Oracle Identity Governance Reviews

Oracle Identity manager is the best tool in the market for access managers.

I would like to see automation in the solution. We need also integration with the Identity Manager. The solution needs to improve in the application integrations part. It also needs to focus on application deployment as well.

The tool is stable.

The solution is scalable. We have around four to five customers for the product.

The product’s technical support is not bad. They will respond immediately.

The solution’s setup is straightforward.

I would rate the overall solution an eight out of ten.

Our primary use case for this solution is for internal employee user lifecycle management and the automation of access provision for target systems. This IAM solution is implemented on-premise with complete high-availability and a separate DR site.

This solution has improved the organization in several ways, including saving many help-desk password-reset calls, IT staff productivity, and quicker user on-boarding.

The features that we find most valuable are:

• Trusted reconciliation with target systems helps eliminate orphan accounts and alert administrators if unauthorized account detected.
• Segregation of duties and role mapping helps streamline organization application efficiency and access certification for higher management
• Workflow capabilities with customization help to achieve expected multi-level approvals with email/SMS alerts during access and account creation to responsible parties.

The improvements we feel are currently needed are:

• Immediate IAM product certification to new version 12c with other Oracle products such as CRM/ERP and SAP etc.
• Simplify and add more functionality to Identity Cloud Service (IDCS)

Features that we would like to see in the next release are:

• Introduce a matured Privileged Access Management solution to make the IAM stack fully compliant with any customer environment.
• Provide a solid roadmap to Oracle PAM or similar product under Oracle IAM umbrella.

Good!

Excellent!

Technical Support - Overall Good

Vendor

Rate - Excellent

Efficiency and we save a lot of time and money.

Get the right product which you can customize as per your business needs. IAM is a journey and you cannot switch products after 2-3 years; hence consider strong roadmap of the product.

Yes, CA and IBM products.

The best part of Oracle Identity Manager is how well it will align to the business. There are features that are more generally required by business and you can easily get them with Oracle Identity Manager. If you compare it with Azure, with the latter you need to do customization and there are a lot of limitations in each of the tools. The connectors we have for Oracle Identity Manager are good, so you don't need to do custom connectors and all.

When I joined my project, they had been using a meta directory for identity management and application provisioning. There were around 150,000 active accounts, out of which many were redundant. They had left the organization 10 years ago. They were still active and they were paying for the maintenance of those accounts on a monthly basis. And there was no data clarity. So the moment we on-boarded Oracle Identity Manager, we started data cleansing, and started to do unmanaged account reconciliations.

With the help of support, we were able to reduce the cost of every identity which was active and was not in the organization.

One thing is the size of the infrastructure that is required for Oracle to implement. In addition, the maintenance cost and pricing.

With an Oracle implementation, we need to have a high availability of infrastructure where you need a minimum of four servers. Compared to SalePoint or with Microsoft Identity Manager, the infrastructure cost is notably less.

With a project for Oracle Identity Manager, the implementation cost is along the lines of a year. If you have 10 connectors or eight connectors and you have workflows, the implementation cost will usually go from eight months to 12 months, minimum. Whereas if you implement a SAP solution or a product like SalePoint, the implementation cost or time is reduced from 12 months to eight months, or even six months.

Six to seven years.

Yes. First, the audit engine. They have not advanced their audit engines from where they started. In version 9.1 it was same issue on the JMS Queues. The audit engine was getting in to queues. I had two clients whose audit engine queue was more than a million. They were not able to process those records because the audit engine was taking too much time and the reconciliation and the amount of data which we used to import was huge.

And after getting in to a year of implementation or two years of implementation, UPA tables get to a stage where they are not able to process the records. We start getting timeouts while processing the records and Oracle was not able to troubleshoot the issue.

Second, is the availability. The moment you install Oracle Identity Manager, the biggest problem is system performance. Even if you go with 8GB or 10GB of RAM, eventually after a week or so, you need a restart for it to survive, even in production. You can see logs where things are failing and the server is responding very slowly.

These things happen often with Oracle but when you compare with SIM or SalePoint, you will not see the system usage or system CPU usage to that extent.

I have done implementations up to 150k. We were provisioning 20 connectors. To be very frank, the experience I had was provisioning and reconciliation was on the scheduler.

Nowadays, if you compare scalability with cloud-based solutions, where you can implement Oracle in a SAP solution, you can extend the scalability. It is auto scalable. But if you need to extend to one or more server, it's not possible. It's not easy in any client-based environment. Scalability is something which is not possible in Oracle or as simple as any SAP solution at the moment.

So there are pros and cons of cloud-based solutions. For cloud-based solutions, you can extend to where there is no issue on the performance. But the limitation is you can't customize everything based on the client's requirements. With Oracle, that was the advantage, but the scalability was still a concern. Until last year it was a concern.

There is the team which handles the incident. And any major issue goes to a second level and then there is an AT which comes into the picture when there is a major issue and your client has a platinum partnership with Oracle. So, in scenarios where you are getting involved with the level-one team or level-two team, they come up with bookish knowledge and they will ask you questions. For instance, for small issues they will ask with you thousands of parameters in your web logic or in your OIM or in your database. And eventually when things are not getting resolved, then we move it to level-two and then AT. And that is when you actually should get results.

One of my client's audit issues was happening from almost nine months. And my previous client was the biggest client for Oracle, a premium client for Oracle, but still they were not able to resolve the issue.

I have only worked on Oracle. For the last year I have not been getting any clients who are ready to implement Oracle. So, that's the challenge for me. That's why I moved from Oracle to other solutions.

Initial setup was very complex when compared to others. Oracle is way more complex than any other implementation. SalePoint and Microsoft Identity Manager are simpler.

If I rate the cost, Oracle is the costliest at the moment. And there is no competition around Oracle and other tools. Oracle is somewhere in millions while a product like SalePoint is much less. So, I am not sure how to rate it. From a service provider perspective, or custom integration perspective, clients are proposing Oracle. So, if I propose Oracle, the only friction I get is the cost. It's too much for the client. Any small client will not be happy to use Oracle at the moment.

If I had to pick an identity management team, I would definitely pick Oracle. It's my favorite. From an implementation point of view, being a developer, I still prefer Oracle over anything else. But if I look at the market and see where things are going, I would go with SalePoint at the moment. SalePoint, or if you have any SAP solutions, I would go with Okta.

Nowadays, what people do is they look for queries, they look for solutions on the internet and they implement them. That will take more time implementing because they don't understand what they are doing. They need to understand the tool before they implement any solution. This is something I tell my juniors as well who work under me. You can't just bypass the basics and get the solution and implement it.

So, if you talk about implementation aligned to the business, Oracle is best. The only tool which I can compare with Oracle at the moment is SalePoint. Other than that, there is no tool which can compete with Oracle from a business implementation standpoint, where it is aligned to the work flows, the customization, which we can do in Oracle.

Regarding performance, I have used SalePoint and it is better than Oracle. And infrastructure cost, which is aligned to the Oracle suite. There are so many things which you need to do on an Oracle implementation, whereas SalePoint is just a small plug-in which you can implement anywhere.

Oracle has lots of products, but our use cases for Oracle Identity Governance include user onboarding similar to what SailPoint is used for, for example, on AESOP, and certification. We also use it for access requests where end-users can go and request access, then we can provide user access or communicate the password to a user secretly. Oracle Identity Governance is where we can have the password portal and also provide role-based access.

What I like most about Oracle Identity Governance is that it is a very flexible tool. It allows you to do any customization on Java as it is built on Java and you can write any customization code using Java. I also like that Oracle Identity Governance is pretty much stable. In my company, there are a lot of users, so my company prefers this solution.

Pricing for Oracle Identity Governance could be improved. The setup process for the tool could also be faster.

I've been using Oracle Identity Governance for three years.

Oracle Identity Governance is a very stable tool. It has good stability and my company didn't see any issues with it.

Technical support for Oracle Identity Governance is good.

The initial setup for Oracle Identity Governance is not that straightforward. It takes time compared to setting up SailPoint.

Oracle has multiple implementation partners, so any client who wants to use Oracle Identity Governance can work with an implementation company, particularly one that gives the best service, in terms of installing or configuring the the tool.

Oracle Identity Governance is expensive.

I evaluated SailPoint.

My company is using Oracle Identity Management, now called Oracle Identity Governance.

Right now, I would not recommend Oracle Identity Governance because there are new and very good tools available in the market.

My rating for Oracle Identity Governance is six out of ten.

We are a solution provider and we help customers migrate to different platforms integrated with multi-factor authentication.

This product is used for the provisioning of devices that are used for different applications and users inside the enterprise.

This solution offers multiple features that are valuable. 

The most valuable feature is the set of out-of-the-box connectors. The connectors can be customized, and we do make use of several custom ones.

The cost of this product needs to be reduced. There are other modern IAM solutions that are available at a better price, and the use cases are very easy. It is cloud-based and it caters to the needs of an enterprise. For example, there are some features that we do not use, yet we still pay for them. In the past, there was no choice, but many options are now offered. 

Customization is not easy to do. For example, additional reports or modules are difficult to create in a timely manner.

We would like to see more support for public cloud services. 

We have been using this solution for approximately five years.

This is a stable product.

There is no doubt that this product scales well. It is a well-established product for enterprise users. One of our customers has an employee base of almost 30,000 people.

Technical support differs depending on the region. We have found that the turnaround time can be high, depending on what regional support we are dealing with. 

I have experience with several similar solutions, including Centrify.

We are currently exploring SailPoint and Saviynt and although no decision has been made as of yet, we might move to another platform.

In the past, I also worked with SiteMinder, but it did not have this level of depth.

The initial setup is complex and for a larger, enterprise-level customer, it becomes very complex.

The cost of support and upgrading to the next release are both expensive. We have an annual maintenance contract.

The suitability of this product depends on the organizational budget and plan, which includes the roadmap to having an IAM solution.

In summary, they are not great, but not poor either. My biggest complaint is about the costs.

I would rate this solution a six out of ten.

There are a lot of use cases. We use it to manage everything within the user interface, for example, direct access privileges.

It's a stable and scalable solution.

It's difficult to use, and we're planning to switch to another application. The administration tasks for business processes, workflows, and definitions could have been easier. There should be an easier way to do it than having a dedicated ID for all these tasks. 

The product design has some complications for doing some use cases. I would like to see easier onboarding of applications and easier ways to plugin the customization codes.

I have been using Oracle Identity Governance for about two years.

Oracle Identity Governance is a stable solution.

Oracle Identity Governance is a scalable solution. At present, we have around 10,000 users.

The initial setup is moderate. It's not very complex, but it's not very easy to do.

You need a consultant to install and deploy this solution. You also need four to five team members to maintain this solution.

The price is based on the number of users per year.

I would tell potential users that many other products are much easier to implement than this solution.

On a scale from one to ten, I would give Oracle Identity Governance a six.

Whether I need to request permissions for certain other business applications, I put in a request. Then I'm given permission.

You actually deploy it together with Access Manager. They work together. You may not even notice the difference.

There are two valuable features. One, I am able to request any access rights I need. I don't even need to talk to my manager. I just request, and he can see the request and approve or reject it and give a reason. It's all very clear. Two, the Self Service I get is great. I can reset passwords, whether I have forgotten them or just need to change them. I don't have to call IT to help me with the password resets. 

In terms of room for improvement, to be honest, I haven't considered anything. I don't have anything I can say about improvement.

It's a complex solution, so it will take time in terms of deployment. It is not that easily deployed. Maybe if they can make the deployment easier, that would be great.

From a technical point, maybe they need to share how the integration with privileged access management solutions works since they no longer have privileged access management. If they can properly support integration with the existing leading privileged access management, that would be great.

I've used the solution for a while. 

We do not have plans to increase usage. Usage is static. If the number of users increases, if more are hired, we may increase. It is just based on the organization. There is no plan to change to another solution. If the the number of users increases, we'll still have the same application, as it is licensed and not a monthly subscription. It is a perpetual license. There will not be any changes.

The initial setup is complex. It's not easy to deploy. They've tried to improve the onboarding process, however, they should continue to make it easier. 

We have a perpetual license. 

I'm an end-user.

Before you implement, ensure that your workflows are right. You need to ensure the structure of your business in terms of workflow and that the permissions and the roles are well-defined so that when you onboard Governance, it is only automating what you already have.

I'd rate the solution nine out of ten.

Our primary use case for this product is user access attestations management, from initial user account creation to privileged accounts management, including user provisioning, and self-service access. The complete lifecycle management tool enables accurate and efficient account provision. 

In the past, we had to manually create user accounts. Now, our identity management system automatically manages users' access privileges. All we need to do is send the orders through.

The most valuable feature is the flexible automation functionality which has optimized our user access privilege management. This has allowed us to create and delete user accounts more accurately and efficiently. This feature has enabled us to save time and resources needed to perform mundane manual tasks.

We are happy with the platform. We haven't identified a need or a specific point to be improved. As a matter of fact, we are looking at more creative ways to use the system for our identity management needs. I'm looking to purchase additional modules for our system.

It's stable.

The solution is scalable. We currently have around 200 or so users.

In my opinion, our experience with technical support has been a positive one so far.

The initial setup was a bit complex primarily because you have to create a connector for every system enabling connections across the network. This is not an observation in regards to the platform itself.

The full deployment took about a year and we only require two people for maintenance.

We implemented through a vendor. We hired a consultancy company to do the initial setup and implementation.

After purchasing the solution we only needed to pay for the implementation phase to build the connectors etc. and the annual standard licensing fee for support.

We are very happy with the performance of the platform.

My advice for anyone thinking about implementing this solution is to first consider the scope and make sure it's clear; the scope and the features that you want to implement. You need full visibility because the suite of features are complex and you have to be clear on what you want to implement.

On a scale of one to ten, ten being the best, I'd rate the product an 8 out of 10.