Oracle Identity Governance Reviews

There are a lot of use cases. We use it to manage everything within the user interface, for example, direct access privileges.

It's a stable and scalable solution.

It's difficult to use, and we're planning to switch to another application. The administration tasks for business processes, workflows, and definitions could have been easier. There should be an easier way to do it than having a dedicated ID for all these tasks. 

The product design has some complications for doing some use cases. I would like to see easier onboarding of applications and easier ways to plugin the customization codes.

I have been using Oracle Identity Governance for about two years.

Oracle Identity Governance is a stable solution.

Oracle Identity Governance is a scalable solution. At present, we have around 10,000 users.

The initial setup is moderate. It's not very complex, but it's not very easy to do.

You need a consultant to install and deploy this solution. You also need four to five team members to maintain this solution.

The price is based on the number of users per year.

I would tell potential users that many other products are much easier to implement than this solution.

On a scale from one to ten, I would give Oracle Identity Governance a six.

We are a solution provider and we help customers migrate to different platforms integrated with multi-factor authentication.

This product is used for the provisioning of devices that are used for different applications and users inside the enterprise.

This solution offers multiple features that are valuable. 

The most valuable feature is the set of out-of-the-box connectors. The connectors can be customized, and we do make use of several custom ones.

The cost of this product needs to be reduced. There are other modern IAM solutions that are available at a better price, and the use cases are very easy. It is cloud-based and it caters to the needs of an enterprise. For example, there are some features that we do not use, yet we still pay for them. In the past, there was no choice, but many options are now offered. 

Customization is not easy to do. For example, additional reports or modules are difficult to create in a timely manner.

We would like to see more support for public cloud services. 

We have been using this solution for approximately five years.

This is a stable product.

There is no doubt that this product scales well. It is a well-established product for enterprise users. One of our customers has an employee base of almost 30,000 people.

Technical support differs depending on the region. We have found that the turnaround time can be high, depending on what regional support we are dealing with. 

I have experience with several similar solutions, including Centrify.

We are currently exploring SailPoint and Saviynt and although no decision has been made as of yet, we might move to another platform.

In the past, I also worked with SiteMinder, but it did not have this level of depth.

The initial setup is complex and for a larger, enterprise-level customer, it becomes very complex.

The cost of support and upgrading to the next release are both expensive. We have an annual maintenance contract.

The suitability of this product depends on the organizational budget and plan, which includes the roadmap to having an IAM solution.

In summary, they are not great, but not poor either. My biggest complaint is about the costs.

I would rate this solution a six out of ten.

The most valuable features are the comprehensiveness; the whole identity lifecycle management; the centralized view of people requesting access to provisioning, to SLD, and to access review; basically, the whole suite.

The features are there. Oracle has always had a good vision about where the product is going.

The greatest benefit is increased efficiency so we can manage the identify lifecycle faster and better and so we can govern the access from a central place and make it easier.

I would like them to focus on profile-based provisioning and make what we call the birthright access management. We need to have an easier way for people to find out the birthright rules and based on the birthright roles, the people get access they need to get what they want done.

By profile, I'm referring to job profile. Take engineering as example. To do their jobs, all engineers need access to some applications and systems. There are typically multiple engineering teams, e.g. the access needed by network engineering team can be quite different from security engineering, corporate software engineering, and customer facing software engineering. However for each of these engineering teams, people tends to have the same job profile (title, reporting to, department, etc.) and they may require the same access rights to a common set of apps / systems.

I am imagining that users could select security engineering and then a number of access requests could be generated for a list of apps / systems that a typical security engineer needs access to.

But first they need to work out the product stability issues and make it easier to upgrade, support, and troubleshoot; those kinds of things.

Sometimes, it does not meet our expectations in terms of stability. I would give it a 3.5/5 for stability.

Given that it's an OEM product, the scalability is not really a critical factor for us. People can wait for minutes, hours, even days to get access granted. For OIM, it's not really a high criteria.

Technical support is pretty good. The only comment is that it depends on which company you come from. Some companies have great relationships with Oracle's product management, so they can get access to the best resources faster than others. We happen to be one of the customers that have a close relationship with Oracle, so no complaints.

We did not really have a previous solution. OIM has been here for years. Many, many years ago, we had a homegrown solution, but it’s no longer there. For the several past years, I know it's just been OIM.

Initial setup is not a part of my job function.

I just joined, so there's no initiative to reevaluate that part.

I would certainly short list OIM on a list of candidates along with some others in the market. With Gartner publishing every year, you have a good review for all the products on the market. For me, Oracle is at least top 5.

The features are there. Oracle has always had a good vision about where the product is going.

A vendor must have a quality product with easy-to-use features. Right now, user experience is a big thing in the market. Many vendors offer similar solutions. Ease-of-use and the quality of that is the main factor for us.

The most valuable feature is that it provides a consistent user interface. That's the primary thing, the consistent user interface.

Over time, it will improve the way my organization functions. We've had some challenges as far as rolling it out, but that's the goal. We have a consistent set of processes, so we need a consistent toolset to be able to disperse across our organization.

One of the things they don't have is, they don't provide support for what are called service accounts, non-human accounts, non-human IDs. That's critical.

In addition to that, we have some role mining capabilities that Oracle really hasn't included or defined what they're going to do, how they're going to incorporate that. They've been converging these two products for a very long time, Oracle Identity Manager (OIM) and Oracle Identity Analytics. There's still that component that's still outlying.

We've had some stability issues. We've worked closely with Oracle to resolve them. Just recently, we got performance issues. We're going to the new version. It was released last year. There are about a dozen customers that have it. We've discovered some performance issues. Oracle has worked closely with us. It's gotten to the point where it's ready to go. We're going live with it this weekend, the new version.

Scalability is one of the problems that we've had. Now that we've had it in production, and we have X number of concurrent users, we're having some performance issues. That's what they've helped us with, as far as they’ve given us some patches to correct the issues; it's become a little more acceptable. We're not at end state yet, so that's another thing we're going to continue to work with them on.

We meet often with Oracle. We have, literally, meetings at least twice a week with our technology staff. I coordinate a monthly meeting with some of their executives and our executives. We have a lot of visibility with Oracle. Overall, technical support is very good.

I was involved with the initial setup. It's not so straightforward. It's a very complicated space. It's a complicated tool to implement. There seemed to be a lot more customization and configuration that we needed to do; we initially believed we could just work out of the box.

Several years ago, I actually coordinated a proof of concept. We looked at several different vendors. We eventually landed with two vendors. We actually had kind of a bake off. Both of the vendors came in. We put them through a series of tests, we had usability tests, scripted tests. We had them demonstrate a lot of their functionality, and then we evaluated them. The OIM product came out on top.

We decided to go with Oracle because, when we did those different types of tests, they scored better than the other provider in all aspects.

When I’m selecting a vendor such as Oracle, it's important for us to make sure that they deliver on time, that they have a solid road map, and that they have the resources to back what they commit to.

I recommend the product. I recommend that they consider pilot rollouts when they go live, not a big bang, so they can gradually understand, once they implement it, what the real impacts are. That's pretty much the biggest “a-ha” that we had. Build the knowledge and understand how it functions, not just based on the documentation, but try it out, test it out, and come into it, eyes wide open.

I don't think there are other products like it out there. Again, there's always room for improvement.

Automated User Creation and provisioning of connected resources in the case of Identity Manager, Access control to protected web resources with regards to Oracle Access Manager.

OIM eliminates the need for manual creation of users and assigning of various resources. It reduces the time needed for onboarding new users.

The management of workflows could use some improvement as well as the overall performance of the product. Because this is such a complex product, we find that it runs a bit slower than its competitors.

I have used the Oracle products for 7 years. I have experience with both the 10g and 11g versions of the product.

Yes we encountered a lot of issues with deployment due to the fact that we are a highly customized environment.

No, this has not been much of an issue for us.

No this has not been much of an issue for us. The product scales quite well with the size of our user base.

The customer service for the product is satisfactory.

The level of tech support could use some improvement.

We did use a different product before going to Oracle and we made the switch due to lack of support for the other product.

The setup was complex due to too many customized provisioning workflows within our organization.

We implemented the product through a partner of the vendor. Their expertise was what we expected.

Yes, we evaluated both Sun Identity Manager, and CA Identity Manger.

I would say this is a good product but some time would have to be spent in planning and learning.

• Oracle Identity Federation
• Oracle Internet Directory (LDAP)
• ODSM
• OIM
• OAM
• Oracle Virtual Directory

It replaced the old Oracle SSO and OID, helping us save on support for off-the-shelf products.

Also, it easily integrates with other applications, even with custom apps.

• Installation process
• Technical support
• More relevant documentation about specific parameters (as I still have no clue what they are responsible for)
• Better documentation for HA and clustered setup especially with F5 Load Balancers

We've been using this solution for more than two years.

There were no issues with the deployment.

We had some small issues with stability, particularly with memory leaks in some functions of this product. However, Oracle came up with the right patches.

We've had no issues scaling it for our needs.

4/10 for Australian customer service. It seems like Oracle customer service does not know its product as well as I know it.

4/10 for Australian technical support. I noticed that US technical support is quite knowledgeable, so I recommend asking for support only from Europe or North America as they have good engineers there.

The initial setup was complex, as any enterprise identity management product would be. First, it's not clear what to download from Oracle e-delivery. Secondly, it's not one product but a complex, multiple-component system. We have to first install OID, and then find the right repository creation utility RCU. Apart from this, you need to install SOA first for OIM, and there are multiple patches for the database and infrastructure. Only after all prerequisites have been met is it possible to install.

People from a pure Oracle DBA background can't do this. You need to have all-arounders with knowledge of SSL and PKI infrastructure, plus a little bit of skill with Linux. They also need to have Oracle Database skills and not follow template thinking.

Also, due to the nature of the organization, my employer is paranoid about security, so it is done in a very secure configuration, including reverse proxies, traffic encryption (SSL), and High Availability setup with F5 Load Balancer. It was just really complex.

It was implemented in-house by two or three experienced contractors/consultants, including myself.

It has many built-in components, and some components, if you don't actually use them, you don't need to purchase them.

We did not consider other solutions as we needed a certified and supported configuration to perform an integration with Oracle E-Business R12. Also, the potential integration with other identity management systems was a factor.

Just go for it. Stability and scalability are very good. Once installation is done and it is stable, you will not experience too much trouble.

I used Identity Governance to provide clients access to different solutions. For example, one client had an Active Directory, and we offered the client access to create accounts there. There are Active Directory and Exchange accounts, and there is a database specific to this client that requires a special connector.  

In addition to the database, the client has a website where they can create accounts using their SOP protocol. Unfortunately, it's not so easy to use the standard Oracle Identity Manager Connector with SOP protocol, so we had to develop a new connector to communicate with this website and create accounts in these web services. 

The one thing that stands out was is the automatic sign-out when an employee goes on vacation. Identity Governance can monitor when an employee goes on vacation and returns. We use this feature to automatically disable all the employee's accounts when they go on vacation, and they're automatically enabled when they come back. We can also automatically delete the employee's accounts when they're dismissed. Oracle has a model that gives you precise reports. It's called Crystal, and it's similar to JasperReports, so we can derive reports from this database.

Identity Governance is a difficult tool to work with. You have to input many models to understand what is happening with the logins. The user interface is not so good. And a lot of the features we use aren't available out of the box. You have to develop a lot of the basic things yourself. It would be nice if Oracle provided these common features.   

I've been using Identity Governance for five years. 

Aside from a few bugs, Identity Governance is mostly stable.

Identity Governance can scale up. 

Oracle support is excellent. However, it varies depending on the level of support the client pays for. If you pay for a premium service license, they respond quickly.

I owned a company that implemented these solutions for various clients. Each client has a different identity manager, so we worked with three identity solutions: Oracle, NetIQ, and Computer Association.

It was challenging to implement Identity Governance. The time needed for deployment depends on the size of the client. While it's possible to get it done in three days, deployment can take up to a week. 

I rate Oracle Identity Governance six out of 10. If you're planning to use Identity Governance, you need to learn Java to fully meet your business requirements.

It brings centralized management of all the identities for the E-Business Suite; that's the central feature.

It streamlines the management of users, and it also provides compliance, in terms of the policies around maintaining identities, expiration, and so on.

It is cumbersome to deploy; there are multiple layers in terms of trying to get it to work; and they're also limited in terms of the number of products it can integrate with.

As far as deployment being cumbersome, I think it's just the nature of the product. For the version that we have, you need to have your own directory services or ID on top of that. Then you have to integrate it to Active Directory; that's another layer. Even the number of different products, packaged in terms of, "Do you want to do provisioning, or are you just looking to do authentication and authorization?"; all that mix is really difficult to configure.

It's very stable. Now, we do have it deployed with some high availability options on the back end, and we have multiple app servers, and that combination is very stable.

It scales well, because you can add more nodes. You can scale it vertically as well as horizontally.

I would give technical support an average score; it could be improved, it could be much better. I think it takes a long time to get to the issue resolution. You end up supplying the same information multiple times.

It's best to bring in a consultant who understands all the nuances, because of the difficulties with initial implementation. Once successfully deployed, is a fairly stable and easy to maintain, but that initial implementation is a high wall to scale for it to be successful.

We didn't look at other options because the Oracle product, at the time, was the only product that can fully integrate with Oracle E-Business Suite and manage those identities.