anybody using the identity console


I just wonder if anybody uses the identity console to administrate edirectory.

We are in the process of migrating from imanager to identity console and whatever we touch we find bugs in it.

The latest from yesterday is that in the others section of a user, the DirXML-Association values are incorrect. The association state (disabled, manual, ....) is always show as 0, whereas the real value can be different.

In the IDM section the job definition for the scopes show just the first ten entries, not more. And there is no navigation bar. You can add new one, but they are never shown if you are past the 10 entries border.

Custom forms show incorrect data. If you have a custom form that shows eg. for users attributes from a schema extension via a aux class the values, then you change on eg. boolean type attribute, do not save, close the form with X, reopen it, the boolean attribute is still set. If you reload the data, it is gone.

Some other things are not accepted as bugs and we need to raise enhancement requests. Like time format is always show in 12 hour am/pm format. But in Europe we have 24 hour format in most countries. 

And so on and so on ....

Therefor my question, does anybody uses this product ?

We can switch to user management in the Active Directory, even I don't want to do that, but if the product is that bad, maybe the better way. So we give the product owner a little bit time to see if we get fixes for that, otherwise we might need to switch.


  • Hi Rainer,

    I can confirm that most of our customers experience similar problems when trying to move to Identity Console for eDirectory / IDM administration, and probably many here on the forum will say the same. So this is probably what most people are doing: Stay with iManager as long as possible and avoid using Identity Console. Which, on the other hand, does not really help to get Identity Console ready for production.

    Personally, I think the only way to make things better is to open SRs for every bug you find, so that OpenText is strongly "motivated" to fix them.

    Since iManager is on "Sustaining" status and not really fit for a modern IT infrastructure (cloud, containers, APIs, etc.), this change had to happen some time. Also, iManager has implemented a ton of features that all needed to find their way into Identity Console (this is not to excuse the many issues/problems with Identity Console).

    I cannot speak for AD management tools for user management in general, but AD Users&Computers is also not very comfortable to work with from my experience.

    Best regards,

  • Philipp,

    opening support cases is for the moment we go. Just had a call about an hour ago about two of the mentioned bugs above.


  • My problem is I open cases, they identify it as a bug, and then development doesn't fix them.  Several I identified in the past were not fixed in 1.7.2.  There are so many bugs and problems in Identity Console it's unbelievable, nearly unusable.  We'll be using iManager for quite a long time yet.  At least there is a container for that so it can be isolated and run just about anywhere.

    Also, be careful with the interface, it is quite easy to make MASS changes to objects.  I saw this happen at one site where a somewhat inexperienced admin accidentally removed critical values off all users in the directory.  Yikes!


  • We started using Identity Console with 1.5 (we run it as a container), and since then I think I have gotten 10 bugs fixed. But I report annoyances 1-3 times a month, they are then being logged as bugs and sometimes they are fixed. It is mostly the inconsistencies in the UI I complain about, especially the DN syntax has been one of my bigger complaints (I still wonder who wrote of on that - obviously not someone who know the product).

  • Hi Matt,

    Yes, we face very similar issues with our customers.

    In particular, long-time IDM/eDirectory users who have been using iManager for many years are reporting very poor experiences with IDC.

    - Inconsistent UI

    - Uncomfortable timeout/login "procedures" that make daily business/regular work very tedious

    - Bugs and poor implementation choices throughout the application

    - etc.

    We have also created several SRs and continue to do so. I still think this is the best (and maybe only) "option" we have to make our voices heard.

    Best regards,