If you were talking to someone whose organization is considering One Identity Manager, what would you say?
How would you rate it and why? Any other tips or advice?
My advice would be to implement the out-of-box product and pull in your initial data sooner rather than later. Planning is needed but I assure you that you likely don't know how much of a mess you're in, especially if you have no IAM solution already in place. The OOB data collection will help shed light on the issue you have and have yet to discover then you can craft robust solutions to tackle them. Involve HR, involve your process owners, involve your business unit leads. Ultimately, you want to use a tool like this to empower your business to make decisions and engage in self-service. It may be difficult at first but if you involve them and try to meet their needs you can turn IT from a burden into the hero of your company. Work with a partner. While the vendor has great staff and is very knowledgeable, ultimately the partners are the ones who can really help you make the magic happen. All partners have the ability to engage the vendor directly should the need arise. You can save a significant amount of cost by going this route.
The tool is one of the best tools, out-of-the-box. It has great integration, especially for companies using SAP. On the other side, choose the right partner and don't look at only one system, but other systems as well. If a company is looking for a system to control SAP, don't focus on your SAP. Look at one system which is able to manage in general, and with good integrations. One identity is one of those systems. It is also important to have a defined process. We establish it and then, with the use of the tool, we apply it. I would rate the solution at nine out of ten. I like the out-of-the-box functionality. You don't need to do specific customizations; you can quickly use the system as it comes. And the solution has flexibility.
It's very good to have a system that handles access rights and a system that you can automate with a lot of other systems like with LDAP and Active Directory. You can probably integrate it with other things as well. For us, it has been a very nice product and we are very happy with it. The advantages come with many other things that need to be done to use Identity Manager. It takes time to create things and get new systems and features running and to teach people how to use it. We've heard about the privileged account governance features. We haven't yet started using them but I think we will soon. Overall, I would rate it at nine out of ten. There are always things to improve on, nothing is ever perfect. I like the product and I think it's nice to work with, but I don't do that too much technical stuff. For everything I do with it, I think it works fine.
My advice is to try this product first and then decide. In organizations with a large footprint of open source operating systems, such as Unix or Linux, security for them is a bigger concern, especially for banking. They should take advantage of using the evaluation version. Overall, I would rate this product eight out of ten.
Keep the scope small in the beginning, so you don't do too much. Go live and then add more features on the way because, otherwise, it can go on for years, and you never get anything done. Also, don't start to customize features too much. Try to use what comes out-of-the-box and try to implement it that way. Somebody has thought of these things already. In most companies, a lot of these things are probably done in the same way. I would rate One Identity Manager at eight out of ten. There's always room for improvement, but I'm pretty satisfied.
I think it's one of the best solutions on the market. It is a big task to implement alone, so ask a lot of questions if looking to implement. You can see and do a quite a lot. It is really open in that way, but going out and trying to do stuff which it isn't meant to do, that's much harder. I wouldn't go there. However, it's gives you a good framework to work and build on. The policy and role management features work. They are getting better all the time. I don't really have a better experience from other solutions. I am just learning the privileged account governance features and how they work. We don't have SAP internally. We offer it as a service, as a company, to our customers, but we don't use it. We are managed service providers, so we cannot have our own private cloud.
Think through what is most important and your strategy, especially your cloud strategy. Look at the different competitors in the market, including this one. Our cloud strategy is impacting what we decide to roll out. We have not implemented the privileged account governance features yet.
The solution is used very often in the market. There are a lot of satisfied customers using the product. They are a lot of partners who can help you implement it, if you are interested. We know few other products in this industry. The flexibility, long term plan, and roadmap are very good. Also, its future is looking good.
Look at one or two videos online on the One Identity YouTube channel. Get in touch with some of their people and possible get a short preview of their products. That is the easiest way, so you can set up a test environment pretty fast be shown how simple the processes work. One Identity has a very strong community combined with the tool. They also have a very good relationship between partners, customers, and themselves. It is easy to extend the product for custom purposes.
It isn't that hard of a product to use. It's actually very easy to set up. Your business case is much easier than you think, forget the word complex. Just use the product as it is meant to be used, and it will make your life easier. It will also make your customers much happier, reducing the time to implement something or making the company grow. I have done some basic SAP integrations just using the out-of-the-box connectors. After connecting it, the customers with their own technical teams go in and clean up SAP. The customers that I am working with haven't moved to the cloud yet or are just starting move to the cloud. I am pleased to see many steps are being taken to make cloud integration much easier from version 8 and up. I am interested in finding more out about the privileged account governance features.
Compare all the solutions and all the things that you can do on them: How easy you can set it up and how fast it can grow. Because identity management will grow with you, and you have to have a product which can grow with your organization.
It will impact the cloud strategy of a lot of customers in the future. We just started to implement this feature for customers, so it should have a huge impact in the future. We have not integrated the solution with SAP.
Evaluate how you can do the rollout, how will you approach the rollout, and if you have other application. Check how you are going to do the rollout and plan for it, then evaluate the products against it. It has increased our help desk calls a lot. We probably have between 60 and 100 access calls related to access management processes in One Identity Manager a day. One Identity Manager has not impacted our cloud strategy and its management.
Define what you are researching. Write down use cases you need. Then, ask for a demo with you data, so you can see actual results. We are working on our IT cloud strategy. We are starting to do cloud provisioning integrated with our identity management. We use it for compliance, but not directly for GDPR. We are using the policy and role management features.
While our journey to find a solution was tiring and we invested a lot of work and knowledge, our expectations have been reached and even exceeded. It's really good to invest time and money in a solution which offers you something that all users, not just IT, can use. Sometimes, the solution is flexible. However, the customer should sometimes be flexible to the solution, as well. Those who worked on this implementation now spend less time on user rights, etc. While it lowered their workload with this solution, they are now working on something else.
For this or any other similar solution, make sure you have the maturity to go forward with an identity management project. If you are at that point, this solution is a good option to look at because it's really flexible. It makes it possible to do a lot of things. We are getting comfortable with the solution. We're just at the very beginning. We are in production but not for the whole company, so we are not enjoying all the benefits of the solution. In terms of the privileged account governance features, we are not there yet. We are now investigating them and they look fine but, we are progressing slowly. The solution has helped to simplify compliance, but not as much as we would like because we haven't implemented all the options, all the features yet. We are in the middle of that. We have integrated the solution with SAP, we need to get identities from it. The integration process with SAP has been the worst. It has been really difficult because our SAP is really customized. The standard connector hasn't been enough, so we have had to create a new connector and it's been really difficult. I would rate it at eight out of ten. It's pretty new but they are making a great effort to be the best and to focus on the user.
Think about what the out-of-the-box features are in the product and how those map into your business requirements. Perhaps look at revisiting the business requirements to better fit with the product. We integrated the solution with SAP, given that we already had a significant SAP deployment for our financial services. Because I wasn't involved in that I can't comment on how that process went. In terms of our cloud strategy, One Identity Manager hasn't impacted it. The solution will fit within that strategy. I would rate it at eight out of ten. It meets most of our business requirements. We can deliver functionality the users want, but it does need some improvements, in the performance and support for a DevOps-type quick SOC release.
We are trying to achieve more targeted systems in the future. We do not use the policy and role management features. We have not integrated with SAP.
Check the big picture and what exactly the company needs. Choose the partner wisely. It's always important to make a successful implementation. One Identity Manager is good because it allows you to choose at a granular level exactly what you need for the business. This is not how it's implemented currently with us, but especially in compliance GDPR and privacy settings, you can have more granular permissions on privileged accounts and be able to monitor who makes changes on the accounts in IDN. We only have very basic functions now. However, the solution will have an impact on the roadmap of the company and on our company's roadmap of IT solutions to come.
I would rate it as a seven out of ten, because there is definitely room for improvement.
It's a good product which provides great opportunities. Regarding the policy and role management features, I hear they're good. I don't know that part as well, but I have heard from the engineers they're pretty okay. We have integrated One Identity Manager with SAP, but we're moving from SAP as an HR system to the Workday system. We're in the middle of that integration right now. The original integration with SAP was done before I started using the product, but I from what I heard it was pretty okay. But you have to have a lot of knowledge of One Identity Manager before you can start implementing it, and knowledge of it is a bit of a problem. The solution hasn't yet impacted our cloud strategy because we are not working hard on cloud strategy right. We're thinking about moving some pieces but we have not yet implemented it. We know that version 8 is much better than the version 7 we use. But the version we use is about a seven out of ten because we have had some real difficulties with the integration part, from the old systems.
The product is a nine out of ten because 80 to 90 percent of our requirements are out-of-the-box. Consider the speed of implementation, amount of customization, and the authentications if you are comparing between tools. Operations is also a topic: Is it easy to operate and is there a dedicated operational team? We have integrated with SAP because SAP has connected systems. I like the integrated approach of the privileged account governance features.
Build a strong team for this solution because there will be a lot of issues that you will have to go through, especially on your HR database. Build a team that knows how to listen and how to act. The SAP integration process was quite interesting. You have to search for the answers in the right department with the right people. After that, it becomes easy. We are currently not on the cloud.
Implementation and integration with SAP went well from the Identity side, but we have had internal problems with the data. However, we have been solving that for four years now.
We are satisfied with the product.
We are currently working on integrating it with SAP, but we are customizing a lot of things to fit with the current company's requirements. Their requirements are quite different from the out-of-the-box settings. Next month is the first SAP system go-live. After the SAP onboarding, we will look at the cloud. I have fixed some bugs in the code for the Office 365 onboarding earlier. That was a very early version with custom connectors to Office 365, version 6. But in terms of a cloud connector, we have not started to work on it yet, in the latest versions.
If you want real-time management, it can be done within three to five working days with this product. That is how we do things today, so we have a process in place and do it with internal resources. Bring your processors in under your control. Define what you want and when it works in Excel, then you are ready to buy the solution. It doesn't really matter which solution you would buy, as long as you have things under control. The policy and role management features are very powerful, but it is hard to make the organization use them in the proper way. We have not implemented the privileged account governance features. From the back-end perspective (provisioning engine), I would give it a nine out of ten. However, from the web front-end, I would give it a five out of ten.
Don't work too much in the beginning. Focus on what's really necessary and important. Forget the luxuries you have. There are old processes that are really great for some people and look like pieces of artwork. However, the maintenance of them is really expensive. So, know what you really need, what is your business case, and what is important for you. Keep it simple and structured. Then, you will be happy with a solution like One Identity Manager. You have to understand the concepts of the software. Then, you can be productive and be happy with it. We were able, with this solution, to go pretty fast from an on-premise AD and Exchange environment to a hybrid setup with a lot of stuff in the cloud. Right now, we're not really using the privileged account governance features. It looks promising. In our organization, it looks promising, but we're not going to go there right now because its another responsibility for someone else in the company. So, while it looks good, we don't have the capacity to go there now.