We performed a comparison between Oracle Identity Governance and SailPoint IdentityIQ based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Omada's onboarding features reflect our processes for onboarding new employees well. That is the primary reason we use this solution. We use role-based access control. I'm not sure how much it has improved our security posture, but it's made managing identities more convenient."
"The benefits of Omada Identity include a holistic way of viewing access, the ability to give people access, and automation."
"The support for the validity of the resources is valuable. The tool allows resource assignments within a validity period so that the managers do not have to remember to revoke the access once the work is done."
"Omada offers a technical solution that addresses both our needs."
"For me, the best feature of Omada Identity is its web interface because it's really easy for users to understand."
"The most valuable feature for us is the ability to set up connectors to various IT systems and offer a wide range of supported connectors."
"What I like most is that we can always find a solution, and we can also find the cause when something goes wrong. I like that the most because everything is in one way or another traceable. That is what I like most. I like its reliability."
"Surveying is a valuable feature because it allows us to import data and see who has access to what data, for example."
"The most valuable features in Oracle Identity Governance are identity and access management."
"The most valuable feature is the flexible automation functionality which has optimized our user access privilege management. This has allowed us to create and delete user accounts more accurately and efficiently. This feature has enabled us to save time and resources needed to perform mundane manual tasks."
"Understanding what a customer is using, what they are looking for, and allowing permissions is a challenge. We use the information we get in order to understand the behavior of the customer beyond the security and to understand what they have been doing in the last month. It's a nice way to understand what is attracting the customer and what they are clicking. That could be implemented by using this kind of application."
"Identifying connector framework for unifying provisioning capabilities from OIM."
"OIM in my organization has improved its use and dependability, allowing us to pass audit each time."
"It's a stable and scalable solution."
"The support service of Oracle is good. We use it a lot and their response is quick."
"This solution has improved the organization in several ways, including saving many help-desk password-reset calls, IT staff productivity, and quicker user on-boarding."
"The solution is stable and reliable."
"A feature of SailPoint IdentityIQ that I like best is that it has good integration with other platforms. My company is using ADP here in Brazil, and SailPoint IdentityIQ works very, very well with it. My company is also using the solution for governance evaluation, segregation, and other access tests. For my company, SailPoint IdentityIQ is a very important solution, especially because it's automated, and there's a huge audit and risk issue here in Brazil."
"SailPoint IdentityIQ has more enriched out-of-box connectors than the others."
"User provisioning and the role management features are good."
"The big one now is that they're adding AI and machine learning to figure out automated approvals and make recommendations to their reviewers. So, if I bring up Doug McPherson and it says he has access to this application, the system will make a review based on peer group analysis. That's one of the biggest new things. The problem used to be that people would get everything loaded on, and they created too much work for themselves. Now, they can use these policies and start to let the machine pick the less risky things."
"Provisioning in multiple environments."
"Great product to manage the access control of users."
"This solution has improved our organization through its ease of application onboarding, approvals, provisioning, and lifecycle UI performance."
"One thing that we are not so happy about is the user interface. It is a bit dated. I know that they are working on that, but the user interface is quite dated. Currently, it is a little bit difficult to customize the user interface to the need of the business, which is a little bit disappointing. It needs it to be a little bit easier to operate, and it should have a better user interface."
"If you find an error and you need it fixed, you have to upgrade. It's not like they say, "Okay, we'll fix this problem for you." You have to upgrade. The last time we upgraded, because there was an error in a previous version, we had to pay 150,000 Danish Krone (about $24,000 at the time of this review) to upgrade our systems... That means that we have to pay to get errors fixed that Omada has made in programming the system. I hope they change this way of looking at things."
"We are trying to use Omada's standards and to adapt our processes. But we have had some trouble with the bad documentation. This is something that they could improve on. It has not been possible for us to analyze some of the problems so far, based on the documentation. We always need consultants. The documentation should include some implementation hints and some guidelines for implementing the processes."
"Omada could make it a bit more convenient to send emails based on events automatically. Having that functionality is critical for us to maintain transparency."
"I would like to search on date fields, which is not possible now."
"We are still on Omada on-prem, but I understand that when Omada is in the cloud, you cannot send an attachment via email. We have some emails with attachments for new employees because we have to explain to them how to register and do their multi-factor authentication. All that information is in the attachment. People have to do that before they are in our system. We cannot give them a link to our Intranet and SharePoint because they do not yet have access. They have to register before that, so I need to send the attachments, but this functionality is not there in the cloud."
"Its flexibility is both a good thing and a bad thing. Because it is very flexible, it also becomes too complex. This is common for most of the products we evaluated. Its scalability should be better. It had a few scalability issues."
"When you do a recalculation of an identity, it's hard to understand what was incorrect before you started the recalculation, and which values are actually updated... all you see are all the new fields that are provisioned, instead of seeing only the fields that are changed."
"One of the areas that need some improvement with Oracle specifically is the ease of implementation."
"The solution should be easy to implement with components combined in one file and built-in features to integrate target applications without having to install additional connectors."
"You need full visibility because the suite of features are complex and you have to be clear on what you want to implement."
"The product design has some complications for doing some use cases. I would like to see easier onboarding of applications and easier ways to plugin the customization codes."
"It responds fast but because of the bugs we have already had some major incidents and complete unavailability."
"The platform could be enhanced with additional features."
"The cost of this product needs to be reduced."
"It's a complex solution, so it will take time in terms of deployment."
"The interface should be simple and easier to use."
"The cost can be prohibitive for middle-tier companies."
"We faced some issues while integrating the solution with a third-party tool."
"It allowed to implement the automated processes when a new employee is hired. It allows to have a main central process for new hires."
"Finding integration experts for SailPoint in the North American market can be challenging, and transitioning to a no-code or low-code setup could reduce dependence on specialized skills."
"The price of IdentityIQ could be lower. There are additional costs when you buy the licenses, and they force the customers to pay for them."
"The user interface could be slightly improved. It could be made simpler and more user-friendly, however, it is good enough right now."
"It is not readily available and cannot be downloaded from the net."
Oracle Identity Governance is ranked 4th in User Provisioning Software with 66 reviews while SailPoint IdentityIQ is ranked 1st in User Provisioning Software with 61 reviews. Oracle Identity Governance is rated 7.4, while SailPoint IdentityIQ is rated 8.2. The top reviewer of Oracle Identity Governance writes "A scalable solution designed to meet the requirements of medium and large-sized companies". On the other hand, the top reviewer of SailPoint IdentityIQ writes "Flexible, easy to customize, and not too difficult to set up". Oracle Identity Governance is most compared with One Identity Manager, CyberArk Privileged Access Manager, Saviynt, Microsoft Identity Manager and ForgeRock, whereas SailPoint IdentityIQ is most compared with Saviynt, One Identity Manager, Microsoft Entra ID, ForgeRock and NetIQ Identity Manager. See our Oracle Identity Governance vs. SailPoint IdentityIQ report.
See our list of best User Provisioning Software vendors and best Identity Management (IM) vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Here follow my inputs about your questions concerning SailPoint IQ and Oracle.
WHERE DOES IT COMES FROM?
1. As representatives of SailPoint told me in 2008, SailPoint IQ was designed in 2005 by reusing the functional and technical requirements of SocGen Corporate Investment Banking (I participated to the initial design in 2004 in Paris… we live in a small world).
2. Oracle Identity Governance was formerly RBAC X purchased by Sun Microsystems then selected as the Identity Analytics components by Oracle.
WHAT ARE THE FOUNDATIONS OF THAT?
Both solutions are based on the Role Based Access Control model (RBAC) consisting of telling who occupies some business roles to be granted more or less consistent list of authorizations.
This is a model of the second generation while the NIST envisioned up to 6 generations in 2009! So… it’s a pretty old model.
IF ONE ORGANIZATION SUCCEEDS TO MAKE IT WITH RBAC
If one succeeds to implement this model, then it is possible to tell:
1. Who should have access to what by occupying a role that has to be mined with a half automated process that is pretty laboring and expensive,
2. Who has ‘’out role’’ entitlements to be terminated. Reviews of entitlements can be focused on ‘’Out roles’’ and even if they don’t understand the descriptions of authorizations, managers can take a decision.
HEAVY PREREQUISITES TO MAKE IT
LABOR, TIME AND CASH BECAUSE OF HEAVY PREREQUISITES
If one large organization is willing to satisfy the core prerequisite of these 2 solutions, it is necessary:
1. to spend 30 to 60 minutes for each department of an organization to mine User Roles and to associate a list of authorizations that are impossible to understand by any business analyst,
2. then spend about an hour with each manager to validate the roles and associated entitlements (impossible to understand by managers as well),
3. last but not least, implement the roles and lists of entitlements.
REAL USE CASE IN THE USA
Large organizations are totally unable to implement such an approach for following reasons:
1. ..X for example used SailPoint IQ and mined 1.500 roles instead of estimated 15.000 (low estimation),
2. ..X was unable to validate roles because managers could not understand labels of authorizations such as: ZZX00152, ZX215521, zz_top_group_senior,…
3. it would have been:
a. too long to make it for 126.000 employees / 10 team members in average = 12.600 work units located in about 100 countries * 30 minutes in average = 787 man days without vacations, travels, coordination!
b. too expensive:
i. 1 role analyst * 30 minutes in average * 80$ per hour * 12.600 units = 504.000$ for role mining only
ii. 1 role analyst + 1 manager * 220$ per hour * 12.600 units = 2.772 K$ for role validation
iii. Implementation of roles into IAM solution such as Oracle Identity Manager or IBM SIM is a technical thing that costs more…
IF ONE ORGANIZATION CANNOT MAKE IT BECAUSE MANAGERS DON’T UNDERSTAND WHAT MEANS ‘’ZX023455``
SailPoint and Oracle have nice features to add translations to entitlements.
The thing is that where you have several ten thousand labels to translate…
* it takes time and lots of $ before to deliver.
* People around a table will take time to come to a shared understanding (if they are very motivated)
IF ONE ORGANIZATION CANNOT MAKE IT BECAUSE IT’S IMPOSSIBLE TO TRANSLATE ‘’ZX023455``
* SailPoint proposes to use Risk Based approach and to add Risk Criteria to several ten thousands labels… (sic) to be considered from a Risk Standpoint…
* Oracle proposes to use indicators and requests and to let managers think about a decision to be taken thanks to dashboards and reports. Some kind of Business Intelligence.
WHAT IS THE OPTION?
1. ...X came to the conclusion that it was not possible to make it with SailPoint IQ alone. A custom algorithm is necessary to enhance SailPoint capabilities.
2. The Gartner Group exposed the issue for the last 3 years. Advanced analytics and Self Learning systems will make it.
3. We, at EasyPatternZ:
a. are the first to make it with Artificial Intelligence.
b. take about 5 seconds per work unit in average to deliver the answer to the question ‘’Who has access to what, why, whatever the circumstances’’ better and faster than any leader.
c. made it 3 times since 2013. The Federal Government of Canada will qualify it between April and July this year with 23.000 employees.
d. Are watched by USCIS.
My experience in IAM is with HPE Aruba ClearPass & Cisco ISE. A couple of other competing products, such as the ForeScout and Auconet products that were evaluated at a high level, but didn’t progress further.
I’m not at all familiar with Sailpoint IdentityIQ and Oracle Identity Governance and couldn’t provide any meaningful insight into either of them.
I am not an SC so my response is very salesy :).
Sailpiont is more of a next gen solution in the IAM space.
If an organization was a huge Oracle shop I would have them consider Oracle – if not I would be heading to Sailpoint.
*Sailpoint is as robust but does not have the legacy issues that Oracle has to deal with which makes it easier to implement/operate
Sailpoint will also be lower in price.
Basically the question is 'what will you achive ?'. I agree with the comment above, Oracle is known to have a high TCO due to complexity. The fact is also that Oracle claims to ease the end-user experience but this mean a mandatory extensive preparation in order to provide users with accurate and in context information. Sailpoint IIQ is probably easier to implement and indeed is efficient in respect of RBAC and ABAC or preferably some kind of hybrid modeling. Don't forget IAM needs a very good preparation (analysis, modeling, inventory, classification, process analysis etc.) From my experience, IIQ is able to respond to complex needs and is far cheaper than Oracle and this allows to invest in added value activities (extra licence). Sorry if this is not a factual response in terms of pros & conts between OIG and IIQ but IIQ is more affordable and from my point of view covers all needed capabilities to build a strong IAM solution.
I think at a high level, both are going to provide the same functions. You'll see the main differences in how one has to implement workflows, UIs, and rules. Where Oracle uses BPML, ADF and OES, respectively, SailPoint is more Java-centric, IMHO. I found OIG's SOD rule definition UI hard to use and some serious limitations in its hierarchal role model. I think SailPoint has surpassed OIG in its extensibility with the framework in its 7.0 release. I would definitely evaluate roadmap if you want to stay on-prem.