What is our primary use case?
The reason why we started using the product was that it was used by one of our customers. The customer called us to help protect access to their online banking website. Oracle Access Manager handles the login process for them so that the bank's customers can get access to their online bank accounts.
What is most valuable?
The most valuable feature is the ability to customize the product with our own code. We developed some custom code and integrated that code with the product to fulfill the customer's requirements. This feature was really useful for us in this case. We did not use any of the very advanced features in the product. We mainly used it for the basic functionality and features to perform username and password authentication.
What needs improvement?
I think two aspects of this product can be improved. The first is that the product overly complex to install and configure. The second is the reliability of the product. It was not very stable and dependable during the period of our experience with it. We definitely had some problems with the stability of the product.
Specifically, I remember we had some performance problems due to coherence issues and also problems related to the database. It seems that Oracle Access Manager makes use of a database to store configurations and the session information. In practice, this did not work very well and was resource-intensive. I don't remember exactly everything about the situation right now, but the resources were not being used well and that was the main issue with the product performance and lack of stability.
It is difficult to consider the potential for additional features the product might need because the product already has all the features that we needed to fulfill our customer's requirements for the product. So we do not actually need any additional features in particular in order to satisfy our use case. There is the possibility that there could be an addition of some type of risk analysis or adaptive authentication based on risk analysis. But if I'm not mistaken, Oracle already has a separate solution called Oracle Adaptive Access Manager that provides this functionality. It is a feature in another product that is a separate solution — which also means a separate licensing cost. Maybe that is already how they want to pose this as a solution: you install the Oracle Adaptive Manager as a separate product and you integrate both of them. It is just adding another level of complexity and cost.
I have not used Oracle Adaptive Access Manager, so I cannot say much about it. But risk analysis is a trending topic in web access management products these days.
For how long have I used the solution?
We were using the product for four years. We stopped using it over the past few months.
What do I think about the stability of the solution?
As far as stability, I had some performance problems and also problems related to the database. I would expect a product with a reputation like Oracle to be very stable and it is not in my opinion.
What do I think about the scalability of the solution?
I think that this product was really designed scalability in mind. If there is a positive about it, it is very scalable. We currently have about 1.6 million users and I am not aware of a limitation.
How are customer service and technical support?
During my three years of work with the Oracle Access Manager, I have opened many, many cases so I am familiar with their technical support practices. As far as evaluating the solution's technical support, I do not think they are very good. First of all, they are slow. It takes far too much time to get an answer. And when the answer comes, very often the answers sometimes are wrong, not very clear, or not very good. I do not think that they spend much time really analyzing the problems. There is no quality to their work in the way that they handle issues in most cases. I will not say that is the result in all cases, but with most issues that I reported to them, I was not satisfied at all with the result.
Which solution did I use previously and why did I switch?
I have used several products in the category of access management. In my opinion, other products — and in particular SiteMinder — are more reliable. I like the SiteMinder product as it is also simpler also to install and configure than Oracle Access Manager.
How was the initial setup?
The setup is more complicated, complex and takes more time than the setup of comparable solutions like SiteMinder. The reason for this is because, with Oracle Access Manager, you have to install an Oracle WebLogic Server that is an administration server. Then you need to install another WebLogic server where you deploy Oracle Access Manager. The whole process of doing this is kind of complicated in my opinion.
If you want to install SiteMinder, for example, you just run an installer on Windows and you are done with the installation. That is it and it is that easy. You do not have to fuss with additional installations. And the graphical interface in SiteMinder is more user-friendly. In general and from an architectural viewpoint, SiteMinder is just more simple than Oracle Access Manager.
With Oracle Access Manager, the deployment took about one week for one environment and to get the installation to a state of completion. I was the only one involved in the deployment process and I did the whole job. One or two people at the client site do the maintenance after deployment. That is one person for monitoring and maintenance and then an Oracle professional. The customer has the Oracle professional in order to deliver Oracle professional services and as an Oracle consultant for major issues. He is not there for daily operations. Daily operations is what the other person is for.
What other advice do I have?
The advice that I would give to people who are beginning to work with this solution is that it is a good idea to consult the Oracle documentation. Oracle products tend to come with a lot of documentation and there is more available in their other resources. I think that it is worth spending the time to study the documentation is very important, and it is time well spent. Making the effort to study the product can reveal features that you were not already aware of or make you understand better ways to approach a problem, use a feature, or maybe avoid bothering with the technical support. There are also certifications that Oracle provides with the study material. It is very important to develop your own knowledge and consult these resources to gain the expertise necessary to use the product effectively.
The biggest lesson I have learned from working with Oracle Access Manager is really only that the product offers a lot of features. It is more complicated than other access management solutions and may not be the best choice for those who do not have more complicated needs. Just because it has the Oracle name does not mean it is the best for every solution. Because I have been working with other access managers for a long time, using a product in the access management category was nothing really new to me. But Oracle seems to really be trying to appeal to users who have more specialized needs.
On a scale from one to ten where one is the worst and ten is the best, I would rate Oracle Access Manager as a six-out-of-ten in general. There is difficulty in the setup complexity and poor technical support. The product should be much better.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Good part of it is that it provides us a great deal of flexibility. With the Access Management Suite, you get identity federation, virtual directory and various other things so we can combine all of our backend Active Directory and other pieces into a directory that looks like one directory, including external users, vendors, and outside people with whom we have partnerships. Its really helpful