Oracle Identity Governance Reviews

The most valuable features are the attestation of identities and the robust set of identity analytics.

The way we have designed and implemented the solution has set us up to become a shared service model. This platform allows for us to customize any solution to meet the business capabilities.

With Oracle, it's always about the learning curve and the nature of how the product is integrated. It takes tons of training and getting the right experienced people involved in order to launch the initial framework. Some of the adapters also do not work very well or have limited functionality.

We have used Oracle IdM Products for 3 years now but just started using the new R2 framework 6 months ago.

Yes, we encountered issues with determining if we wanted to use the LCM installation over manual. Once we determined that LCM was a good choice then it was a pain getting the SAN setup correctly to allow for these silent installations.

In our sandbox environment we had stability issues but only because all the components are on the same server. Once we worked out the kinks of first time R2 users, the platform seemed fairly stable.

We did not encounter issues with scalability since we architected the solution to scale out enough to handle data.

Oracle is pretty good about helping as long as you have the solution built according to their specifications. The trick with support is making sure the hand-offs are done in a timely manner since you may start with someone from a 6 time zone difference. I always get the duty manager involved with critical issues so that these gaps are addressed.

Depending on who you get, some of these folks are really sharp and there are some still learning the product.

We used Microsoft ILM and FIM to manage our identity management provisioning and used Symphony for our Access Management side. We made the switch because Oracle offered a more robust solution for us to become a shared service for Identity Management.

As with any Oracle product, it's never straightforward. We knew what goals we needed to achieve but the challenge was having numerous design sessions to cover the possibilities, risks, and impacts in order to achieve those ambitious goals.

We had a combination of both in-house and outside professional services to help. I would rate our outside expertise very well.

Too early to determine at this point in time but we have some ROI on the deployment side by shaving 6 hours per environment setup by using automated installations.

Not including licence, we had a generous project budget to set-up and replace our legacy platform. The day-to-day cost is based on 3 people we have to support it. Of course our team & infrastructure is growing so the cost will rise by nature of supporting the service.

We evaluated products such as at Microsoft, Okta, CA, and IBM. The Oracle platform was more aligned with our business road maps and meets the desired capabilities the business needs.

Get people who have performed R2 installations and designs. This is important because if it's not done right the first time then you will be spending a lot of time either fixing issues or having to re-build everything. When you have such a robust system such as this, it gives you many ways to architect solutions.

My clients use Oracle Identity Governance for lifecycle management on different products. My company developed connectors to get feedback about this governance solution for clients in terms of managing the user lifecycle for any product.

The most valuable feature of Oracle Identity Governance is user lifecycle management. Certification is also a valuable feature of the solution. Oracle Identity Governance allows you to assign who has access to what, which is its basic feature.

Oracle Identity Governance, particularly version 12c, can handle multiple scenarios, but for a regular user, I found the use cases not that extensive, so this is an area for improvement.

The implementation process for Oracle Identity Governance is also a bit more complex than how you implement competitor products, and this is another area for improvement in the solution.

Technical support for Oracle Identity Governance also needs some improvement.

Another area for improvement in Oracle Identity Governance is its documentation. Currently, it's lacking when compared to SailPoint.

What I'd like to see in the next release of Oracle Identity Governance is a bit more scope for AI-based Identity governance. If the solution has built-in intelligence, that will give it more leverage. Another feature I'd like to see in Oracle Identity Governance in the future is the option for managers to provide access to others via mobile devices or phones.

I've been implementing Oracle Identity Governance for more than five years.

Oracle Identity Governance is a stable product. It has many connectors, so you can plug it into many other products. You can do pre-processing, but you'll first need to do some programming, so stability wouldn't be an issue if that's taken care of. Oracle Identity Governance works well.

Oracle Identity Governance is a scalable product.

I'd rate the technical support for Oracle Identity Governance as three out of five. It still needs some improvement.

I used to implement SailPoint before Oracle Identity Governance, and SailPoint had better documentation than Oracle Identity Governance. I found the documentation for Oracle Identity Governance lacking.

The initial setup for Oracle Identity Governance was a bit complex compared to other products, for example, SailPoint. Implementing version 12c of Oracle Identity Governance has improved a bit, though.

I can't say much about the pricing for Oracle Identity Governance because it's different from one geography to another. In India, the license price costs less than in other geographies.

Oracle Identity Manager is now rebranded as Oracle Identity Governance, and I have experience with it.

I was part of the development team for Oracle Identity Manager, which is now Oracle Identity Governance, so I've worked on developing Oracle Identity Manager for around ten years, then, I've been into consulting, specifically implementing Oracle Identity Governance.

My company is a consultant for Oracle Identity Governance, but it's not an Oracle partner.

Multiple banks use Oracle Identity Governance, so it has millions of users.

My rating for Oracle Identity Governance is seven out of ten.

We use this solution to create and manage the user lifecycle. We are customers of Oracle. 

Password management is a valuable feature.

When Oracle released the 12c version, they deleted the  Privileged Account Manager from its security solutions. If a customer had implemented that in the previous release and wanted to update it, they could be faced with a huge problem because that product no longer exists. I think the platform could be enhanced and I found bugs in their documentation. Information relating to some connectors is incorrect. I think Oracle could simplify Access Manager.

I've been using this solution for six years. 

This is a stable platform.

The solution is scalable, we have over 500 users. 

Sometimes the support is not able to resolve our issues and they're often changing support engineers. I think there is room for improvement with the support.

Neutral

I consider the initial setup to be easy. If it's a matter of deploying two or three applications, the setup could take one or two months. For five or 10 applications, deployment could take at least six months. It all depends on the number of applications. 

We moved to this solution because of its cost. 

It's important to be aware of the identity and access management process by reading the documentation. Before implementation, it's important to prepare an environment to install the solution for an indication of how it should be installed. 

I rate this product seven out of 10. 

I implement and manage the solution in customer environments to oversee user identities and access levels.

The most valuable feature is the user manager certification that approves or removes user access. Once managers receive results of a certification campaign, they can take action to approve or revoke access to users working for them with changes implemented at signoff. 

The solution should be easy to implement with components combined in one file and built-in features to integrate target applications without having to install additional connectors. Currently, we have to download, install, and configure connectors to integrate each target application and that is not the case with other OIM products. 

Patches are published every few months and applying them in the customer environment requires maintenance to the box because it is very tricky. If work on the boxes was conducted properly, patches would only need to be published once per year. 

A backup of the existing configuration is required when applying tests and that takes up space on the server. 

I have been using the solution for four years. 

The product is not stable and has issues even if conservation is managed accurately so it requires fixes and maintenance at the end of a project.

The product is scalable. 

Technical support needs to be more responsive, knowledgeable, and experienced. Sometimes it seems that I have more knowledge than the support team so resolving issues takes time.

I rate support a six out of ten. 

The setup is complex compared to other OIM products such as 4G and Okta that are easy to implement in a customer environment by zipping the WAR file and deploying it. 

The product has a number of components that require integration with each other before deployment such as OIM, OEM, OAM, and Web Logic that need to be downloaded and installed completely, making setup difficult and very complex.

Setup could be much easier so I rate it a six out of ten. 

Our team implements the solution for customers. 

We have not experienced improvement in performance, financial aspects, or functionality and that should exist with the new governance.

I do not know specific pricing but the product is expensive when compared to other OIM products. 

Ford Truck is very quick and easy to implement in a customer environment. It is user-friendly, stable, offers a lot of customization, and doesn't take more than ten or fifteen minutes to implement. 

I am not currently recommending the product to clients because there are other good products on the market that can be implemented and used in their environments with minimal customization. 

Solutions that are user-friendly, easy to learn, stable, and quick to implement are desirable to our clients. If you are considering the product, compare the price and service to other OIM products and determine what is best for your client or company. 

I rate the solution a seven out of ten. 

We are using the on-premise deployment model of this solution. We chose this solution because we have a lot of Oracle products and other Oracle products aren't compatible with Active Directory. 

It has a very good response time but on the other hand, we have experienced a number of bugs. It responds fast but because of the bugs, we have already had some major incidents and complete unavailability. That's why we are not happy with the current version and we decided to upgrade it. We also tried to change the architecture setup to have less of an impact when the bugs occur and to have more availability. Oracle helped us to design the new architecture. 

We didn't make concrete plans yet about when to switch because we are still working on the high availability setup path. It will be a high availability setup, each data center with an active process failover in case something blocks it.

The reason we are upgrading to the next version is because today we have stretched clusters across data centers. We experienced major problems with the cluster software and the product, which is coherence. In the next version, that part will be handled by the database. We hope that we will get rid of those stability problems because of the bugs that are in there.

I have been using this solution for the past seven years but it has been deployed at my company for longer.

It's not so stable in our environment. It might have something to do with our old network. We're replacing the network now but it's very latency-sensitive.

There are quite some setbacks and I think Oracle is very well aware of them. There is no real service level management on the contract side. When you log something, you do get priority, but in general, you need to escalate something for them to look into it. The quality of their answers are often not so splendid either. We already had some commercial discussions with them on how we could improve it, but it's so expensive that while it's not affordable for a company like ours, you can hire a technical account manager for products, which isn't something we can do. 

It is a complex product. There are not a lot of engineers with knowledge about it. That's the first problem. I think it's a general problem. We do have one consultant and one internal person just for the line support and installations. We know from experience from a consultant that worked with different customers that they all have the same problem.

We have one consultant working on this product and it's a full-time job here.

The hardware and the operating system obviously cost money. With Oracle, you have the product itself and the management product which might be expensive sometimes as well.

As a customer, it's not okay that the salespeople sell you a product that they don't tell you all the ins and outs about and you are expected to manage it. You discover all of these things afterward if you don't ask the right questions.

In the current setup, within our network, I would not rate it too high. It's maybe a six or a seven out of ten. Although, it might be related to the performance of our network.

It's a good product as such, but you need to be aware that you need some people who are having the knowledge.

The most valuable features are the comprehensiveness; the whole identity lifecycle management; the centralized view of people requesting access to provisioning, to SLD, and to access review; basically, the whole suite.

The features are there. Oracle has always had a good vision about where the product is going.

The greatest benefit is increased efficiency so we can manage the identify lifecycle faster and better and so we can govern the access from a central place and make it easier.

I would like them to focus on profile-based provisioning and make what we call the birthright access management. We need to have an easier way for people to find out the birthright rules and based on the birthright roles, the people get access they need to get what they want done.

By profile, I'm referring to job profile. Take engineering as example. To do their jobs, all engineers need access to some applications and systems. There are typically multiple engineering teams, e.g. the access needed by network engineering team can be quite different from security engineering, corporate software engineering, and customer facing software engineering. However for each of these engineering teams, people tends to have the same job profile (title, reporting to, department, etc.) and they may require the same access rights to a common set of apps / systems.

I am imagining that users could select security engineering and then a number of access requests could be generated for a list of apps / systems that a typical security engineer needs access to.

But first they need to work out the product stability issues and make it easier to upgrade, support, and troubleshoot; those kinds of things.

Sometimes, it does not meet our expectations in terms of stability. I would give it a 3.5/5 for stability.

Given that it's an OEM product, the scalability is not really a critical factor for us. People can wait for minutes, hours, even days to get access granted. For OIM, it's not really a high criteria.

Technical support is pretty good. The only comment is that it depends on which company you come from. Some companies have great relationships with Oracle's product management, so they can get access to the best resources faster than others. We happen to be one of the customers that have a close relationship with Oracle, so no complaints.

We did not really have a previous solution. OIM has been here for years. Many, many years ago, we had a homegrown solution, but it’s no longer there. For the several past years, I know it's just been OIM.

Initial setup is not a part of my job function.

I just joined, so there's no initiative to reevaluate that part.

I would certainly short list OIM on a list of candidates along with some others in the market. With Gartner publishing every year, you have a good review for all the products on the market. For me, Oracle is at least top 5.

The features are there. Oracle has always had a good vision about where the product is going.

A vendor must have a quality product with easy-to-use features. Right now, user experience is a big thing in the market. Many vendors offer similar solutions. Ease-of-use and the quality of that is the main factor for us.

The following is a list of features that I have observed being used by my client that I have implemented:

1. User identity provisioning & lifecycle management
2. User Identity Profile/Attribute management
3. Self-Service Tool for end-user access request & password change
4. Role and Entitlement provisioning in target application/s
5. Auto de-provisioning of user identities
6. Audit capabilities & Report generation

I have seen an organization benefit through the automation of mundane repeat tasks related to setting up user identities, and managing user access as per a defined role. One of the key business driving factors for OIM implementation has been SOX compliance. End User Self-Service like password reset and access request is another feature that helps to reduce helpdesk calls.

The underlying architecture of the product is quite complex and hard to maintain and troubleshoot. Self-Service capabilities are quite limited, and the out-of-box capabilities are limited and customizations are quite complex.

I’ve been using it for four years.

Releases prior to 11gR2 PS2 were hard to deploy due to lot of shipped bugs. Every implementation was like dealing with an endless series of patches.

Once you get it working right, it turns out to be quite stable. 11gR2 PS2 can be considered as the first bug free stable release.

Scalability has never been an issue.

Technical support is horrible. It is faster to find the resolution ourselves than rely on support. Product team engagement has been helpful but it’s hard to get direct access to the product team resources. They are good at responding as per SLA without issue resolution.

I have worked with Microsoft FIM and SailPoint IQ as well. This was not by choice but the client environment was a multiple identity management platform. Silo based deployment had resulted in a solution that meant that there were multiple identity management solutions supporting the company’s global needs.

It was complex, primarily due to dependencies on various underlying technologies like Java, WebLogic, SOA, Database, and BI for reporting etc. Version compatibility was critical and any mismatch could lead to partially functional implementation. Things got better with 11gR2 PS2.

I was part of vendor team responsible for implementing the solution.

One thing for sure, is that it is the most comprehensive solution out there in the market. During the preliminary stages when the concept of Identity Management was not well defined, every vendor came up with a product offering solution for very specific use cases. Now, the offerings are quite mature but they still have trace and limitations bound to their origins. If you are looking for a simple, and quick, tool to get started with, there are many options out there in the market but then there are limitations that require customization or creating features from scratch.

• Oracle Identity Federation
• Oracle Internet Directory (LDAP)
• ODSM
• OIM
• OAM
• Oracle Virtual Directory

It replaced the old Oracle SSO and OID, helping us save on support for off-the-shelf products.

Also, it easily integrates with other applications, even with custom apps.

• Installation process
• Technical support
• More relevant documentation about specific parameters (as I still have no clue what they are responsible for)
• Better documentation for HA and clustered setup especially with F5 Load Balancers

We've been using this solution for more than two years.

There were no issues with the deployment.

We had some small issues with stability, particularly with memory leaks in some functions of this product. However, Oracle came up with the right patches.

We've had no issues scaling it for our needs.

4/10 for Australian customer service. It seems like Oracle customer service does not know its product as well as I know it.

4/10 for Australian technical support. I noticed that US technical support is quite knowledgeable, so I recommend asking for support only from Europe or North America as they have good engineers there.

The initial setup was complex, as any enterprise identity management product would be. First, it's not clear what to download from Oracle e-delivery. Secondly, it's not one product but a complex, multiple-component system. We have to first install OID, and then find the right repository creation utility RCU. Apart from this, you need to install SOA first for OIM, and there are multiple patches for the database and infrastructure. Only after all prerequisites have been met is it possible to install.

People from a pure Oracle DBA background can't do this. You need to have all-arounders with knowledge of SSL and PKI infrastructure, plus a little bit of skill with Linux. They also need to have Oracle Database skills and not follow template thinking.

Also, due to the nature of the organization, my employer is paranoid about security, so it is done in a very secure configuration, including reverse proxies, traffic encryption (SSL), and High Availability setup with F5 Load Balancer. It was just really complex.

It was implemented in-house by two or three experienced contractors/consultants, including myself.

It has many built-in components, and some components, if you don't actually use them, you don't need to purchase them.

We did not consider other solutions as we needed a certified and supported configuration to perform an integration with Oracle E-Business R12. Also, the potential integration with other identity management systems was a factor.

Just go for it. Stability and scalability are very good. Once installation is done and it is stable, you will not experience too much trouble.