Enables end-users to change or reset password and unlock their accounts with an OTP, and synchronizes the password with any connected application
Pros and Cons
"It does have advantages over the other products that we are seeing. Other products don't have the out-of-the-box OTP option, whereas One Identity Password Manager has the out-of-the-box OTP option. It also has a cloud-based solution for generating OTPs. So, the customers can either opt for their own SMS gateway, or they can use the One Identity OTP option where they don't have to have an SMS gateway. With other products, customers must have their own SMS gateway."
"If there is a self-service option to update the mobile number, it will be much more useful."
What is our primary use case?
* Allow end users to reset AD password by either answering security questions or by generating OTP
* Reduce load on helpdesk
* Allow end user self-service outside office hours by allowing access to self-service portal from outside corporate network
How has it helped my organization?
It allows end-users to reset their password by generating a one-time password (OTP) that they receive on their mobile. They're not dependent on the help desk. They can do self-service from anywhere in the world. So, if they're traveling, they can still reset their password or change the password. They are not locked out of their account at any given time.
What is most valuable?
The OTP part and self-service are most valuable. You are not dependent on the help desk people.
It does have advantages over the other products that we are seeing. Other products don't have the out-of-the-box OTP option, whereas One Identity Password Manager has the out-of-the-box OTP option. It also has a cloud-based solution for generating OTPs. So, the customers can either opt for their own SMS gateway, or they can use the One Identity OTP option where they don't have to have an SMS gateway. With other products, customers must have their own SMS gateway.
One Identity Password Manager also has the option to synchronize the password with any connected application. For example, if there is an Oracle application or any other application, there is an option of synchronizing. Once the Active Directory Password is reset, you can synchronize the password with connected applications, so you don't have to separately reset the password in connected applications. I haven't come across this feature with any other solution.
What needs improvement?
If there is a self-service option to update the mobile number, it will be much more useful.
If possible, there should be an option for the cloud password reset and synchronization of the password to the cloud.
For how long have I used the solution?
I have been using this solution for more than 17 years.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
It is based on the Windows platform, so it is very easy to scale. It is suitable for small, medium, and large enterprises.
How are customer service and technical support?
Their support is pretty good. I would rate them a nine out of 10.
How was the initial setup?
Its initial setup is simple. A plain vanilla implementation could take a day to be up and running. This duration can vary if a customer has requirements for different password policies and different roles.
It doesn't require any maintenance.
What's my experience with pricing, setup cost, and licensing?
Its price is on the cheaper side. It has a perpetual license, and everything is included in the license. You only have to pay separately for the SMS gateway or the OTP part.
What other advice do I have?
It is suitable for all enterprises where end-users have to call the help desk people for resetting or changing the password and unlocking the account. If you try the wrong password three or four times, the account gets locked. In that case, an end-user needs to call the help desk people. On top of that, the help desk is not able to verify whether the end-user is the right person.
One of the requirements that many organizations have but don't know how to implement is validation. If I call by your name or some other person's name, the help desk people will allow me to reset the password. Validation is very important. You can implement validation easily in Password Manager. If you go with the OTP option, then you don't even need validation. The end-users will get an OTP on their mobile, and then they can reset the password.
I would rate One Identity Password Manager a nine out of 10.
Which deployment model are you using for this solution?
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner