Rich authorization engine for delegated admin
Robust workflow capability with BPML engine
Extensive connector support
Diagnostics are pretty good
Rich authorization engine for delegated admin
Robust workflow capability with BPML engine
Extensive connector support
Diagnostics are pretty good
Used it for external user registration, password & profile management
Attempted to model a hierarchical role model but the OIM Access Policies, which map roles to entitlements, don't provision entitlements from inherited roles. This is a flawed design, IMO, limiting you to a flat role model.
A lot of Dependencies - Oracle database, WebLogic, SOA
A lot of things still have to be done in Design Console, which still has a 90's UI.
No REST interface for Identity as a Service that I'm aware of
Doesn't hide its complexity
Expensive
Weak support team
Built on, and relies on ADF for extensibility
3+ years
Poor
Technical Support:Hit and miss
If you're anticipating a lot of growth, you may be able to keep costs more predictable with CPU-based licensing.
Classic enterprise provisioning system provides self-service, resource attestation, password synch, delegated admin. My use is for external user registration system into OID for target system.