Please share with the community what you think needs improvement with One Identity Manager.
What are its weaknesses? What would you like to see changed in a future version?
My largest issue with the product is the ability to customize the web portal. There is a tool that allows this to happen but it is difficult to use (except for minor changes like Logo or color scheme or basic edits such as displayed columns on an object. Then to make it worse the documentation is not helpful at all in describing what pieces do or how to use them. Even after training, I would not be confident in attempting any large change to the portal. For certain, this is the area that I think needs the most improvement from the current state.
We are currently on an old system, an old version. We're working on upgrading to the latest version. So when it comes to cloud-IT strategy, for example, at the time we implemented this version it was not yet a consideration. We are now starting to develop this area, and One Identity will play a key role in our cloud strategy. Most of the issues that we are suffering from today will be fixed with the new version. The more we have integrations with other systems, for creation of user accounts for different applications, the simpler the scalability and the usability of the system will be. That's what will make our lives easier. I've seen that in the new version we're going to have connectors related to ServiceNow. That's a huge feature that will be important for us because we're using that system. Salesforce integration, more integration with SAP and with the internet of things would be good. We also have system devices that we could manage as identities, so that would be a feature to add.
I don't have my list at the moment, but there are things we would like to have. One of the things we would like is the ability to have more than one system role manager. That would be nice. For example, when people are on vacation, sometimes it gets a little hard to administrate system roles. Usually, one of us has to change our role to the system role manager. In addition, we have a few systems that have many owners. They could manage the rights and access to their systems with that function.
My only complaint about this solution is the price, as I think that the cost of the full user license is a little high. A feature that I would like to see is a mobile app that provides users the ability to make changes or add users to the Active Directory on the fly.
This is getting at really detailed functionality, but the system role manager, or some of the roles that are inside Identity Manager, are limited to one user. It would be more flexible if these responsibility roles could be attached to many people. That's an issue for us at the moment. I would like the ability to have different user accounts and to have a flexible way to order things. For example, if you have a domain with a lot of sub-domains, for the end-user it should be easy to order to these other environments. But you would have to have sub-identities. We have tried to create different kinds of solutions for this.
The support documents and data sheets should be made available to the implementation of folks the product website. There's is less documentation available to the public. There should be installer version available than a portable/web-portal which will be more useful during the testing.
I would like some access management features to be added. We have some customers with a small need to do authentication as a service, and there are other solutions on the market which offer this. It is a large solution where you need to learn how to work in a certain way for it to provide the best benefit. On the other hand, it's really a structured way so you should work in a structure way, as it is a compliant to other frameworks.
The tool to develop the web portal needs improvement. We are pushing out a cloud strategy, but running this on-premise solution, and do not know what steps to take.
The connectivity to the cloud with the cloud identity need improvement. The whole security story in the area of access management along with the possibility to get access is part of this improvement process. This is the cloud access manager (CAM), and it isn't as it should be, but it's a very good long-term solution. It is important to get the cloud integrated. One Identity is stalling about this in America, and we need it in Europe.
I am waiting to see the new API for the web. There are several smaller parts of the tool that have room for improvement. One Identity currently is in the development process of fixing these issues.
I would like better integration with cloud apps, but I just learned this week that there is already a pretty advanced cloud integration. So, what I would like to see is already implemented, but I just need to start using it. When I first started using it, way before version 7, the manual wasn't comprehensive. The UX design needs improvement, but I have noticed that people are working very hard behind the curtains to make sure that UX is designed in such a way that the end user is going to have a much easier time using the product in future releases. My ideal was a product designed by IT guys with an IT guy mindset, not without realizing thousands of people in an IT portal would be using the product. Therefore, it took my customers many hours to find the correct links to order something from the IT shop, but I know One Identity is working very hard to improve this as well. If they could improve the UX within the Manager tool, this would be another huge upgrade in just lowering the learning curve of how to use the product.
The UI and user experience side of things needs improvement.
As consultants, it's a very complicated to learn it at first, which makes it hard to find people to work with it. The Synchronization Editor has to become easier to use for us, as technical consultants, because sometimes it's very complicated. If, as a new feature, there would more connectors out of the box in the Synchronization Editor, this would help a lot.
Maybe it is going this way with the angled frame work, but we really want to be able to watch and control things, so we can change things and know what the impact will be. Most importantly for automatic testing and rollouts, we need an easier way of connecting applications and an easier way of onboarding applications. At the moment, the process is very technical. People associate this as a technical and development thing. In the end, onboarding applications should be a business problem, not a development problem. They have take the technical work out of it. That is why we have to completely custom build a framework. Our work is not about connecting 20 or 50 target systems, as we have to connect thousands, which is difficult to do one-by-one. The end user experience needs improvement. One of the things the end users complain most about is the shopping cart, because they are not really on eBay or Amazon buying things. They just need access to business applications. Why do they have to click so many times? We probably have around 20 calls a day because a user hasn't got access, not realizing they haven't completed the shopping cart. So, I would recommend removing the shopping cart.
I would like a more friendly web UI. This is something that they are already starting to work on. Because of our volume, the monitoring of the solution, several job servers, and DBQs has been very time consuming for us. I would also like it to have an easier integration with phones.
Improve the implementation of additional One Identity Manager’s features. This we are going to focus on after an upgrade to release 8.1 will be finished.
Make logging and debugging easier to find, I never quite know which log to turn on for which use case (just for my tools, for the job service user, etc). Setting up permissions inside the admin tools could be easier, maybe have some roles already created and configurable, like helpdesk needs to view persons, accounts, requests, but not change anything, maybe be able to set delegations etc.
Better support for version control and multi-threaded development would be helpful additional features. The support for DevOps could be improved with quick delivery cycles and multiple delivery streams.
We would like the product to integrate with ServiceNow, since One Identity Manager and ServiceNow are two of our better tools. An integration between these two tools would be better for us.
Connections with more clouds systems is already planned. The more that we can use One Identity to connect with other systems to manage all the applications accessed throughout One Identity, the better. I would expect to have more connections and setups to other systems. Visually, I would like it to be more user-friendly. Version 8 looks visually like version 6, so this still needs improvement in later versions.
The web portal can be a bit muggy at times. This is one of the key complaints from our customers. This is a major issue with version 6, and while version 7 is slightly better, I am hoping this is fixed in version 8.
I would like to see a lot more integration with our platforms, more on the connector side. We are still using version 7.1. There are a lot of new features in 8.1, so we will look forward to using that.
I would like a secondary account approach out-of-the-box, as this would be really useful. Additionally, it would be nice to have more functionality in terms of connecting SAP systems, provisioning user accounts through SAP systems, and provisioning additional attributes.
There are some good things about the policy and role management features, but you can't really use them to their full potential. A lot of customizing that we have to go through to implement new processes and new customized policies could be better. Though, overall, it is great. They need to implement a lot of best practices for this solution.
I would like to have more extensive out-of-the-box reports.
When you see the product for the first time, it seems very complicated, but it's not. To improve the product, it should be made to seem simpler when you see it for the first time.
I would like the sync editor to be able to change labels because currently our concurrent development cannot work on this. Self-service is important for our end users. However, after three years, people continue calling the help desk, and the help desk is using this solution to make its requests. The web front-end definitely needs improvement.
We had to customize some stuff in the SAP system, because over the years there has been a lot of customizing in the Identity Manager. It works well, but some features that we would want or that our colleagues are operating and running with the SAP system, we can't really provide, or we have to develop on our own, with One Identity Manager. SAP works well with it, but it could be better. I would like them to add some lifecycle management features. They could improve the support. When you look at the connectors to Microsoft Edge, we think that maybe it could work. However, when we build a hybrid environment, you can't really use the tools that One Identity Manager is providing. They could make the product more user-friendly. It takes a lot of work to build technical and business cases with the product. The solution is more complex than you think to use. The API server needs improvement.
One Identity has a self-service portal but many customers need a helpdesk where they can go in and request. To make that happen we need to do a lot of customization. Maybe that could be improved, but it can be implemented.
A detailed solution document to registered aspirants and interested people would help them achieve what they require before its tested and pushed to production. Quest Software should provide notes and documents to customers before they buy the product and license.