta, One Identity, and Google IG. Their support extends beyond technical assistance, making them invaluable partners.

Omada has helped automate reviews of access requests and route them accordingly. It allows for customization based on various criteria such as country, contract type, and more, enabling the creation of assignment policies tailored to specific needs.

Omada's out-of-the-box connectors for applications are comprehensive and effective. They provide access to forums where users can discuss and learn from others' experiences, making integration easier.

Using Omada's connectivity community has been valuable for us. It allows for sharing updates, new features, and integration possibilities. This helps us stay informed and improve our services, making it a highly important resource.

For new users considering Omada, I would advise them to prepare by ensuring they have a clear understanding of their organization's identity and access management needs. Once they've purchased the solution, they should be ready to personalize the interface to make it user-friendly and tailored to their organization's requirements.

Overall, I would rate Omada Identity as a ten out of ten.

We leverage Omada Identity to manage user identities for governance applications. We integrate our applications with the Identity Governance and Administration system and conduct periodic access reviews.

Omada helped us deploy IGA within 12 weeks by focusing on fundamentals and best practices.

Omada's identity analytics helps us make faster decisions.

Omada is set up to remove employee access as soon as an employee leaves the organization. This improves our security posture.

Omada can streamline identity access provisioning by up to 5 percent. This efficiency is achieved by focusing automation on frequently used access rights, primarily those assigned to D groups.

Omada helps us consolidate some of our access management systems. However, we don't rely solely on Omada for all our access management needs. We also use Jira for other access management functions.

Omada Identity helped us save around 20 percent of our time.

The out-of-the-box connectors from Omada are easy to use.

I appreciate all the support we receive from Omada. Through Omada, we get to learn about all of our contacts and who to reach out to for assistance. The consultation sessions are also helpful.

The reporting and importing have room for improvement. Currently, it takes half a day to complete and since we are looking to implement more applications the time will only increase.

Omada comes with custom functionalities but the access rights review requires a lot of manual work and could be improved.

I have been using Omada Identity for 1 year.

I would rate the stability of Omada Identity 9 out of 10.

I would rate the scalability of Omada Identity 9 out of 10.

Sometimes the support team doesn't provide clear instructions on how to solve our problems. This might be because we have a lot of self-created content, making it difficult for Omada to offer one-size-fits-all support. Additionally, explaining complex issues with multiple solutions can be time-consuming. Perhaps this reflects a gap in understanding between how we, as customers, use the tool and how Omada anticipates us using it.

Positive

We previously used an IBM solution before switching to Omada Identity.

Consolidating our processes with Omada Identity has shown a return on investment.

Omada Identity offers a reasonable price point, but it will increase as we transition to the cloud.

I would rate Omada Identity 8 out of 10.

When there's a concern about something, such as reporting, the process usually follows a clear path. We typically hold meetings with Omada to discuss any reporting issues we encounter. After providing them with relevant information, the information is then released and formatted accordingly. However, this process likely applies to other types of information as well, such as details about upcoming features. This information is probably sent via email or can be found within the Omada staging area. In our specific case, though, our lead engineer handles the verification of that information.

We are currently in the process of training and implementing the certification surveys to recertify roles and determine if they are still relevant for employees.

Omada Identity is deployed across our organization of 16,000 people and managed by a team of 11 people in IT.

Omada Identity requires regular maintenance. Sometimes, we encounter issues with its functionalities, and troubleshooting is necessary to identify and resolve the problems. One specific process within Omada involves automatically sending new employee login credentials to their managers via email. Unfortunately, this process has been experiencing occasional failures. 

I recommend having a technical introduction or demo on how to use the features of Omada before implementing the solution.