We performed a comparison between Oracle Identity Governance and SailPoint Identity Security Cloud based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Surveying is a valuable feature because it allows us to import data and see who has access to what data, for example."
"User-friendly solution."
"Omada's user interface is elegant and easy to work with. I like Omada's ability to automatically generate accounts for new hires and allow them access to all required systems by established policies. Around 80 percent of workers can start working immediately on their first day without requesting further access."
"The most valuable feature of Omada is its API connectivity, which allows seamless integration with various services like SAP, GRC, and Microsoft licenses."
"Support-wise, working with Omada has been good. We have very good direct interactions and fast responses."
"We used to have a problem where an employee's access wasn't terminated when they left the company. Now, we have much better visibility into and control over who has access."
"The customer success and support teams have been crucial."
"Omada's best feature is creating accounts, automatically assigning permissions, and distributing resources based on assignment policies."
"The most valuable feature of Oracle Identity Governance is user lifecycle management. Certification is also a valuable feature of the solution. Oracle Identity Governance allows you to assign who has access to what, which is its basic feature."
"It helps provision the required accesses through policies, approvals, and whatever would be the business requirement."
"The support service of Oracle is good. We use it a lot and their response is quick."
"I have found the OIM Connector framework, based on ICF, to be the most valuable feature."
"It's a stable and scalable solution."
"Good features are the RBAC and UI customization."
"Identifying connector framework for unifying provisioning capabilities from OIM."
"The most valuable features in Oracle Identity Governance are identity and access management."
"The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure."
"The solution’s stability and performance are good."
"The first valuable feature of the solution is its interface. The second feature of the solution is the level of flexibility it provides."
"Great product to manage the access control of users."
"Provisioning in multiple environments."
"SailPoint IdentityIQ has a good and straightforward user interface. They also have a lot of resources and documentation available to understand the process."
"It is a scalable product."
"The most valuable feature for our customers and for us is the identity data warehouse."
"The reporting and importing have room for improvement."
"The web GUI can be improved."
"Omada could communicate better with us about the product roadmap. We haven't gotten any updates about it. The user interface is often a bit difficult to understand. It isn't optimized for small screens, so it doesn't display all of the information clearly, so users need to scroll a lot."
"If you're running Omada on a cloud service, you may have some issues deploying the newest release. Sometimes, the latest release doesn't adapt to the processes we have already installed. Identity Access Management is a critical system for our organization, and we need to ensure that everyone has the same access as they did before the release."
"The backend is pretty good but the self-service request access screen, the GUI, needs improvement. It's an old-fashioned screen. Also, Omada has reports, but I wouldn't dare show them to the business because they look like they're from 1995. I know they are working on these things and that’s good, because they’re really needed."
"The reporting on the warehouse data and the import process both have room for improvement."
"We are trying to use Omada's standards and to adapt our processes. But we have had some trouble with the bad documentation. This is something that they could improve on. It has not been possible for us to analyze some of the problems so far, based on the documentation. We always need consultants. The documentation should include some implementation hints and some guidelines for implementing the processes."
"Its flexibility is both a good thing and a bad thing. Because it is very flexible, it also becomes too complex. This is common for most of the products we evaluated. Its scalability should be better. It had a few scalability issues."
"The cost of this product needs to be reduced."
"You need full visibility because the suite of features are complex and you have to be clear on what you want to implement."
"It's a complex solution, so it will take time in terms of deployment."
"It would be great if the Oracle Fusion Middleware team worked on making it compatible with other application servers, as it exists in OIM9.x."
"Pricing for Oracle Identity Governance could be improved. The setup process for the tool could also be faster."
"I have yet to see its full functionality exercised in my organization."
"Oracle Identity Governance, particularly version 12c, can handle multiple scenarios, but for a regular user, I found the use cases not that extensive, so this is an area for improvement. The implementation process for Oracle Identity Governance is also a bit more complex than how you implement competitor products, and this is another area for improvement in the solution. Technical support for Oracle Identity Governance also needs some improvement. Another area for improvement in Oracle Identity Governance is its documentation. Currently, it's lacking when compared to SailPoint. What I'd like to see in the next release of Oracle Identity Governance is a bit more scope for AI-based Identity governance. If the solution has built-in intelligence, that will give it more leverage. Another feature I'd like to see in Oracle Identity Governance in the future is the option for managers to provide access to others via mobile devices or phones."
"Our issues with the solution have to do with the integration with different applications. It's not easy to connect ICAO to this kind of product. It would be better to work on the extensions of the adapters for this kind of identity management solution in order to not put in the code in the product."
"The product’s cloud offering could be flexible."
"The user interface is not very user-friendly."
"The advanced provisioning features require more improvement."
"The cost can be prohibitive for middle-tier companies."
"Certifications could include additional access levels or practices."
"SailPoint IdentityIQ has a primitive AI engine."
"The product must improve its support."
"If there's a price reduction for SailPoint IdentityIQ, that would be helpful. Another area for improvement in the product is the technical support, which needs to be more friendly to customers."
More SailPoint Identity Security Cloud Pricing and Cost Advice →
Oracle Identity Governance is ranked 4th in User Provisioning Software with 66 reviews while SailPoint Identity Security Cloud is ranked 1st in User Provisioning Software with 62 reviews. Oracle Identity Governance is rated 7.4, while SailPoint Identity Security Cloud is rated 8.2. The top reviewer of Oracle Identity Governance writes "A scalable solution designed to meet the requirements of medium and large-sized companies". On the other hand, the top reviewer of SailPoint Identity Security Cloud writes "Flexible, easy to customize, and not too difficult to set up". Oracle Identity Governance is most compared with One Identity Manager, Saviynt, CyberArk Privileged Access Manager, Microsoft Identity Manager and Systancia Identity, whereas SailPoint Identity Security Cloud is most compared with Saviynt, One Identity Manager, Microsoft Entra ID, ForgeRock and Cisco ISE (Identity Services Engine). See our Oracle Identity Governance vs. SailPoint Identity Security Cloud report.
See our list of best User Provisioning Software vendors and best Identity Management (IM) vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Here follow my inputs about your questions concerning SailPoint IQ and Oracle.
WHERE DOES IT COMES FROM?
1. As representatives of SailPoint told me in 2008, SailPoint IQ was designed in 2005 by reusing the functional and technical requirements of SocGen Corporate Investment Banking (I participated to the initial design in 2004 in Paris… we live in a small world).
2. Oracle Identity Governance was formerly RBAC X purchased by Sun Microsystems then selected as the Identity Analytics components by Oracle.
WHAT ARE THE FOUNDATIONS OF THAT?
Both solutions are based on the Role Based Access Control model (RBAC) consisting of telling who occupies some business roles to be granted more or less consistent list of authorizations.
This is a model of the second generation while the NIST envisioned up to 6 generations in 2009! So… it’s a pretty old model.
IF ONE ORGANIZATION SUCCEEDS TO MAKE IT WITH RBAC
If one succeeds to implement this model, then it is possible to tell:
1. Who should have access to what by occupying a role that has to be mined with a half automated process that is pretty laboring and expensive,
2. Who has ‘’out role’’ entitlements to be terminated. Reviews of entitlements can be focused on ‘’Out roles’’ and even if they don’t understand the descriptions of authorizations, managers can take a decision.
HEAVY PREREQUISITES TO MAKE IT
LABOR, TIME AND CASH BECAUSE OF HEAVY PREREQUISITES
If one large organization is willing to satisfy the core prerequisite of these 2 solutions, it is necessary:
1. to spend 30 to 60 minutes for each department of an organization to mine User Roles and to associate a list of authorizations that are impossible to understand by any business analyst,
2. then spend about an hour with each manager to validate the roles and associated entitlements (impossible to understand by managers as well),
3. last but not least, implement the roles and lists of entitlements.
REAL USE CASE IN THE USA
Large organizations are totally unable to implement such an approach for following reasons:
1. ..X for example used SailPoint IQ and mined 1.500 roles instead of estimated 15.000 (low estimation),
2. ..X was unable to validate roles because managers could not understand labels of authorizations such as: ZZX00152, ZX215521, zz_top_group_senior,…
3. it would have been:
a. too long to make it for 126.000 employees / 10 team members in average = 12.600 work units located in about 100 countries * 30 minutes in average = 787 man days without vacations, travels, coordination!
b. too expensive:
i. 1 role analyst * 30 minutes in average * 80$ per hour * 12.600 units = 504.000$ for role mining only
ii. 1 role analyst + 1 manager * 220$ per hour * 12.600 units = 2.772 K$ for role validation
iii. Implementation of roles into IAM solution such as Oracle Identity Manager or IBM SIM is a technical thing that costs more…
IF ONE ORGANIZATION CANNOT MAKE IT BECAUSE MANAGERS DON’T UNDERSTAND WHAT MEANS ‘’ZX023455``
SailPoint and Oracle have nice features to add translations to entitlements.
The thing is that where you have several ten thousand labels to translate…
* it takes time and lots of $ before to deliver.
* People around a table will take time to come to a shared understanding (if they are very motivated)
IF ONE ORGANIZATION CANNOT MAKE IT BECAUSE IT’S IMPOSSIBLE TO TRANSLATE ‘’ZX023455``
* SailPoint proposes to use Risk Based approach and to add Risk Criteria to several ten thousands labels… (sic) to be considered from a Risk Standpoint…
* Oracle proposes to use indicators and requests and to let managers think about a decision to be taken thanks to dashboards and reports. Some kind of Business Intelligence.
WHAT IS THE OPTION?
1. ...X came to the conclusion that it was not possible to make it with SailPoint IQ alone. A custom algorithm is necessary to enhance SailPoint capabilities.
2. The Gartner Group exposed the issue for the last 3 years. Advanced analytics and Self Learning systems will make it.
3. We, at EasyPatternZ:
a. are the first to make it with Artificial Intelligence.
b. take about 5 seconds per work unit in average to deliver the answer to the question ‘’Who has access to what, why, whatever the circumstances’’ better and faster than any leader.
c. made it 3 times since 2013. The Federal Government of Canada will qualify it between April and July this year with 23.000 employees.
d. Are watched by USCIS.
My experience in IAM is with HPE Aruba ClearPass & Cisco ISE. A couple of other competing products, such as the ForeScout and Auconet products that were evaluated at a high level, but didn’t progress further.
I’m not at all familiar with Sailpoint IdentityIQ and Oracle Identity Governance and couldn’t provide any meaningful insight into either of them.
I am not an SC so my response is very salesy :).
Sailpiont is more of a next gen solution in the IAM space.
If an organization was a huge Oracle shop I would have them consider Oracle – if not I would be heading to Sailpoint.
*Sailpoint is as robust but does not have the legacy issues that Oracle has to deal with which makes it easier to implement/operate
Sailpoint will also be lower in price.
Basically the question is 'what will you achive ?'. I agree with the comment above, Oracle is known to have a high TCO due to complexity. The fact is also that Oracle claims to ease the end-user experience but this mean a mandatory extensive preparation in order to provide users with accurate and in context information. Sailpoint IIQ is probably easier to implement and indeed is efficient in respect of RBAC and ABAC or preferably some kind of hybrid modeling. Don't forget IAM needs a very good preparation (analysis, modeling, inventory, classification, process analysis etc.) From my experience, IIQ is able to respond to complex needs and is far cheaper than Oracle and this allows to invest in added value activities (extra licence). Sorry if this is not a factual response in terms of pros & conts between OIG and IIQ but IIQ is more affordable and from my point of view covers all needed capabilities to build a strong IAM solution.
I think at a high level, both are going to provide the same functions. You'll see the main differences in how one has to implement workflows, UIs, and rules. Where Oracle uses BPML, ADF and OES, respectively, SailPoint is more Java-centric, IMHO. I found OIG's SOD rule definition UI hard to use and some serious limitations in its hierarchal role model. I think SailPoint has surpassed OIG in its extensibility with the framework in its 7.0 release. I would definitely evaluate roadmap if you want to stay on-prem.