Oracle Identity Governance Reviews

Scalability.

• Ease of use (updating entries)
• Backup strategy

Based on what I have read in its OIM Service Manual and seen as a user with admin rights, the product certainly has a lot of capabilities and promise on identity and access management. However, I have yet to see its full functionality exercised in my organization.

It has improved my organization tremendously. When compared to its introduction five years ago, OIM in my organization has improved its use and dependability, allowing us to pass audit each time.

The proactive controls which can be configured to a granular level allowing the organization the flexibility to meet the changing demands of the workforce.

Reconciliation exceptions. Automation of validation exercises performed by humans over Recon Exceptions generated as a result of an access synchronization event over a user's need for access or not.

• The automatic user management lifecycle with role-based features is great.
• It is also an application that makes it easy for on-boarding, automatic access privilege, and single sign-on with internal as well as external applications.
• It also has enough flexibility to unify the access management needs of any organization into one place.

It has allowed us to integrate multiple applications in one place. From there, we can manage all application access controls with many available features.

There were issues when we deployed it, though Oracle helped us resolve them. Also, there can be stability issues if the requirements are not all integrated appropriately.

We have been using this for the last five years.

We had issues that Oracle helped us to resolve.

No, we did not have any issues with stability, but it depends on how your system is integrated. If all requirements are integrated correctly, there should not be any issues with stability.

We have had no issues scaling it for our needs.

In our experience, I would rate customer service as a seven out of 10.

In our experience, I would rate technical support as an eight out of 10.

The ability to customize operations, unlike other products like Tivoli and, perhaps, NetIQ. I think Oracle Identity Manager provides a lot of flexibility to customize solutions, especially in the field of organizations, where you have X amount of applications to manage.

It basically manages the identity and lifecycle of every user in the organization. It helps provision the required accesses through policies, approvals, and whatever would be the business requirement. That's the most beneficial feature of this tool.

I would like to see more segregation managed through Oracle Identity Manager.

Yes. Every product has its drawbacks, and this one too has some stability issues. For these, either you could follow regular performance tuning, patch a bridge, or maybe use ESLs with Oracle.

It seems scalable. My client has 30,000 applications and I think a lot of them are already using this tool. I remember putting in an application where 20,000 entities needed to be onboarded and it managed itself.

My contacts with them have been very poor in terms of resolution and complication. I would not give them more than a five out of 10.

No, I did not.

It was straightforward. One or two complications. Some were resolved, some were not resolved, and some were self-resolved. So I would not say I'm entirely happy.

Not really. I did not evaluate other options.

If you have a large scale organization, then this is the right product because it gives you a lot of opportunities to do customization and custom development. These are very much required when you have a big organization with different kinds of applications; some which are outdated, some which may not get the required support in the market.

I think their latest version has actually improved this product a lot in terms of functionality, performance, and features. There are some features the new release has which our old customers were looking forward to.

The best part of Oracle Identity Manager is how well it will align to the business. There are features that are more generally required by business and you can easily get them with Oracle Identity Manager. If you compare it with Azure, with the latter you need to do customization and there are a lot of limitations in each of the tools. The connectors we have for Oracle Identity Manager are good, so you don't need to do custom connectors and all.

When I joined my project, they had been using a meta directory for identity management and application provisioning. There were around 150,000 active accounts, out of which many were redundant. They had left the organization 10 years ago. They were still active and they were paying for the maintenance of those accounts on a monthly basis. And there was no data clarity. So the moment we on-boarded Oracle Identity Manager, we started data cleansing, and started to do unmanaged account reconciliations.

With the help of support, we were able to reduce the cost of every identity which was active and was not in the organization.

One thing is the size of the infrastructure that is required for Oracle to implement. In addition, the maintenance cost and pricing.

With an Oracle implementation, we need to have a high availability of infrastructure where you need a minimum of four servers. Compared to SalePoint or with Microsoft Identity Manager, the infrastructure cost is notably less.

With a project for Oracle Identity Manager, the implementation cost is along the lines of a year. If you have 10 connectors or eight connectors and you have workflows, the implementation cost will usually go from eight months to 12 months, minimum. Whereas if you implement a SAP solution or a product like SalePoint, the implementation cost or time is reduced from 12 months to eight months, or even six months.

Six to seven years.

Yes. First, the audit engine. They have not advanced their audit engines from where they started. In version 9.1 it was same issue on the JMS Queues. The audit engine was getting in to queues. I had two clients whose audit engine queue was more than a million. They were not able to process those records because the audit engine was taking too much time and the reconciliation and the amount of data which we used to import was huge.

And after getting in to a year of implementation or two years of implementation, UPA tables get to a stage where they are not able to process the records. We start getting timeouts while processing the records and Oracle was not able to troubleshoot the issue.

Second, is the availability. The moment you install Oracle Identity Manager, the biggest problem is system performance. Even if you go with 8GB or 10GB of RAM, eventually after a week or so, you need a restart for it to survive, even in production. You can see logs where things are failing and the server is responding very slowly.

These things happen often with Oracle but when you compare with SIM or SalePoint, you will not see the system usage or system CPU usage to that extent.

I have done implementations up to 150k. We were provisioning 20 connectors. To be very frank, the experience I had was provisioning and reconciliation was on the scheduler.

Nowadays, if you compare scalability with cloud-based solutions, where you can implement Oracle in a SAP solution, you can extend the scalability. It is auto scalable. But if you need to extend to one or more server, it's not possible. It's not easy in any client-based environment. Scalability is something which is not possible in Oracle or as simple as any SAP solution at the moment.

So there are pros and cons of cloud-based solutions. For cloud-based solutions, you can extend to where there is no issue on the performance. But the limitation is you can't customize everything based on the client's requirements. With Oracle, that was the advantage, but the scalability was still a concern. Until last year it was a concern.

There is the team which handles the incident. And any major issue goes to a second level and then there is an AT which comes into the picture when there is a major issue and your client has a platinum partnership with Oracle. So, in scenarios where you are getting involved with the level-one team or level-two team, they come up with bookish knowledge and they will ask you questions. For instance, for small issues they will ask with you thousands of parameters in your web logic or in your OIM or in your database. And eventually when things are not getting resolved, then we move it to level-two and then AT. And that is when you actually should get results.

One of my client's audit issues was happening from almost nine months. And my previous client was the biggest client for Oracle, a premium client for Oracle, but still they were not able to resolve the issue.

I have only worked on Oracle. For the last year I have not been getting any clients who are ready to implement Oracle. So, that's the challenge for me. That's why I moved from Oracle to other solutions.

Initial setup was very complex when compared to others. Oracle is way more complex than any other implementation. SalePoint and Microsoft Identity Manager are simpler.

If I rate the cost, Oracle is the costliest at the moment. And there is no competition around Oracle and other tools. Oracle is somewhere in millions while a product like SalePoint is much less. So, I am not sure how to rate it. From a service provider perspective, or custom integration perspective, clients are proposing Oracle. So, if I propose Oracle, the only friction I get is the cost. It's too much for the client. Any small client will not be happy to use Oracle at the moment.

If I had to pick an identity management team, I would definitely pick Oracle. It's my favorite. From an implementation point of view, being a developer, I still prefer Oracle over anything else. But if I look at the market and see where things are going, I would go with SalePoint at the moment. SalePoint, or if you have any SAP solutions, I would go with Okta.

Nowadays, what people do is they look for queries, they look for solutions on the internet and they implement them. That will take more time implementing because they don't understand what they are doing. They need to understand the tool before they implement any solution. This is something I tell my juniors as well who work under me. You can't just bypass the basics and get the solution and implement it.

So, if you talk about implementation aligned to the business, Oracle is best. The only tool which I can compare with Oracle at the moment is SalePoint. Other than that, there is no tool which can compete with Oracle from a business implementation standpoint, where it is aligned to the work flows, the customization, which we can do in Oracle.

Regarding performance, I have used SalePoint and it is better than Oracle. And infrastructure cost, which is aligned to the Oracle suite. There are so many things which you need to do on an Oracle implementation, whereas SalePoint is just a small plug-in which you can implement anywhere.

The solution helps us to define roles and get people to specific tasks. From this point of view, it is an amazing tool. 

It is really hard to implement Oracle Data Manager because we have a lot security that we need to manage. We have a lot of security, so it is a bit difficult to implement, but it is still a good product. 

In Canada, we have some difficulty in getting training about this. They ask for at least five people in a class and we only have three people in our team. It's impossible to get the training. We register in Ottawa, but sometimes the class is canceled because we do not have enough people to take the course. 

We are learning a lot about the cloud, and I think that a cloud feature is being added this year. I am learning how the clouds can be used and the possibilities of using it. It's good for me to learn about these features.

We had some down time during the first release. We want to go to the next release. I spoke with the guys over there. It seems that it's easy to push the data that already exists in the new release. We will see. I think there will be more stability. We need to try.

The scalability depends on what you need to manage, the security needs, and the quantity of people.

I was not working on the installation. I'm just working on the part of development of plug-ins and doing Java because I am one of the Java developers. The installation does not seem too bad. I know some guys who are working to build it and put Java in place on all the servers and on all the connectors.

I'm new at this, but I know that the tool is working. I'm not sure if the problems are coming from us or from the implementation itself. We need to balance the complexity versus the quantity of users and the way that we manage all the connectors. 

OIM contributes majorly to simplifying the user management and role management capabilities of corporate users (employees, contractors, partners, and customers) from regulatory compliance requirements by enabling least privileged access.

• Provisioning workflow
• Accessing policies to automate provisioning requirements
• Identifying lifecycle management
• Identifying connector framework for unifying provisioning capabilities from OIM

This applies to the latest version of OIM support in WebLogic and WebSphere application servers only. It would be great if the Oracle Fusion Middleware team worked on making it compatible with other application servers, as it exists in OIM9.x.

No issues were found related to stability.

OIM is the right product and it is a good fit for enterprise deployments. There are no issues related to scalability, as long as it was configured as per Oracle enterprise deployment guidelines.

Customer Service:

I would give customer service a rating of six out of 10.

Technical Support:

I would give technical support a rating of six out of 10.

Depending upon requirements, it takes 10 days to three months to set up an environment.

We have been able, after eight months of coding our own Java classes, to implement a Joiner/Mover/Leaver process.

I won't lie to you. Since we didn't have an IDM, the idea of an IDM and all of its functionality has been valuable.

Most areas need improvements, all the way from the GUI to core functionality, logging, traceability, configuration, and bugs causing crashes. I don't know where to start. It is too complex, has too many bugs, and is an immature product, even the best case, beta version.)

One of the 5-6 consoles (Design Console) is a blast from the 1970's. It crashes constantly. The vendor is aware of it, but has stated that this is not a priority for them to fix.

There were no issues with scalability.

I would rate technical support as the worst. We have had constant meetings with them to follow up on our tickets. If you don't ask them for an update on a daily basis, they will not work on your case. Our average solution time is six to eight weeks, and this includes production issues. I have waited eight months for an answer, and the answer was, "If it fails when you do that, then don't do it."

We used an ETL-engine to push users earlier. It didn't have any "IDM functionality" so we switched to what we though was the best solution available.

I dare you to get an installation up and running in a PoC environment in less than a week. In my opinion, if you haven't done it before, you can't do it in less time.

Don't use it! Find something else. Ask me for advice. We are currently switching to another vendor/product.