Oracle Identity Governance Reviews

I am currently working on Oracle Identity Governance and Oracle Access Manager (OAM), as I am specialized in the IAM sphere and working on these two particular products from Oracle.

I have implemented Oracle Identity Governance and Access Management products since 2009. In 2009, we initiated the project and I worked on it until 2020. Then I left and worked on other products such as SailPoint, Okta, and others. Now I am back to my original project with the previous client, as they called us back. They wanted to do a migration from Oracle 12c to Oracle 14c, and this is what we are currently doing. To give you an idea, it has been about 12 to 13 years that I have been involved in this, with a quick break from 2020 until 2025.

Definitely deployment and customization are valuable features. As you go down the line, you would need to develop workflows, and developing workflows would require good knowledge of the Oracle development framework. Oracle has their own development framework that comes along with the product, and that brings some complexity down the line to develop and maintain. Oracle Identity Governance is a very complete product. The positive aspect is that you have both modules: the Identity Governance and the Access Control, the Access Management. That means that the advanced authentication, the analytics, and all of that is there, making it a complete product. It works well with the different modules they have to cover a large space of functionalities in the IAM world. It is quite a complete product, but it is quite complex to implement and to maintain. It is very heavy. Sometimes, with lots of customization, that has made the interface quite slow compared to other products where you could do the same customization and still have something much more reactive.

I just delivered, maybe two months ago, an automation of the onboarding of applications to make it self-service. I exposed some APIs to automatically onboard applications in self-service mode. Any application can come and subscribe and onboard automatically with their own details. You just need to fill in the details on a web form and then that would help you to automatically onboard the application.

The reporting is something we are using extensively. Audit, we are using on a per-need basis.

Self-service password reset (SSPR) is definitely a good feature and it is similar to any other product that is offering SSPR. I would not say it is unusually better than any other, but it does bring the benefit that other products that have the same SSPR functionality offering.

I would describe the installation of Oracle Identity Governance on-premises as quite complex. Very complex. To install the product, it took us maybe three or four days to get it up and running just to go through the installation procedures. I repeated the same exercise in 2017 because I also migrated from 11c to 12c. That was the migration in 2017 that I managed. The migration took a long time. It took two to three years to be able to literally migrate all the code that I had. So it was quite complex. To summarize it quickly, I would describe the product as complete, very powerful, and very capable. However, it is extremely complex because Oracle relies on their own framework to customize and develop and fine-tune the functionalities. It is not Java, it is not some public framework. It is Java-based more or less, but it has their own Oracle framework for development and that makes the product quite complex to harness.

It has been about 12 to 13 years that I have been involved in this, with a quick break from 2020 until 2025.

I do have dedicated support called the PUMA support, and they are providing excellent service. This is something that is very dedicated. This is not something that I would rate the general Oracle support on. I am rating here a very specific support that is part of the program called the PUMA support from Oracle. That is quite positive.

If I need to go back to the details of 2009, initially, technically I chose Sun Identity Manager (Sun IDM). That was the technical choice that I recommended for the client. The only thing is that a year or two later, Oracle purchased Sun Identity Manager. They purchased the Sun organization as a whole, and then they inherited Sun Identity Manager. I operated Sun Identity Manager for a while, and then that later translated to Oracle Identity Governance.

It was a team of about seven to eight people.

I did implement a project on Okta Workforce that was terminated about two years ago. For the last two years, I have been working on Oracle products, still in the IAM sector. I have changed products, and the recent project that I have been working on was related to Oracle rather than Okta. I still have some minor feedback from the previous project that I implemented on Okta Workforce, but I am not currently involved in any Okta Workforce implementation.

It is rather a recommendation that I have, not a partnership.

I would rate Oracle Identity Governance a six because of complexity. Even though they have the ability to deliver and to execute, it is very monolithic and falling slightly behind compared to other products that are now built on microservices and are able to deliver much better and much easier results. I rate this product a six overall.

To streamline User Management/Authentication and to control Access to Applications/Resources. Oracle provides rich features and implementation of selective features has been carried out as per business/project requirements. 

In Telecom operations, Oracle access manager was integrated with Oracle Siebel, BVS (Bio-metric Verification System), Areba/SAP, Oracle EBS, AD, MS Exchange and lately with Oracle Fusion Cloud. Since Weblogic is integral part / prerequisite for this deployment, software based load balancing for web based services/traffic. Application rights for franchises (8-10K users) was also part of the objective. This included HR resignation queries, stale user audits, password management, suspension, restoration, creation, deletion etc. 

A utility sector involved Two Factor authentication/OTP, role management, user automation (provisioning, deletion, self-service (OIM) with Oracle EBS - integrated with LDAP - leveraging workflows for on-boarding and off-boarding. There are third-party connectors for some applications in use as well. 

In financial sector, there was integration with existing IBM application AS/400, some disconnected (no DB) applications. One objective was more than 30K User profiling/automation, AD Integration, user lifecycle management with Application Access control). Self-Service portal/dashboard, DBAT/Connectors, workflows development, Single-Sign On and Multi-factor authentication. 

Analytical Server was also part of deployment used by customer that gave full insights into the user access and rights and activities.

Automation/User (internal, remote, call-center) / application lifecycle management removed load from IT administrators or Application administrator & HR staff. 

Comprehensive reporting capabilities, tracking users, user actions against assigned applications (what, when, who). Policy enforcement/implementation/auditing becomes easy.  

Adaptive risk management (AI) may be another feature to look for in near future.

Direct comparison of OIG/OIM/OAM would require several factors to count in. Other than being excellent product, it would be more convenient to have more 3rd party integrations/connectors available for main stream applications (or even databases) that require less development with frequent certifications/version updates (though this cannot be avoided altogether).

Single Interface/same screen would be handy. 

We have not use the product for analytics for anomaly detection, as we had a blend of different products, and identity management wasn't used particularly for this purpose.

Oracle suite provides comprehensive Governance The scope of the identity management or Oracle IDM/IAM/OID/OIG is vast, and while we've implemented/evaluated 30-50% of its features, it's not done at full scale to include full-fledged governance/compliance.

It is very stable, with no latency problems or glitches.

It is scalable and supports high-availability

I am happy with the technical support from Oracle, it has very good support.

Positive

In terms of pricing and setup cost for Oracle Identity Governance, it can be affordable (depends on the discounts you get and your needs). Since it is enterprise product, Its implementation can become expensive If you want to implement it at full scale with very large set of diverse applications. However, it is modular and licenses can be chosen based on the business needs. 

For the product rating of Oracle Identity Governance as a reseller, I would rate it eight out of ten.

The major use case for Oracle Identity Governance is user onboarding, the whole user lifecycle management, joiners, movers, leavers process, provisioning, the implementation of segregation of duties, and access review certifications.

The automated onboarding feature helps to streamline user access management in general as it is easily connected based on a trusted source, such as Oracle EBS or any other trusted source, and you can automate the whole user lifecycle management.

Self-service password management reduces help desk calls, as users can update their own password after the first login or based on business requirements such as password policy and reminders for expiration, mostly 90 days, and complexity can be managed through Oracle Identity Governance.

The reporting function and Identity Audit function help with compliance, as they provide access review certification, segregation of duties, and a reporting feature, allowing you to view how many users are getting what kind of access, and you can track if their access is being removed timely or not through this functionality in Oracle Identity Governance.

I see areas for improvement, as they need to introduce more connectors; they have around 20 plus connectors currently but can improve in that area.

The only thing bothering me is the connectors, as they have the potential to enhance the number of connectors, allowing integration of a large number of applications. Without them, if an application doesn't have a connector, you can build an ICF connector, which Oracle supports. Oracle Identity Governance gives functionality to enhance this by allowing you to write custom code to integrate applications through ICF connectors or adapters.

I see some big differences between Oracle and other vendors. For SailPoint, it is lightweight, while Oracle Identity Governance is a thick, heavy application and has fewer application connectors compared to SailPoint, which offers a large number of out-of-box connectors, making integration easier.

I have been dealing with the product for four plus years.

It is stable.

The solution is highly scalable.

The technical support from Oracle is excellent.

Positive

I have worked with something similar to Oracle Identity Governance as I have done POCs for some other clients, specifically for SailPoint.

The installation is not straightforward. You have to go through the documentation, first installing the Fusion Middleware, then Oracle Identity Governance, followed by installing SOA, the RCU, and running configurations, so it requires experienced people.

It is able to save time and money as everything is automated: user access provisioning, password policy management, and reporting. It definitely reduces human effort, so it saves money.

Whether Oracle Identity Governance is affordable or slightly expensive depends on the category. For a small-scale company or organization, I don't think it will be useful, but for a large-scale enterprise, it's beneficial because it covers many functionalities such as self-service, automated access provisioning, de-provisioning, and reporting, so you don't have to get different software as everything comes in one product.

The biggest advantage of Oracle Identity Governance is its comprehensive functionality. However, I believe the connection is not very stable.

My client is purchasing it directly from Oracle, not through marketplaces such as AWS.

On a scale from one to ten, I rate Oracle Identity Governance a ten.

Neutral

I primarily use Oracle Identity Governance for identity management in my organization's customer operations.

The features I find most effective in Oracle Identity Governance include size and scale management, which is good for large organizations. It also impacts security portions and compliance. However, its architecture design is outdated, which causes challenges in solving modern world problems.

The solution requires too much infrastructure and should be less code-heavy. It should have more automatic deployments and automatic configurations. Incorporating AI to reduce manual work would be beneficial.

I have been using Oracle Identity Governance for six years.

Stability is an issue. I would rate it a four, indicating that it's somewhat unstable.

The technical support is not good. The team is not very knowledgeable and takes too long to respond. I would rate their technical support a six out of ten.

Neutral

The setup process required a couple of weeks and involves many resources, making it complex.

The installation was carried out by my team of specialists, which consists of twenty-four engineers.

The financial benefit or return on investment after implementing Oracle Identity is not much. The operational expenditure is high.

They sell the solution cheaply, but setting up and maintaining it becomes very expensive. The initial pricing becomes insignificant due to high ongoing expenses. 

Overall, I would rate it a five out of ten in terms of cost-effectiveness.

I also work with other vendors like SailPoint and CVN.

I would not recommend Oracle Identity Governance to others since its architecture and design do not solve modern world problems effectively. 

I would rate the overall solution a four out of ten.

Speaking about the tool's most valuable feature is something which is very difficult to say but if I go to SailPoint and Saviynt, I can say that RBAC, or role-based access control is the most reliable feature.

Upgrading and making changes to the product is very difficult. It is difficult when you are upgrading the product because sometimes you cannot directly upgrade from one version to another version. You have to go to the lower version and then upgrade to the higher version, which is the biggest drawback of Oracle products.

There are no additional features in the tool currently, and it has been the same for the last ten years. I want to see AI features in the tool so it becomes easy for implementers. There should be a change in the installation and deployment part, which is very heavy, due to which the team requires a lot of time, like two to three weeks. It should be easy to implement the tool in two or three days.

I have been using Oracle Identity Governance for thirteen years. I recommend the tool to my company's customers.

The solution's technical support is excellent. It is easy to escalate a problem if we do not get any response from the support team. The support team is very knowledgeable, and they help the implementation team easily overcome all issues. I rate the support a nine out of ten.

Positive

The product's initial setup phase is difficult compared to other tools. If I speak about other tools, many of them are very easy to implement, but implementing Oracle might take one to two weeks. If you talk about other products, some might take one or two days.

I help our company's customers with the implementation.

Two to three people are required during the implementation phase, depending on the requirement and the level of customization. If no customization is needed, two developers are sufficient. As customization increases, requirements increase, and the number of developers involved will also increase. Everything is totally dependent on the client's budget and timeline. Before any product, we go for RLS, after which we decide how many developers will be there.

Lots of customized requirements, which cannot be achieved by the other products. When clients went for the other tools also, like SailPoint and Saviynt, due to the restrictions and due to the very little space for customization, they opted for Oracle product, where you can implement anything you wish for as it gives developers the full freedom so that they can implement anything the client requires. It might take time, but every client's requirement can be implemented in Oracle. If you go for the other tools, there are limitations, which may cause some customizations to not be done. I have seen very large banking and finance customers who have lots of complex requirements regarding the roles, entitlements, and applications, and it was achieved using only Oracle, not the other tools.

Price-wise, the tool is a little bit costly. If you are going for the short term, like one year or two years, the tool is very cost-effective. The only problem with Oracle is that the implementation cost is too high compared to the other products. The tool's licensing cost is almost the same as your other tools, but the implementation cost is high because implementing a full-fledged product for the client takes more than five to six months. For other products, the implementation can be done in one month or two months.

How the tool streamlines user access control in our customer's organization is something that totally depends on how the customer wants it. There is a two-way access or request list. Access control is managed by two-way access, and if we talk about the application access, it i s managed by either zero sign-on or single sign-on.

Integration with the target application exposes multiple ways of integrating the applications for the single sign-on. Also, it is easy to use third-party governance like a fingerprint or a face scanner, as it is easy to implement them in a single sign-on. If we talk about Saviynt, I would say it is a good product, but Oracle Identity Governance is better than any other solution.

Role change is like RBAC and request-based, so it totally depends on the client and how they want the product. If they want the role changes or the department changes or anything to happen, all the major changes take place after a role or a department of the user change, and still, it can be easily managed with Oracle products. Role is something the role of the entity or the role assigned to the identity.

Upgrading and making changes to the product is very difficult. It is difficult when you are upgrading the product because sometimes you cannot directly upgrade from one version to another version. You have to go to the lower version and then upgrade to the higher version, which is the biggest drawback of Oracle products.

Currently, there is not much AI in the tool, but Oracle is planning to go for it and it is expected to be released in 2026.

I recommend the tool to others, especially if the customers have the complex requirements. If there are no complex requirements, I will suggest such people go for the Saviynt or SailPoint.

I rate the tool an eight out of ten.

Our older version of Identity and Access Management (IAM) is complex, while Salesforce and Avid use Connect Identity Governance for easier configuration and less coding. 

Compared to OIG, the cost is a big consideration, as Oracle Identity Governance (OIG) requires a larger team and infrastructure.

Oracle Identity Governance comes with Oracle Fusion Middleware, which includes Identity Manager, Access Manager (OEM), connectors (Service Bus), workflows (SOA), and directory services (OID, OUD, OVD). This entire package is costly, so smaller organizations might not prefer it.

Role-based access control (RBAC) has been crucial for role-based management in my current company. Granular access restrictions based on role-based policies were beneficial.

Moreover, Oracle Identity Governance's interface is user-friendly when managing identities. It is not that easy, but it is moderate. 

Identity governance isn't a specific process; it encompasses the entire user lifecycle management.

Oracle has the older version of Identity and Access Management (IAM), while SailPoint and Saviynt have come up with easier configurations and less coding. The cost of Oracle Identity Manager is significant, even compared to SailPoint or Saviynt, and might only be considered by the banking sector due to their larger budgets and teams. A team is also required for Oracle, increasing overall costs. Soma keeps costs down. So, Oracle is mainly about cost.

Moreover, this product currently uses a complex and old implementation. They need a single, user-friendly console for easy configuration.

The Active Directory Services (ADS) integration needs improvement. They should offer non-Java coding options and simplify mapping.

I have been using this solution for three to four years now. 

Stability is good.

Scalability depends on the administrator. At the time, it was around 40,000 to 50,000.

SalesPoint, Saviynt, Microsoft Enterprise, NetIQ, Tivoli, or Oracle Identity Manager - they all do the same things functionally. 

However, the ease of use, configuration, and licensing costs differ.

The initial setup is complex.  It involves installing directories, configuring keystores, mapping, agent installation/configuration, and more.

A consultant is usually needed.

The licensing is expensive.

Overall, I would rate the solution a five out of ten. If you're familiar with Oracle Identity Governance, you can easily transition to other IDM tools because of its complexity. But once you understand it, you'll grasp the concepts well.

Oracle Identity Governance is typically used when an employee joins the organization, especially for employee onboarding processes. This includes automating the onboarding process when an employee joins the organization and automatically changing roles and responsibilities in applications when an employee changes departments. When an employee leaves the organization after the exit process, Oracle Identity Governance can automatically de-provision or deactivate their accounts across all applications.

The most valuable feature in Oracle Identity Governance is user provisioning and de-provisioning.

The user-friendliness of Oracle Identity Governance can be improved compared to other products. Also, though feature-wise, Oracle is good, other products offer better user-friendliness.

In terms of additional features for the next release of Oracle Identity Governance, there is potential for more cloud-native applications to be included, making integration with other applications easier. Currently, the solution does not have strong cloud integration capabilities. However, Oracle offers another product, Oracle Identity Cloud Service, specifically for cloud applications. Combining these two products into a single platform could offer a more cost-effective solution for customers.

In our company, we are working on Oracle Identity Governance. We take care of implementing the solution in Bangladesh, Sri Lanka, and many other places. It is a good solution with which I have worked for ten years. My company has a partnership with Oracle.

In terms of stability, I rate Oracle Identity Governance a seven out of ten due to some reported issues with the solution's stability. This is because Oracle's support is not as strong as its competitors in the market.

Scalability-wise, I rate this solution a nine out of ten. Oracle Identity Governance is a scalable solution, without a doubt. Oracle Identity Governance is a solution primarily designed for medium to large-sized companies and unsuitable for small companies. The solution is suitable or reasonable for a company with an employee size of more than 250.

For instance, if a stability issue arises and Oracle support is needed, their response time is often slow, which can prolong the time it takes to resolve the issue. Oracle has fewer engineers dedicated to this domain than its competitors, such as SailPoint and Okta, who have dedicated engineers for their products. Unfortunately, Oracle does not have the same level of dedicated resources for their solution.

The initial setup process for the solution is complex, requiring an organization to engage a system integrator (SI) to implement it. Not just for Oracle Identity Governance, but also other Identity Governance solutions in the market require an SI for integration.

Depending on the requirements, the solution can be deployed either on the cloud or on-premise. So, the same solution can be deployed in either of the environments. In addition, Oracle offers another solution called Identity Cloud Service, which is a cloud-native application available as a SaaS platform. This is known as Oracle IDCS. When you want to deploy Identity Governance in a cloud, you have to go as Infrastructure as a service (IaaS). So, you cannot go with Software as a service (SaaS).

Oracle Identity Governance is an expensive solution. On a scale of one to ten, where one signifies a high price and ten signifies a low price, I would give this solution a rating of one.

After comparing Oracle Identity Governance with its competitors, such as SailPoint and IBM Tivoli Identity Manager, I have found that the core functionality of these solutions is essentially the same. While the platforms may differ slightly, they offer almost similar features. So, in summary, these solutions are all quite similar.

I can recommend Oracle Identity Governance to individuals working in the telecom domain and banking users. It is also a product that is a requirement for compliance processes. Overall, I rate this solution an eight out of ten.

My clients use Oracle Identity Governance for lifecycle management on different products. My company developed connectors to get feedback about this governance solution for clients in terms of managing the user lifecycle for any product.

The most valuable feature of Oracle Identity Governance is user lifecycle management. Certification is also a valuable feature of the solution. Oracle Identity Governance allows you to assign who has access to what, which is its basic feature.

Oracle Identity Governance, particularly version 12c, can handle multiple scenarios, but for a regular user, I found the use cases not that extensive, so this is an area for improvement.

The implementation process for Oracle Identity Governance is also a bit more complex than how you implement competitor products, and this is another area for improvement in the solution.

Technical support for Oracle Identity Governance also needs some improvement.

Another area for improvement in Oracle Identity Governance is its documentation. Currently, it's lacking when compared to SailPoint.

What I'd like to see in the next release of Oracle Identity Governance is a bit more scope for AI-based Identity governance. If the solution has built-in intelligence, that will give it more leverage. Another feature I'd like to see in Oracle Identity Governance in the future is the option for managers to provide access to others via mobile devices or phones.

I've been implementing Oracle Identity Governance for more than five years.

Oracle Identity Governance is a stable product. It has many connectors, so you can plug it into many other products. You can do pre-processing, but you'll first need to do some programming, so stability wouldn't be an issue if that's taken care of. Oracle Identity Governance works well.

Oracle Identity Governance is a scalable product.

I'd rate the technical support for Oracle Identity Governance as three out of five. It still needs some improvement.

I used to implement SailPoint before Oracle Identity Governance, and SailPoint had better documentation than Oracle Identity Governance. I found the documentation for Oracle Identity Governance lacking.

The initial setup for Oracle Identity Governance was a bit complex compared to other products, for example, SailPoint. Implementing version 12c of Oracle Identity Governance has improved a bit, though.

I can't say much about the pricing for Oracle Identity Governance because it's different from one geography to another. In India, the license price costs less than in other geographies.

Oracle Identity Manager is now rebranded as Oracle Identity Governance, and I have experience with it.

I was part of the development team for Oracle Identity Manager, which is now Oracle Identity Governance, so I've worked on developing Oracle Identity Manager for around ten years, then, I've been into consulting, specifically implementing Oracle Identity Governance.

My company is a consultant for Oracle Identity Governance, but it's not an Oracle partner.

Multiple banks use Oracle Identity Governance, so it has millions of users.

My rating for Oracle Identity Governance is seven out of ten.

What I found most useful in Oracle Identity Governance, feature-wise, are provisioning, de-provisioning, and termination. Those features are very good.

Oracle Identity Governance can also be easily integrated with non-Oracle products, which I find valuable.

An area for improvement in Oracle Identity Governance is that it isn't refreshed or updated as much. The only area that changed on it in the last five years was the GUI. The solution still has the same installation, troubleshooting, and configuration. Oracle Identity Governance is still very complicated when compared to other solutions. It seems that Oracle doesn't focus too much on Oracle Identity Governance in terms of making some improvements to it.

I've been using Oracle Identity Governance for almost five or six years now.

Oracle Identity Governance is stable enough, even for large organizations.

Oracle Identity Governance has good scalability.

I've contacted the Oracle Identity Governance technical support team multiple times, and my impression is that it's in between good and average. On a scale of one to five, my rating for support is a two.

The initial setup for Oracle Identity Governance was complex, and on a scale of one to five, it's a three for me.

At the moment, my company hasn't seen ROI from Oracle Identity Governance.

The licensing cost for Oracle Identity Governance is very high, so I'd rate it two out of five.

I evaluated SailPoint and One Identity, apart from Oracle Identity Governance.

I generally use the Oracle suite of products which includes Oracle Identity and Access Management and Oracle Identity Governance.

My company has almost three thousand users of Oracle Identity Governance.

My advice to anyone looking into implementing Oracle Identity Governance is to go for it because the solution has very good stability and scalability. I'd recommend it to large organizations because Oracle Identity Governance can handle large volumes of data. If anyone wants to try plug-and-play solutions such as SailPoint and One Identity, I wouldn't discourage it, and I'd recommend those solutions for midsized organizations.

I'm rating Oracle Identity Governance as seven out of ten. It's suitable for large organizations, and it has very good scalability and stability. You can also easily integrate Oracle Identity Governance with non-Oracle products such as Microsoft products, but configuring and implementing the solution is complex, so I'm scoring it a seven.

My company is an Oracle customer.