The following is a list of features that I have observed being used by my client that I have implemented:
1. User identity provisioning & lifecycle management
2. User Identity Profile/Attribute management
3. Self-Service Tool for end-user access request & password change
4. Role and Entitlement provisioning in target application/s
5. Auto de-provisioning of user identities
6. Audit capabilities & Report generation
Improvements to My Organization
I have seen an organization benefit through the automation of mundane repeat tasks related to setting up user identities, and managing user access as per a defined role. One of the key business driving factors for OIM implementation has been SOX compliance. End User Self-Service like password reset and access request is another feature that helps to reduce helpdesk calls.
Room for Improvement
The underlying architecture of the product is quite complex and hard to maintain and troubleshoot. Self-Service capabilities are quite limited, and the out-of-box capabilities are limited and customizations are quite complex.
Use of Solution
I’ve been using it for four years.
Releases prior to 11gR2 PS2 were hard to deploy due to lot of shipped bugs. Every implementation was like dealing with an endless series of patches.
Once you get it working right, it turns out to be quite stable. 11gR2 PS2 can be considered as the first bug free stable release.
Scalability has never been an issue.
Customer Service and Technical Support
Technical support is horrible. It is faster to find the resolution ourselves than rely on support. Product team engagement has been helpful but it’s hard to get direct access to the product team resources. They are good at responding as per SLA without issue resolution.
I have worked with Microsoft FIM and SailPoint IQ as well. This was not by choice but the client environment was a multiple identity management platform. Silo based deployment had resulted in a solution that meant that there were multiple identity management solutions supporting the company’s global needs.
It was complex, primarily due to dependencies on various underlying technologies like Java, WebLogic, SOA, Database, and BI for reporting etc. Version compatibility was critical and any mismatch could lead to partially functional implementation. Things got better with 11gR2 PS2.
I was part of vendor team responsible for implementing the solution.
One thing for sure, is that it is the most comprehensive solution out there in the market. During the preliminary stages when the concept of Identity Management was not well defined, every vendor came up with a product offering solution for very specific use cases. Now, the offerings are quite mature but they still have trace and limitations bound to their origins. If you are looking for a simple, and quick, tool to get started with, there are many options out there in the market but then there are limitations that require customization or creating features from scratch.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jul 17 2016