Oracle Identity Governance Reviews

Oracle Identity Manager is not in production yet. We are evaluating the product. There is a very strong motivation to get it out there into production and there is a need for it. Sooner or later, we will be doing it.

We need an application to allow role-based access. That is our next phase of implementation. We need to get there. Once our current engagements are completed, that will become our number-one priority. Right now, as I’ve mentioned, we are evaluating it. Apparently, it seems like it's meeting our requirements.

My pain point was while migrating my current user base. There is a certain point during that phase of the install where, if you get past it and make a mistake, there is no possibility of going back to a point before the mistake was done. If you cross that point, you have to start all over. That was my bad experience. I had to try it over and over to understand the point of failure. I had to do an install eight or nine times to get one right. After that, after I got my first install right, I learned that they have come up with a new mode of install called the LCM, life cycle management. That was pretty impressive. With the lessons I had learned before the LCM and with the new mode of installation, the LCM, I felt the install was, meaning the release, was done really well.

I have been using it for two years now.

Stability is as good as how you manage it. If it is in the hands of a bad administrator, it is only as good as how that administrator is.

As I’ve mentioned, we are still testing the waters. We haven't gone into experimenting how good the scalability is.

A certain team, the A-Team, is fantastic, but it's extremely difficult to reach out to that team. The last time I was in touch with them was a long time ago.

For the first year, I went around and around, and it never went anywhere. We had to escalate it so we could get our access to the right folks. There was also a learning curve, both for us and for the service techs out there who were handling my case. I think they're learning better than I am, because I'm spanned out across to other projects as well. That being their number one priority, I'm hoping that they ramp up at a quicker pace, so that, for the wider user base, it becomes a point of advantage.

Provisioning, Reconciliation, Identity Connector Framework, Sandbox Customization, Access Request Processing, SOA Integration for Approval Processes

Licensing

4 years

Oracle documentation provides comprehensive information about everything from development to deployment. If you follow the steps correctly, you won't have any issues. In case you miss some steps, you will get a fair amount of knowledge from the diagnostic logging.

No. The product is very stable.

No. The product provides a scalable enterprise identity management solution.

There is a huge community of Oracle Identity Managers from individual blogs to Oracle forums. You will be able to solve most of the issues with the help of this community. I never needed to interact with the technical team but I am not sure about others.

I have been using Oracle Identity Manager ever since I started working. I have not tried any other products.

I would say the initial setup was not very complex. The installation, design, development and deployment are all documented very well. Initially you will need to follow each and every step and later on you will understand why all those steps were necessary.

Oracle Identity Manager is a highly flexible and scalable enterprise identity management solution that is designed to administer user access privileges across a company's resources throughout the identity management life cycle, from initial on-boarding to final de- provisioning of an identity.

Oracle Identity Management - Pros: •Automates user identity provisioning and deprovisioning and enables organizations to manage the entire life cycle of user identities across all resources in the organization. •Oracle Delegated Administration Services: Provides trusted proxy-based administration of directory information to users and application administrators. •You can create access polices to manage users, e.g. modify, disable, delete, and unlock user accounts, passwords can also be changed for user accounts. •It can also be a means to conduct a comprehensive audit of user activities and their access privileges. •The Resource Management features, of the Administrative and User Console, enable you to manage resource objects for an organization or individual user. Managing resources includes the following activities: •Searching for and viewing the details of a resource •Disabling, enabling, and revoking a resource from users or organizations •Managing resource administrator and authorizer groups •Viewing, creating, and modifying workflows •Creating and managing IT resources •Creating and managing scheduled tasks Oracle Access Manager - Pros: •Oracle Access Manager provides Web-based identity administration and access control to web applications and resources running in heterogeneous environments. •Oracle Application Server Single Sign-On provides single sign-on access to Oracle and third-party web applications. •Oracle Enterprise Single Sign-On Suite, provides single sign-on for all applications and resources in an enterprise, without modification to the applications.

In my opinion it has no cons.Oracle Access Manager (OAM) mainly consists of two main systems 1.Oracle Identity Management 2.Oracle Access Manager Oracle Identity management enables enterprises to manage the entire life cycle of user identities across all enterprise resources, both within and beyond a firewall. An enterprise identity management solution can provide a mechanism for implementing the user management aspects of a corporate policy. Oracle Access Manager:

Access Management Oracle Access Manager stores information about configuration settings and security policies, that control access to resources in a directory server that uses Oracle Access Manager-specific object classes. You can use the same directory to store the Access System configuration settings, access policy data, and user data, or you can store this data on separate directory servers. Administrators can use the Access System to protect web resources and enterprise resources such as J2EE applications, servlets, Enterprise Java Beans (EJBs), and legacy systems. The Access System also supports both Web (HTTP) and similar types of data in non-Web (non-HTTP) resources. Using the Access System for security administration enforces your company's access security policies for Web applications and content; provides common security measures across multiple Web servers and applications; combines a centralized policy creation with decentralized management and enforcement; and enables granular control over security, across heterogeneous applications, as well as out-of-the-box integration with Oracle products, such as Oracle Portal, Oracle Collaboration Suite, and Oracle E-Business Suite.

The solution helps us to define roles and get people to specific tasks. From this point of view, it is an amazing tool. 

It is really hard to implement Oracle Data Manager because we have a lot security that we need to manage. We have a lot of security, so it is a bit difficult to implement, but it is still a good product. 

In Canada, we have some difficulty in getting training about this. They ask for at least five people in a class and we only have three people in our team. It's impossible to get the training. We register in Ottawa, but sometimes the class is canceled because we do not have enough people to take the course. 

We are learning a lot about the cloud, and I think that a cloud feature is being added this year. I am learning how the clouds can be used and the possibilities of using it. It's good for me to learn about these features.

We had some down time during the first release. We want to go to the next release. I spoke with the guys over there. It seems that it's easy to push the data that already exists in the new release. We will see. I think there will be more stability. We need to try.

The scalability depends on what you need to manage, the security needs, and the quantity of people.

I was not working on the installation. I'm just working on the part of development of plug-ins and doing Java because I am one of the Java developers. The installation does not seem too bad. I know some guys who are working to build it and put Java in place on all the servers and on all the connectors.

I'm new at this, but I know that the tool is working. I'm not sure if the problems are coming from us or from the implementation itself. We need to balance the complexity versus the quantity of users and the way that we manage all the connectors. 

Governance feature

• Security
• Online resources

• Security
• Mobile app

Five years.

Yes we did have issues with deployment.

Yes we did have issues with stability.

Yes we did have issues with scalability.

Customer Service:

6/10.

Technical Support:

5/10.

Yes, a customer used a different solution. We switched because the new solution can cover/manage most of the in-house systems/suites of apps.

Very complex due to the different sub-components.

Yes, we implemented with the help of vendor team support. Their level of expertise was about 7/10.

Short term, it was great but longer term, it became an issue.

Do a traceability and survey on what you need in the next 5 years, 10 years, etc.

I supported the product, and the customers using it globally. I was the technical support for it.

The most important feature is the connectors. Without the connectors, it can do nothing.

Also, auditing is a very good feature.

One of the areas that need some improvement with Oracle specifically is the ease of implementation. That is what is complicated.

The stability could be better.

I've been working with the Oracle identity management products for a very long time, and I started with Governance many years ago. It was Oracle Identity Manager then, and now it's Oracle Identity Governance. I was also managing the support team for the cloud services for IDCS.

We are using the latest version, I believe it is version 12.2.04.

I have been using them since the very beginning.

Once it is up and running it's okay, but it has many bumps.

They are always putting out fixes, but it's hard to get implemented without patching, so it's not great.

It's a scalable solution and it can easily be scaled.

The size of our customers' companies varies. 

I was the technical support.

I managed the entire team globally, along with other managers.

I was the global lead for Identity Governance.

The initial setup is complex.

It's a multi-tenant system integrated into a customer's environment. The entire process is more difficult than it needs to be. They have made improvements but it is still complex.

The number of people required for the deployment and implementation varies based on the size of the implementation. The implementations go from very small up to both wide enterprise-wide and serving external customers.

We have had customers who required a couple of people up to an entire team supporting them.

It really does depend on the size of the implementation but it does take more than a couple to manage it. It is not just the Governance, it's the setup of the app and the integration with all of the other applications with the directory. 

It requires a few people to keep it up and running.

My advice is to train the teams on identity management concepts and the Oracle solution specifically. Have them take advantage of all the training that's available, and plan the implementation in phases.

It has good features but it's complicated. I would rate Oracle Identity Governance a seven out of ten.

The ability to customize operations, unlike other products like Tivoli and, perhaps, NetIQ. I think Oracle Identity Manager provides a lot of flexibility to customize solutions, especially in the field of organizations, where you have X amount of applications to manage.

It basically manages the identity and lifecycle of every user in the organization. It helps provision the required accesses through policies, approvals, and whatever would be the business requirement. That's the most beneficial feature of this tool.

I would like to see more segregation managed through Oracle Identity Manager.

Yes. Every product has its drawbacks, and this one too has some stability issues. For these, either you could follow regular performance tuning, patch a bridge, or maybe use ESLs with Oracle.

It seems scalable. My client has 30,000 applications and I think a lot of them are already using this tool. I remember putting in an application where 20,000 entities needed to be onboarded and it managed itself.

My contacts with them have been very poor in terms of resolution and complication. I would not give them more than a five out of 10.

No, I did not.

It was straightforward. One or two complications. Some were resolved, some were not resolved, and some were self-resolved. So I would not say I'm entirely happy.

Not really. I did not evaluate other options.

If you have a large scale organization, then this is the right product because it gives you a lot of opportunities to do customization and custom development. These are very much required when you have a big organization with different kinds of applications; some which are outdated, some which may not get the required support in the market.

I think their latest version has actually improved this product a lot in terms of functionality, performance, and features. There are some features the new release has which our old customers were looking forward to.

This solution is for single-sign-on. We are trying to extend that feature to include other enterprise applications.

The user-level management has improved when you have this solution in place. It's very difficult for us to manage the user access at the corporate level. It is a 24/7 job and we are global with multiple locations. We have user groups who manage all user access on the global level. That is easier to do with Oracle Identity Management in place.

I would like to see it expand to other applications as well. There are certain non-Oracle applications where the integration might be difficult. It would be good if that integration could be simplified.

The solution is stable.

It is scalable as we expand into other applications. You need to fine-tune in some areas when expanding and maintaining the application.

In this area, I don't see great support. There are a few guys we know in the Oracle support group, so we can escalate a case if they are there. The issue can then be resolved fast. It would be good if more of the team members could catch up to that level.

This installation is straightforward. A lot of documentation is available from the Oracle website. We were able to implement this in-house, without spending too many dollars. I think it is pretty good.

It is a great product. There may be some issues during setup, but once it’s stabilized, it's a perfect product.