Oracle Identity Governance Review

Aligns Well To Business Flow, The Connectors Are Good But It's Costly


What is most valuable?

The best part of Oracle Identity Manager is how well it will align to the business. There are features that are more generally required by business and you can easily get them with Oracle Identity Manager. If you compare it with Azure, with the latter you need to do customization and there are a lot of limitations in each of the tools. The connectors we have for Oracle Identity Manager are good, so you don't need to do custom connectors and all.

How has it helped my organization?

When I joined my project, they had been using a meta directory for identity management and application provisioning. There were around 150,000 active accounts, out of which many were redundant. They had left the organization 10 years ago. They were still active and they were paying for the maintenance of those accounts on a monthly basis. And there was no data clarity. So the moment we on-boarded Oracle Identity Manager, we started data cleansing, and started to do unmanaged account reconciliations.

With the help of support, we were able to reduce the cost of every identity which was active and was not in the organization.

What needs improvement?

One thing is the size of the infrastructure that is required for Oracle to implement. In addition, the maintenance cost and pricing.

With an Oracle implementation, we need to have a high availability of infrastructure where you need a minimum of four servers. Compared to SalePoint or with Microsoft Identity Manager, the infrastructure cost is notably less.

With a project for Oracle Identity Manager, the implementation cost is along the lines of a year. If you have 10 connectors or eight connectors and you have workflows, the implementation cost will usually go from eight months to 12 months, minimum. Whereas if you implement a SAP solution or a product like SalePoint, the implementation cost or time is reduced from 12 months to eight months, or even six months.

For how long have I used the solution?

Six to seven years.

What do I think about the stability of the solution?

Yes. First, the audit engine. They have not advanced their audit engines from where they started. In version 9.1 it was same issue on the JMS Queues. The audit engine was getting in to queues. I had two clients whose audit engine queue was more than a million. They were not able to process those records because the audit engine was taking too much time and the reconciliation and the amount of data which we used to import was huge.

And after getting in to a year of implementation or two years of implementation, UPA tables get to a stage where they are not able to process the records. We start getting timeouts while processing the records and Oracle was not able to troubleshoot the issue.

Second, is the availability. The moment you install Oracle Identity Manager, the biggest problem is system performance. Even if you go with 8GB or 10GB of RAM, eventually after a week or so, you need a restart for it to survive, even in production. You can see logs where things are failing and the server is responding very slowly.

These things happen often with Oracle but when you compare with SIM or SalePoint, you will not see the system usage or system CPU usage to that extent.

What do I think about the scalability of the solution?

I have done implementations up to 150k. We were provisioning 20 connectors. To be very frank, the experience I had was provisioning and reconciliation was on the scheduler.

Nowadays, if you compare scalability with cloud-based solutions, where you can implement Oracle in a SAP solution, you can extend the scalability. It is auto scalable. But if you need to extend to one or more server, it's not possible. It's not easy in any client-based environment. Scalability is something which is not possible in Oracle or as simple as any SAP solution at the moment.

So there are pros and cons of cloud-based solutions. For cloud-based solutions, you can extend to where there is no issue on the performance. But the limitation is you can't customize everything based on the client's requirements. With Oracle, that was the advantage, but the scalability was still a concern. Until last year it was a concern.

How is customer service and technical support?

There is the team which handles the incident. And any major issue goes to a second level and then there is an AT which comes into the picture when there is a major issue and your client has a platinum partnership with Oracle. So, in scenarios where you are getting involved with the level-one team or level-two team, they come up with bookish knowledge and they will ask you questions. For instance, for small issues they will ask with you thousands of parameters in your web logic or in your OIM or in your database. And eventually when things are not getting resolved, then we move it to level-two and then AT. And that is when you actually should get results.

One of my client's audit issues was happening from almost nine months. And my previous client was the biggest client for Oracle, a premium client for Oracle, but still they were not able to resolve the issue.

Which solutions did we use previously?

I have only worked on Oracle. For the last year I have not been getting any clients who are ready to implement Oracle. So, that's the challenge for me. That's why I moved from Oracle to other solutions.

How was the initial setup?

Initial setup was very complex when compared to others. Oracle is way more complex than any other implementation. SalePoint and Microsoft Identity Manager are simpler.

What's my experience with pricing, setup cost, and licensing?

If I rate the cost, Oracle is the costliest at the moment. And there is no competition around Oracle and other tools. Oracle is somewhere in millions while a product like SalePoint is much less. So, I am not sure how to rate it. From a service provider perspective, or custom integration perspective, clients are proposing Oracle. So, if I propose Oracle, the only friction I get is the cost. It's too much for the client. Any small client will not be happy to use Oracle at the moment.

Which other solutions did I evaluate?

If I had to pick an identity management team, I would definitely pick Oracle. It's my favorite. From an implementation point of view, being a developer, I still prefer Oracle over anything else. But if I look at the market and see where things are going, I would go with SalePoint at the moment. SalePoint, or if you have any SAP solutions, I would go with Okta.

What other advice do I have?

Nowadays, what people do is they look for queries, they look for solutions on the internet and they implement them. That will take more time implementing because they don't understand what they are doing. They need to understand the tool before they implement any solution. This is something I tell my juniors as well who work under me. You can't just bypass the basics and get the solution and implement it.

So, if you talk about implementation aligned to the business, Oracle is best. The only tool which I can compare with Oracle at the moment is SalePoint. Other than that, there is no tool which can compete with Oracle from a business implementation standpoint, where it is aligned to the work flows, the customization, which we can do in Oracle.

Regarding performance, I have used SalePoint and it is better than Oracle. And infrastructure cost, which is aligned to the Oracle suite. There are so many things which you need to do on an Oracle implementation, whereas SalePoint is just a small plug-in which you can implement anywhere.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email