Oracle Access Manager Reviews

It provides us the ability to control who can get to what systems. It's been a challenge for us because it's definitely different from the old 10g SSO piece. We've had a few more challenges with that than we did with the old technology.

The good part of it is that it provides us a great deal of flexibility. With the Access Management Suite, you get identity federation, virtual directory and various other things so we can combine all of our backend Active Directory and other pieces into a directory that looks like one directory, including external users, vendors, and outside people with whom we have partnerships.

It needs to be simpler to install and simpler to maintain. There's lots of little pieces and moving parts, it seems. For a smaller shop like us, it's not an easy thing to move into.

We've been using it for about two years.

It's been too unstable for us, mainly because we had some firewall issues, so we had to figure out a lot of those. We've had a couple of false-starts with the product. That's one of the things you get when you try to do it all yourself and don't get external help.

We've never really had a need to scale it much. It's documented fairly well, so I don't have an issue with that at all.

They're always hiring new people, so if you get a new person, it's somewhat chancy on getting good support, but they have excellent people generally. Eventually you can get to somebody who's excellent, especially if your problem is a challenging one. It's easy to escalate it and get it up there.

I've always thought working with Oracle support has been much better than any other vendor we've worked with. They're always improving their website and making it more helpful. I've been very pleased with their support.

You can adapt any thing that you want to authenticate like (LDAP, Own Databases, Security Providers as RSA, Gemalto, WatchData, Vasco and so on).

Before using OAM we authenticated via RSA Web Services, Web Services are quick but OAM lets us be scalable and provides a performance improvement.

The JDK version that use is too old (JDK 6), some of RuntimeExceptions are relative to OSGi and Oracle dont provide information about it.

1 year

Yes, the classloader to deploy a Custom OAM Plugin is very difficult to understand, and its relative to OSGi framework.

No

No

Good

Bad, when we have problems Oracle Support doesn't fix it.

Like OAM no, we use workaround web services with RSA.

Yes, when you try to deploy and don't know exactly which, you can develop Custom OAM Plugins you need to search also about the OSGi Framework, this framework is the base of OAM Custom Plugins, and Oracle doesn't offer much documentation about it.

In-house but use Oracle Support account and their level of expertise is good but don't fix the problems very well.

At the beginning it was very difficult when I developed my first Custom OAM Plugin it took me around 2 months. Now I develop the same plugins in few minutes or max in 2 hours.

Read about OSGi Framework before developing Custom OAM Plugins.

The reason why we started using the product was that it was used by one of our customers. The customer called us to help protect access to their online banking website. Oracle Access Manager handles the login process for them so that the bank's customers can get access to their online bank accounts.  

The most valuable feature is the ability to customize the product with our own code. We developed some custom code and integrated that code with the product to fulfill the customer's requirements. This feature was really useful for us in this case. We did not use any of the very advanced features in the product. We mainly used it for the basic functionality and features to perform username and password authentication.  

I think two aspects of this product can be improved. The first is that the product overly complex to install and configure. The second is the reliability of the product. It was not very stable and dependable during the period of our experience with it. We definitely had some problems with the stability of the product.  

Specifically, I remember we had some performance problems due to coherence issues and also problems related to the database. It seems that Oracle Access Manager makes use of a database to store configurations and the session information. In practice, this did not work very well and was resource-intensive. I don't remember exactly everything about the situation right now, but the resources were not being used well and that was the main issue with the product performance and lack of stability.  

It is difficult to consider the potential for additional features the product might need because the product already has all the features that we needed to fulfill our customer's requirements for the product. So we do not actually need any additional features in particular in order to satisfy our use case. There is the possibility that there could be an addition of some type of risk analysis or adaptive authentication based on risk analysis. But if I'm not mistaken, Oracle already has a separate solution called Oracle Adaptive Access Manager that provides this functionality. It is a feature in another product that is a separate solution — which also means a separate licensing cost. Maybe that is already how they want to pose this as a solution: you install the Oracle Adaptive Manager as a separate product and you integrate both of them. It is just adding another level of complexity and cost.  

I have not used Oracle Adaptive Access Manager, so I cannot say much about it. But risk analysis is a trending topic in web access management products these days.  

We were using the product for four years. We stopped using it over the past few months.  

As far as stability, I had some performance problems and also problems related to the database. I would expect a product with a reputation like Oracle to be very stable and it is not in my opinion.  

I think that this product was really designed scalability in mind. If there is a positive about it, it is very scalable. We currently have about 1.6 million users and I am not aware of a limitation.  

During my three years of work with the Oracle Access Manager, I have opened many, many cases so I am familiar with their technical support practices. As far as evaluating the solution's technical support, I do not think they are very good. First of all, they are slow. It takes far too much time to get an answer. And when the answer comes, very often the answers sometimes are wrong, not very clear, or not very good. I do not think that they spend much time really analyzing the problems. There is no quality to their work in the way that they handle issues in most cases. I will not say that is the result in all cases, but with most issues that I reported to them, I was not satisfied at all with the result.  

I have used several products in the category of access management. In my opinion, other products — and in particular SiteMinder — are more reliable. I like the SiteMinder product as it is also simpler also to install and configure than Oracle Access Manager.  

The setup is more complicated, complex and takes more time than the setup of comparable solutions like SiteMinder. The reason for this is because, with Oracle Access Manager, you have to install an Oracle WebLogic Server that is an administration server. Then you need to install another WebLogic server where you deploy Oracle Access Manager. The whole process of doing this is kind of complicated in my opinion.  

If you want to install SiteMinder, for example, you just run an installer on Windows and you are done with the installation. That is it and it is that easy. You do not have to fuss with additional installations. And the graphical interface in SiteMinder is more user-friendly. In general and from an architectural viewpoint, SiteMinder is just more simple than Oracle Access Manager.  

With Oracle Access Manager, the deployment took about one week for one environment and to get the installation to a state of completion. I was the only one involved in the deployment process and I did the whole job. One or two people at the client site do the maintenance after deployment. That is one person for monitoring and maintenance and then an Oracle professional. The customer has the Oracle professional in order to deliver Oracle professional services and as an Oracle consultant for major issues. He is not there for daily operations. Daily operations is what the other person is for.  

The advice that I would give to people who are beginning to work with this solution is that it is a good idea to consult the Oracle documentation. Oracle products tend to come with a lot of documentation and there is more available in their other resources. I think that it is worth spending the time to study the documentation is very important, and it is time well spent. Making the effort to study the product can reveal features that you were not already aware of or make you understand better ways to approach a problem, use a feature, or maybe avoid bothering with the technical support. There are also certifications that Oracle provides with the study material. It is very important to develop your own knowledge and consult these resources to gain the expertise necessary to use the product effectively.  

The biggest lesson I have learned from working with Oracle Access Manager is really only that the product offers a lot of features. It is more complicated than other access management solutions and may not be the best choice for those who do not have more complicated needs. Just because it has the Oracle name does not mean it is the best for every solution. Because I have been working with other access managers for a long time, using a product in the access management category was nothing really new to me. But Oracle seems to really be trying to appeal to users who have more specialized needs.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Oracle Access Manager as a six-out-of-ten in general. There is difficulty in the setup complexity and poor technical support. The product should be much better.  

The primary use case of this solution is for accessing different systems with one single sign-on.

If I needed to reset my password or if I needed access to certain applications that I didn't have access to, I would have to put in a request to get approval.

Now, instead of contacting our IT department to do this for me, I can just log in to make the request.

We have fewer IT requests. It saves time.

The most valuable feature is the sign-on and ability to get user self-service.

Self-service is very good.

It's difficult to say how this solution can be improved since I have been using it for one month. Maybe the user interface needs improvement. However, it's easy to navigate and the process is clearly shown, I don't see much that needs improvement.

This solution is stable.

For the last month, I haven't seen any downtime.

There haven't been any errors or limitations that will inconvenience the user.

This solution is scalable.

Previously I did not use any other solution.

The initial setup was simple and straightforward.

I would tell others that this solution is reliable. If they are looking for a solution that is reliable and that is scalable, then this is a good one.

In the next release, I would like to see improvements made to the interface.

I would rate this solution an eight out of ten.

The product is our solution for SSO (Secure Sign On). The solution allows users to sign in to one application, for example, Windows, and they will have access to other applications that require login without having to log in each time.

It decreases the complexity of access. This alone saves time, confusion and trouble.

SSO itself is valuable because it allows the users just to have one password. After logging in to their machine, users don't need to remember or enter additional passwords. There is no need to log in and log out many times, which saves time. Users log in to any application just by typing the initial password.

The product could be improved by simplifying changing the master password. That is, if you change a password in one place it would be good to automate changing the password for all the gateways so that change is less complicated.

It is very stable. This is because it is a mature product and it gets better with time. It improves and I think that it continues to do so.

It is very scalable. You can serve as many users as you need to add. As long as you have the machines and infrastructure in place there are no real limits to the scalability.

Initially, the customer support was in Europe and the technicians were very knowledgeable. Now they have changed support locations and customer support is not as good. The technicians are simply not as knowledgeable and experienced with the solution. Hopefully, over time this will work out and the new technicians will gain the knowledge that they need to service customers better.

In my experience, clients did not have a previous solution. The idea of the installation was to provide a solution which did not previously exist and make managing sign on less complicated.

In most cases the implementation is simple. However, it can get more complicated. In an instance which requires high security (e.g., a bank), we have to make sure there are no back door entry points to log in. Once this is done, it is very secure. If the installation is simple, it doesn't take much time. If there are hundreds of machines and they require customization, it can take quite a bit of additional time.

It's not easy to integrate Oracle Access with other non-Oracle products. It takes some more effort, and you will need to refer to the documentation or technical support. It will allow integration, but it will not necessarily be easy to implement.

We do the implementations ourselves so there is no need for additional vendors or engineers.

It is difficult to really tell what the exact return on investment is. The product saves time and increases security. These are the benefits.

Pricing is scalable depending on the number of users. The more users, the more it will cost. It is not the cheapest solution but it is the most compatible with Oracle.

We have chosen to install this product as an SSO solution because it is powerful, recognized and mature. We really did not consider other solutions as we service Oracle installations.

Oracle Access Manager is a very efficient solution if you're working with Oracle applications like ELT, and so on. It's very efficient with this because integration is built-in. You have to make sure that an application is supported by Oracle as the Access Manager product is meant to supporting their own products.

I will rate it as an eight out of ten because it's a good solution, it's very stable and integrated with Oracle solutions. It can be scaled as much as you need as long as you can afford it. 

We are Integrators. We implement and integrate this product for our clients, as well as provide support to our client who is using this solution.

Mainly, we are using it to provide access to two different systems that the client has. It determines the access levels of people. It tells you who needs how much access and then managing it through that.

Once it is set up, it is easy to use and it integrates with most of the products on the market.

The initial implementation can definitely be improved because you have to work on several components to configure it correctly. Nowadays, most of the solutions are a few clicks before they are installed and then configured.

Technical support needs improvement, they could be 200% better. The reason that most people are having problems is because of the support they provide.

It's very difficult to engage with them or to get the answers to your queries. The turnaround time is very slow. It needs to be faster.

In the next release, I would like to see the integration with non-Microsoft products as well. 

It takes a lot of time to integrate it with non-Oracle products. 

If you have an Oracle ecosystem then you can integrate it, but if it is Microsoft SQL or any other databases that are being used then it is not interoperable. It works but it takes time.

I would like to see if they can easily integrate with other technologies.

I have been working with Oracle Access Manager for a few years.

We are using the latest version.

For the most part, it's stable.

The organization that we are supporting has approximately 200 to 300 users.

Oracle technical support is never good for OAM.

Previously, we were using the AWS based product and Okta.

The installation is not straightforward. In fact, the implementation of OAM is complex, compared to other products, but once it is implemented it is good.

If there are no problems coming in, then it can be done in a few hours. However, if there are some problems then the troubleshooting is a long haul.

We have a couple of engineers to maintain this solution.

I would recommend this solution to others, especially if they are using Oracle products because it is easily integrable with those products. 

I would rate this solution a seven out of ten.

Single sign on between analytics and financial platform for internal and external users.  Authorization was front-door only, no granularity between apps.  Used to force acknowledgement of terms of use.

I was able to use the new SAML Service Provider capability to consume a federated token and exchange it for an OAM token for subsequent session requests across multiple applications.

Pretty robust dynamic HTTP Header Responses
Stateful session management, enabling server-side session termination and/or prevention of concurrent logins.

The ADF UI is clunky, IMO
The session URL redirects have to be accounted for network-wise. Default is client talking to OAM Server (PDP) in middle tier, which is not realistic. Need separate load balancer/VIP just for this.
Identity propagation to backend apps still immature, IMO. Still relying on headers without any kind of callbacks or 2-way verification, even with Oracle apps.

No

Too many HA interfaces.

Customer Service:

Poor. The EBS Access Gate support was delivered as a patch and support was not able to solve various problems, which I believe to be attributes to more current versions of OAM and WebLogic not being backwards compatible with the documented solution.

Technical Support:

Great blog content from A-Team at Fusion Middleware Security blog.

I've used Symplified, SiteMinder in other shops. This was an Oracle shop, so there was no discussion on which solution was best.

Only because I was familiar. I doubt a first-timer would be able to navigate the documentation.

I was the sole implementer as an independent contractor.

Cannot divulge.

Not in this case.

Consider alternatives. There's nothing specific to OAM required to provide SSO to Oracle applications.

We use this solution for Single Sign-On and for mobile authentication integration.

From a technical perspective, the solution is very good we can operate and control the user by ourselves.

There could be some improvements in the documentation and overall knowledge base of the solution.

I have been using this solution for a few months.

The stability is good.

In my experience, I have found the solution has good scalability.

The technical support is quite good.

The installation is very easy. The full deployment took approximately one month.

We use a three-person technical team to do the maintenance and deployment.

The price is really good and it is flexible because they have CPU licenses. The license is a one-time-only purchase.

The solution is comparable to others, such as IBM.

I rate Oracle Access Manager an eight out of ten.