Oracle Identity Governance Reviews

The most valuable features are the comprehensiveness; the whole identity lifecycle management; the centralized view of people requesting access to provisioning, to SLD, and to access review; basically, the whole suite.

The features are there. Oracle has always had a good vision about where the product is going.

The greatest benefit is increased efficiency so we can manage the identify lifecycle faster and better and so we can govern the access from a central place and make it easier.

I would like them to focus on profile-based provisioning and make what we call the birthright access management. We need to have an easier way for people to find out the birthright rules and based on the birthright roles, the people get access they need to get what they want done.

By profile, I'm referring to job profile. Take engineering as example. To do their jobs, all engineers need access to some applications and systems. There are typically multiple engineering teams, e.g. the access needed by network engineering team can be quite different from security engineering, corporate software engineering, and customer facing software engineering. However for each of these engineering teams, people tends to have the same job profile (title, reporting to, department, etc.) and they may require the same access rights to a common set of apps / systems.

I am imagining that users could select security engineering and then a number of access requests could be generated for a list of apps / systems that a typical security engineer needs access to.

But first they need to work out the product stability issues and make it easier to upgrade, support, and troubleshoot; those kinds of things.

Sometimes, it does not meet our expectations in terms of stability. I would give it a 3.5/5 for stability.

Given that it's an OEM product, the scalability is not really a critical factor for us. People can wait for minutes, hours, even days to get access granted. For OIM, it's not really a high criteria.

Technical support is pretty good. The only comment is that it depends on which company you come from. Some companies have great relationships with Oracle's product management, so they can get access to the best resources faster than others. We happen to be one of the customers that have a close relationship with Oracle, so no complaints.

We did not really have a previous solution. OIM has been here for years. Many, many years ago, we had a homegrown solution, but it’s no longer there. For the several past years, I know it's just been OIM.

Initial setup is not a part of my job function.

I just joined, so there's no initiative to reevaluate that part.

I would certainly short list OIM on a list of candidates along with some others in the market. With Gartner publishing every year, you have a good review for all the products on the market. For me, Oracle is at least top 5.

The features are there. Oracle has always had a good vision about where the product is going.

A vendor must have a quality product with easy-to-use features. Right now, user experience is a big thing in the market. Many vendors offer similar solutions. Ease-of-use and the quality of that is the main factor for us.

Oracle has lots of products, but our use cases for Oracle Identity Governance include user onboarding similar to what SailPoint is used for, for example, on AESOP, and certification. We also use it for access requests where end-users can go and request access, then we can provide user access or communicate the password to a user secretly. Oracle Identity Governance is where we can have the password portal and also provide role-based access.

What I like most about Oracle Identity Governance is that it is a very flexible tool. It allows you to do any customization on Java as it is built on Java and you can write any customization code using Java. I also like that Oracle Identity Governance is pretty much stable. In my company, there are a lot of users, so my company prefers this solution.

Pricing for Oracle Identity Governance could be improved. The setup process for the tool could also be faster.

I've been using Oracle Identity Governance for three years.

Oracle Identity Governance is a very stable tool. It has good stability and my company didn't see any issues with it.

Technical support for Oracle Identity Governance is good.

The initial setup for Oracle Identity Governance is not that straightforward. It takes time compared to setting up SailPoint.

Oracle has multiple implementation partners, so any client who wants to use Oracle Identity Governance can work with an implementation company, particularly one that gives the best service, in terms of installing or configuring the the tool.

Oracle Identity Governance is expensive.

I evaluated SailPoint.

My company is using Oracle Identity Management, now called Oracle Identity Governance.

Right now, I would not recommend Oracle Identity Governance because there are new and very good tools available in the market.

My rating for Oracle Identity Governance is six out of ten.

The most valuable feature is that it provides a consistent user interface. That's the primary thing, the consistent user interface.

Over time, it will improve the way my organization functions. We've had some challenges as far as rolling it out, but that's the goal. We have a consistent set of processes, so we need a consistent toolset to be able to disperse across our organization.

One of the things they don't have is, they don't provide support for what are called service accounts, non-human accounts, non-human IDs. That's critical.

In addition to that, we have some role mining capabilities that Oracle really hasn't included or defined what they're going to do, how they're going to incorporate that. They've been converging these two products for a very long time, Oracle Identity Manager (OIM) and Oracle Identity Analytics. There's still that component that's still outlying.

We've had some stability issues. We've worked closely with Oracle to resolve them. Just recently, we got performance issues. We're going to the new version. It was released last year. There are about a dozen customers that have it. We've discovered some performance issues. Oracle has worked closely with us. It's gotten to the point where it's ready to go. We're going live with it this weekend, the new version.

Scalability is one of the problems that we've had. Now that we've had it in production, and we have X number of concurrent users, we're having some performance issues. That's what they've helped us with, as far as they’ve given us some patches to correct the issues; it's become a little more acceptable. We're not at end state yet, so that's another thing we're going to continue to work with them on.

We meet often with Oracle. We have, literally, meetings at least twice a week with our technology staff. I coordinate a monthly meeting with some of their executives and our executives. We have a lot of visibility with Oracle. Overall, technical support is very good.

I was involved with the initial setup. It's not so straightforward. It's a very complicated space. It's a complicated tool to implement. There seemed to be a lot more customization and configuration that we needed to do; we initially believed we could just work out of the box.

Several years ago, I actually coordinated a proof of concept. We looked at several different vendors. We eventually landed with two vendors. We actually had kind of a bake off. Both of the vendors came in. We put them through a series of tests, we had usability tests, scripted tests. We had them demonstrate a lot of their functionality, and then we evaluated them. The OIM product came out on top.

We decided to go with Oracle because, when we did those different types of tests, they scored better than the other provider in all aspects.

When I’m selecting a vendor such as Oracle, it's important for us to make sure that they deliver on time, that they have a solid road map, and that they have the resources to back what they commit to.

I recommend the product. I recommend that they consider pilot rollouts when they go live, not a big bang, so they can gradually understand, once they implement it, what the real impacts are. That's pretty much the biggest “a-ha” that we had. Build the knowledge and understand how it functions, not just based on the documentation, but try it out, test it out, and come into it, eyes wide open.

I don't think there are other products like it out there. Again, there's always room for improvement.

Automated User Creation and provisioning of connected resources in the case of Identity Manager, Access control to protected web resources with regards to Oracle Access Manager.

OIM eliminates the need for manual creation of users and assigning of various resources. It reduces the time needed for onboarding new users.

The management of workflows could use some improvement as well as the overall performance of the product. Because this is such a complex product, we find that it runs a bit slower than its competitors.

I have used the Oracle products for 7 years. I have experience with both the 10g and 11g versions of the product.

Yes we encountered a lot of issues with deployment due to the fact that we are a highly customized environment.

No, this has not been much of an issue for us.

No this has not been much of an issue for us. The product scales quite well with the size of our user base.

The customer service for the product is satisfactory.

The level of tech support could use some improvement.

We did use a different product before going to Oracle and we made the switch due to lack of support for the other product.

The setup was complex due to too many customized provisioning workflows within our organization.

We implemented the product through a partner of the vendor. Their expertise was what we expected.

Yes, we evaluated both Sun Identity Manager, and CA Identity Manger.

I would say this is a good product but some time would have to be spent in planning and learning.

Whether I need to request permissions for certain other business applications, I put in a request. Then I'm given permission.

You actually deploy it together with Access Manager. They work together. You may not even notice the difference.

There are two valuable features. One, I am able to request any access rights I need. I don't even need to talk to my manager. I just request, and he can see the request and approve or reject it and give a reason. It's all very clear. Two, the Self Service I get is great. I can reset passwords, whether I have forgotten them or just need to change them. I don't have to call IT to help me with the password resets. 

In terms of room for improvement, to be honest, I haven't considered anything. I don't have anything I can say about improvement.

It's a complex solution, so it will take time in terms of deployment. It is not that easily deployed. Maybe if they can make the deployment easier, that would be great.

From a technical point, maybe they need to share how the integration with privileged access management solutions works since they no longer have privileged access management. If they can properly support integration with the existing leading privileged access management, that would be great.

I've used the solution for a while. 

We do not have plans to increase usage. Usage is static. If the number of users increases, if more are hired, we may increase. It is just based on the organization. There is no plan to change to another solution. If the the number of users increases, we'll still have the same application, as it is licensed and not a monthly subscription. It is a perpetual license. There will not be any changes.

The initial setup is complex. It's not easy to deploy. They've tried to improve the onboarding process, however, they should continue to make it easier. 

We have a perpetual license. 

I'm an end-user.

Before you implement, ensure that your workflows are right. You need to ensure the structure of your business in terms of workflow and that the permissions and the roles are well-defined so that when you onboard Governance, it is only automating what you already have.

I'd rate the solution nine out of ten.

• Oracle Identity Federation
• Oracle Internet Directory (LDAP)
• ODSM
• OIM
• OAM
• Oracle Virtual Directory

It replaced the old Oracle SSO and OID, helping us save on support for off-the-shelf products.

Also, it easily integrates with other applications, even with custom apps.

• Installation process
• Technical support
• More relevant documentation about specific parameters (as I still have no clue what they are responsible for)
• Better documentation for HA and clustered setup especially with F5 Load Balancers

We've been using this solution for more than two years.

There were no issues with the deployment.

We had some small issues with stability, particularly with memory leaks in some functions of this product. However, Oracle came up with the right patches.

We've had no issues scaling it for our needs.

4/10 for Australian customer service. It seems like Oracle customer service does not know its product as well as I know it.

4/10 for Australian technical support. I noticed that US technical support is quite knowledgeable, so I recommend asking for support only from Europe or North America as they have good engineers there.

The initial setup was complex, as any enterprise identity management product would be. First, it's not clear what to download from Oracle e-delivery. Secondly, it's not one product but a complex, multiple-component system. We have to first install OID, and then find the right repository creation utility RCU. Apart from this, you need to install SOA first for OIM, and there are multiple patches for the database and infrastructure. Only after all prerequisites have been met is it possible to install.

People from a pure Oracle DBA background can't do this. You need to have all-arounders with knowledge of SSL and PKI infrastructure, plus a little bit of skill with Linux. They also need to have Oracle Database skills and not follow template thinking.

Also, due to the nature of the organization, my employer is paranoid about security, so it is done in a very secure configuration, including reverse proxies, traffic encryption (SSL), and High Availability setup with F5 Load Balancer. It was just really complex.

It was implemented in-house by two or three experienced contractors/consultants, including myself.

It has many built-in components, and some components, if you don't actually use them, you don't need to purchase them.

We did not consider other solutions as we needed a certified and supported configuration to perform an integration with Oracle E-Business R12. Also, the potential integration with other identity management systems was a factor.

Just go for it. Stability and scalability are very good. Once installation is done and it is stable, you will not experience too much trouble.

I used Identity Governance to provide clients access to different solutions. For example, one client had an Active Directory, and we offered the client access to create accounts there. There are Active Directory and Exchange accounts, and there is a database specific to this client that requires a special connector.  

In addition to the database, the client has a website where they can create accounts using their SOP protocol. Unfortunately, it's not so easy to use the standard Oracle Identity Manager Connector with SOP protocol, so we had to develop a new connector to communicate with this website and create accounts in these web services. 

The one thing that stands out was is the automatic sign-out when an employee goes on vacation. Identity Governance can monitor when an employee goes on vacation and returns. We use this feature to automatically disable all the employee's accounts when they go on vacation, and they're automatically enabled when they come back. We can also automatically delete the employee's accounts when they're dismissed. Oracle has a model that gives you precise reports. It's called Crystal, and it's similar to JasperReports, so we can derive reports from this database.

Identity Governance is a difficult tool to work with. You have to input many models to understand what is happening with the logins. The user interface is not so good. And a lot of the features we use aren't available out of the box. You have to develop a lot of the basic things yourself. It would be nice if Oracle provided these common features.   

I've been using Identity Governance for five years. 

Aside from a few bugs, Identity Governance is mostly stable.

Identity Governance can scale up. 

Oracle support is excellent. However, it varies depending on the level of support the client pays for. If you pay for a premium service license, they respond quickly.

I owned a company that implemented these solutions for various clients. Each client has a different identity manager, so we worked with three identity solutions: Oracle, NetIQ, and Computer Association.

It was challenging to implement Identity Governance. The time needed for deployment depends on the size of the client. While it's possible to get it done in three days, deployment can take up to a week. 

I rate Oracle Identity Governance six out of 10. If you're planning to use Identity Governance, you need to learn Java to fully meet your business requirements.

One of the most visible improvements would be the fast turn around for getting users access to the system on the day they start work and getting users out of the environment on the last day of work.

The most important features that have impacted our environment recently are the Single Sign-On solution, role based provisioning, and the automated provisioning of accounts to target systems. This is because we operate in a large environment with huge user turnover. Lots of applications are manually provisioning and deprovisioning, which can be quite daunting when done manually.

The development and the administration side could be a lot more intuitive and easier to use than it currently is, in terms of functionality and what it tries to achieve as a Single Sign-On entity for an enterprise environment. However, on the development and administration side, the learning curve is steep and quite challenging to master.

We don’t really have any issues with the platforms stability as it is up and running with minimal downtime that is caused by the OIM itself. I would rate the platform as very stable.

At the moment, we have not had any issues with the product’s scalability.

The technical support from the product owners could be a lot better. Their default mechanism seems to be referring you to documentation, which most times does not solve your issues immediately. I believe that when you reach out to technical support for help, you want someone who can help address your needs immediately, not telling you how to investigate the issues yourself.

This is the first implementation of a Single Sign-On solution.

I was not here for the initial setup, but from what I have seen so far, it seemed pretty complex.

Document, Document, and Document. The product is very vast and complex and it can get pretty large in a short amount time. It pays to document every thing you do. Other than that, I think it’s a great product and it has a lot of potential.