What is most valuable?
The following is a list of features that I have observed being used by my client that I have implemented:
1. User identity provisioning & lifecycle management
2. User Identity Profile/Attribute management
3. Self-Service Tool for end-user access request & password change
4. Role and Entitlement provisioning in target application/s
5. Auto de-provisioning of user identities
6. Audit capabilities & Report generation
How has it helped my organization?
I have seen an organization benefit through the automation of mundane repeat tasks related to setting up user identities, and managing user access as per a defined role. One of the key business driving factors for OIM implementation has been SOX compliance. End User Self-Service like password reset and access request is another feature that helps to reduce helpdesk calls.
What needs improvement?
The underlying architecture of the product is quite complex and hard to maintain and troubleshoot. Self-Service capabilities are quite limited, and the out-of-box capabilities are limited and customizations are quite complex.
For how long have I used the solution?
I’ve been using it for four years.
What was my experience with deployment of the solution?
Releases prior to 11gR2 PS2 were hard to deploy due to lot of shipped bugs. Every implementation was like dealing with an endless series of patches.
What do I think about the stability of the solution?
Once you get it working right, it turns out to be quite stable. 11gR2 PS2 can be considered as the first bug free stable release.
What do I think about the scalability of the solution?
Scalability has never been an issue.
How are customer service and technical support?
Technical support is horrible. It is faster to find the resolution ourselves than rely on support. Product team engagement has been helpful but it’s hard to get direct access to the product team resources. They are good at responding as per SLA without issue resolution.
Which solution did I use previously and why did I switch?
I have worked with Microsoft FIM and SailPoint IQ as well. This was not by choice but the client environment was a multiple identity management platform. Silo based deployment had resulted in a solution that meant that there were multiple identity management solutions supporting the company’s global needs.
How was the initial setup?
It was complex, primarily due to dependencies on various underlying technologies like Java, WebLogic, SOA, Database, and BI for reporting etc. Version compatibility was critical and any mismatch could lead to partially functional implementation. Things got better with 11gR2 PS2.
What about the implementation team?
I was part of vendor team responsible for implementing the solution.
What other advice do I have?
One thing for sure, is that it is the most comprehensive solution out there in the market. During the preliminary stages when the concept of Identity Management was not well defined, every vendor came up with a product offering solution for very specific use cases. Now, the offerings are quite mature but they still have trace and limitations bound to their origins. If you are looking for a simple, and quick, tool to get started with, there are many options out there in the market but then there are limitations that require customization or creating features from scratch.