Oracle Identity Governance Reviews

We use this solution to create and manage the user lifecycle. We are customers of Oracle. 

Password management is a valuable feature.

When Oracle released the 12c version, they deleted the  Privileged Account Manager from its security solutions. If a customer had implemented that in the previous release and wanted to update it, they could be faced with a huge problem because that product no longer exists. I think the platform could be enhanced and I found bugs in their documentation. Information relating to some connectors is incorrect. I think Oracle could simplify Access Manager.

I've been using this solution for six years. 

This is a stable platform.

The solution is scalable, we have over 500 users. 

Sometimes the support is not able to resolve our issues and they're often changing support engineers. I think there is room for improvement with the support.

Neutral

I consider the initial setup to be easy. If it's a matter of deploying two or three applications, the setup could take one or two months. For five or 10 applications, deployment could take at least six months. It all depends on the number of applications. 

We moved to this solution because of its cost. 

It's important to be aware of the identity and access management process by reading the documentation. Before implementation, it's important to prepare an environment to install the solution for an indication of how it should be installed. 

I rate this product seven out of 10. 

Oracle has lots of products, but our use cases for Oracle Identity Governance include user onboarding similar to what SailPoint is used for, for example, on AESOP, and certification. We also use it for access requests where end-users can go and request access, then we can provide user access or communicate the password to a user secretly. Oracle Identity Governance is where we can have the password portal and also provide role-based access.

What I like most about Oracle Identity Governance is that it is a very flexible tool. It allows you to do any customization on Java as it is built on Java and you can write any customization code using Java. I also like that Oracle Identity Governance is pretty much stable. In my company, there are a lot of users, so my company prefers this solution.

Pricing for Oracle Identity Governance could be improved. The setup process for the tool could also be faster.

I've been using Oracle Identity Governance for three years.

Oracle Identity Governance is a very stable tool. It has good stability and my company didn't see any issues with it.

Technical support for Oracle Identity Governance is good.

The initial setup for Oracle Identity Governance is not that straightforward. It takes time compared to setting up SailPoint.

Oracle has multiple implementation partners, so any client who wants to use Oracle Identity Governance can work with an implementation company, particularly one that gives the best service, in terms of installing or configuring the the tool.

Oracle Identity Governance is expensive.

I evaluated SailPoint.

My company is using Oracle Identity Management, now called Oracle Identity Governance.

Right now, I would not recommend Oracle Identity Governance because there are new and very good tools available in the market.

My rating for Oracle Identity Governance is six out of ten.

The most valuable features are the attestation of identities and the robust set of identity analytics.

The way we have designed and implemented the solution has set us up to become a shared service model. This platform allows for us to customize any solution to meet the business capabilities.

With Oracle, it's always about the learning curve and the nature of how the product is integrated. It takes tons of training and getting the right experienced people involved in order to launch the initial framework. Some of the adapters also do not work very well or have limited functionality.

We have used Oracle IdM Products for 3 years now but just started using the new R2 framework 6 months ago.

Yes, we encountered issues with determining if we wanted to use the LCM installation over manual. Once we determined that LCM was a good choice then it was a pain getting the SAN setup correctly to allow for these silent installations.

In our sandbox environment we had stability issues but only because all the components are on the same server. Once we worked out the kinks of first time R2 users, the platform seemed fairly stable.

We did not encounter issues with scalability since we architected the solution to scale out enough to handle data.

Oracle is pretty good about helping as long as you have the solution built according to their specifications. The trick with support is making sure the hand-offs are done in a timely manner since you may start with someone from a 6 time zone difference. I always get the duty manager involved with critical issues so that these gaps are addressed.

Depending on who you get, some of these folks are really sharp and there are some still learning the product.

We used Microsoft ILM and FIM to manage our identity management provisioning and used Symphony for our Access Management side. We made the switch because Oracle offered a more robust solution for us to become a shared service for Identity Management.

As with any Oracle product, it's never straightforward. We knew what goals we needed to achieve but the challenge was having numerous design sessions to cover the possibilities, risks, and impacts in order to achieve those ambitious goals.

We had a combination of both in-house and outside professional services to help. I would rate our outside expertise very well.

Too early to determine at this point in time but we have some ROI on the deployment side by shaving 6 hours per environment setup by using automated installations.

Not including licence, we had a generous project budget to set-up and replace our legacy platform. The day-to-day cost is based on 3 people we have to support it. Of course our team & infrastructure is growing so the cost will rise by nature of supporting the service.

We evaluated products such as at Microsoft, Okta, CA, and IBM. The Oracle platform was more aligned with our business road maps and meets the desired capabilities the business needs.

Get people who have performed R2 installations and designs. This is important because if it's not done right the first time then you will be spending a lot of time either fixing issues or having to re-build everything. When you have such a robust system such as this, it gives you many ways to architect solutions.

Whether I need to request permissions for certain other business applications, I put in a request. Then I'm given permission.

You actually deploy it together with Access Manager. They work together. You may not even notice the difference.

There are two valuable features. One, I am able to request any access rights I need. I don't even need to talk to my manager. I just request, and he can see the request and approve or reject it and give a reason. It's all very clear. Two, the Self Service I get is great. I can reset passwords, whether I have forgotten them or just need to change them. I don't have to call IT to help me with the password resets. 

In terms of room for improvement, to be honest, I haven't considered anything. I don't have anything I can say about improvement.

It's a complex solution, so it will take time in terms of deployment. It is not that easily deployed. Maybe if they can make the deployment easier, that would be great.

From a technical point, maybe they need to share how the integration with privileged access management solutions works since they no longer have privileged access management. If they can properly support integration with the existing leading privileged access management, that would be great.

I've used the solution for a while. 

We do not have plans to increase usage. Usage is static. If the number of users increases, if more are hired, we may increase. It is just based on the organization. There is no plan to change to another solution. If the the number of users increases, we'll still have the same application, as it is licensed and not a monthly subscription. It is a perpetual license. There will not be any changes.

The initial setup is complex. It's not easy to deploy. They've tried to improve the onboarding process, however, they should continue to make it easier. 

We have a perpetual license. 

I'm an end-user.

Before you implement, ensure that your workflows are right. You need to ensure the structure of your business in terms of workflow and that the permissions and the roles are well-defined so that when you onboard Governance, it is only automating what you already have.

I'd rate the solution nine out of ten.

Our primary use case for this solution is for internal employee user lifecycle management and the automation of access provision for target systems. This IAM solution is implemented on-premise with complete high-availability and a separate DR site.

This solution has improved the organization in several ways, including saving many help-desk password-reset calls, IT staff productivity, and quicker user on-boarding.

The features that we find most valuable are:

• Trusted reconciliation with target systems helps eliminate orphan accounts and alert administrators if unauthorized account detected.
• Segregation of duties and role mapping helps streamline organization application efficiency and access certification for higher management
• Workflow capabilities with customization help to achieve expected multi-level approvals with email/SMS alerts during access and account creation to responsible parties.

The improvements we feel are currently needed are:

• Immediate IAM product certification to new version 12c with other Oracle products such as CRM/ERP and SAP etc.
• Simplify and add more functionality to Identity Cloud Service (IDCS)

Features that we would like to see in the next release are:

• Introduce a matured Privileged Access Management solution to make the IAM stack fully compliant with any customer environment.
• Provide a solid roadmap to Oracle PAM or similar product under Oracle IAM umbrella.

Good!

Excellent!

Technical Support - Overall Good

Vendor

Rate - Excellent

Efficiency and we save a lot of time and money.

Get the right product which you can customize as per your business needs. IAM is a journey and you cannot switch products after 2-3 years; hence consider strong roadmap of the product.

Yes, CA and IBM products.

The most valuable feature of Identity Manager is its integration with other Oracle products. Specifically, its in the same stack as WebLogic and Database. This provides us a consistent set of products and tools, which is valuable for the continuity of both our IT and business operations.

We provide it as a service to the government. Identity Manager solves a very real problem that they have which is to control all identities they have in their system as well as access to those identities. So it really is essential to the entire life cycle of tracking identities, a problem that IM solves.

I'm more looking forward to seeing what they do for the new cloud services that they're rolling out, which is actually a different product, but they are offering identity as part of a cloud offering. This would be an improvement over the software offering.

The company overall has been using them for quite some time. Our project has been around for three years.

We've had no issues with deployment.

Stability seems to depend on the day of the week. Overall, it's pretty stable, but it's software so, like anything else, it has problems.

For what we've done, it's scaled. It's difficult to say what scale we're measuring against because we're not the size of a Google, but we do have several hundred thousand identities in our system. For our purposes, it's scalable.

We work with Oracle, open a service request, and they resolve it. Dealing with Oracle support is separate from the product team, and dealing with support can be very challenging a lot of times. It's very difficult to convince them and to get them to understand the problem, and then to involve the right people to solve it. Once they get the right people there to solve it, then the support is fine.

The client was using a Sun Microsystems solutions, so Oracle acquired Sun Microsystems and the client re-evaluated what solution they should use going forward, and they made the switch to Oracle.

I came in a little after they had already started, but I was there for the initial go-live. These are large, complex products, so I wouldn't say they're easy, but we have people who know what they're doing, so it wasn't a problem.

Oracle Identity Manager is not the easiest to configure nor is it the lightest weight, but again, it's all integrated together and it's a consistent set of tools.

We are customers of Oracle and I'm a senior manager at the company. 

The features I like in this solution are the RBAC and the UI customization, particularly that it has a granular level modification. I also like that it is flexible and able to implement my requirements. 

The user interface experience needs to be improved. In order to get where you want to be, it requires multiple scripts when it should be simple with a one button click. The complexity of the tool and development could also be improved. The most important point is that Oracle hasn't adjusted itself to the current market, they are still doing the same thing they've done for the last 10 years. If you use Saviynt, for example, they have the ER implemented where they will offer suggestions. I also think the solution should have Cloud support. 

This solution is stable. 

The solution is scalable - we have over 25,000 users.

The initial setup is complex. If, for example, you're implementing a connector, and using tools like SailPoint, Saviynt or NetIQ, it's simple. With Oracle, there are lots of places where you have to make changes and they need to be done throughout the process so there's a lot of dependency there. Deployment can take between two to three months if it's a simple implementation and doesn't require customization. 

I would recommend this solution but it really depends what you're looking for and what will suit your needs. I can recommend it for users who are looking for the RBAC implementation, which should be the strongest one. If you're not looking for that then there are other options.

I would rate this solution an eight out of 10. 

We are using the on-premise deployment model of this solution. We chose this solution because we have a lot of Oracle products and other Oracle products aren't compatible with Active Directory. 

It has a very good response time but on the other hand, we have experienced a number of bugs. It responds fast but because of the bugs, we have already had some major incidents and complete unavailability. That's why we are not happy with the current version and we decided to upgrade it. We also tried to change the architecture setup to have less of an impact when the bugs occur and to have more availability. Oracle helped us to design the new architecture. 

We didn't make concrete plans yet about when to switch because we are still working on the high availability setup path. It will be a high availability setup, each data center with an active process failover in case something blocks it.

The reason we are upgrading to the next version is because today we have stretched clusters across data centers. We experienced major problems with the cluster software and the product, which is coherence. In the next version, that part will be handled by the database. We hope that we will get rid of those stability problems because of the bugs that are in there.

I have been using this solution for the past seven years but it has been deployed at my company for longer.

It's not so stable in our environment. It might have something to do with our old network. We're replacing the network now but it's very latency-sensitive.

There are quite some setbacks and I think Oracle is very well aware of them. There is no real service level management on the contract side. When you log something, you do get priority, but in general, you need to escalate something for them to look into it. The quality of their answers are often not so splendid either. We already had some commercial discussions with them on how we could improve it, but it's so expensive that while it's not affordable for a company like ours, you can hire a technical account manager for products, which isn't something we can do. 

It is a complex product. There are not a lot of engineers with knowledge about it. That's the first problem. I think it's a general problem. We do have one consultant and one internal person just for the line support and installations. We know from experience from a consultant that worked with different customers that they all have the same problem.

We have one consultant working on this product and it's a full-time job here.

The hardware and the operating system obviously cost money. With Oracle, you have the product itself and the management product which might be expensive sometimes as well.

As a customer, it's not okay that the salespeople sell you a product that they don't tell you all the ins and outs about and you are expected to manage it. You discover all of these things afterward if you don't ask the right questions.

In the current setup, within our network, I would not rate it too high. It's maybe a six or a seven out of ten. Although, it might be related to the performance of our network.

It's a good product as such, but you need to be aware that you need some people who are having the knowledge.