The product must improve multi-factor authentication. Multi-factor authentication requires a lot of processes and technicalities. It also involves a lot of costs.

The solution's lifecycle management is troublesome. Also, another area of issue in the solution is the part involving documentation of certain features. So, there are a lot of undocumented features in the solution or badly documented features, which are built-in into the solution later for special use cases.

The base configuration of the solution is not very complex, especially once a person knows how to do it. But then, if one wants special options, they are poorly documented.

Sometimes if a session takes too long, you have to log in again. Instead of it giving you an explicit error or an explicit message that the session was expired, you need to log in again. It takes you to a certain empty page where you see the Access Manager. It does not give you help. It would be ideal if they could prompt a more user-friendly message so that someone knows that they have timed out in the session if it was idle. That is the main area out for improvement. The rest is fine.

It has a complex setup.

The user interface could be a bit better. 

The performance of Oracle Access Manager could be improved.

My company had some issues accessing it in terms of setup and configuration. It should be quick to install, but it wasn't, so this is another area for improvement.

The Oracle Access Manager console also has room for improvement because it's slow, so configuration and user management takes a lot of time. Configuring policies and blocking and unblocking URLs take time, so the user experience for Oracle Access Manager isn't as great.

The mobile access to the solution isn't ideal. They should work to improve its functionality.

In the next release, they should focus more on use cases related to customer access management, customer identity, and access management.

It needs to be simpler to install and simpler to maintain. There's lots of little pieces and moving parts, it seems. For a smaller shop like us, it's not an easy thing to move into.

The JDK version that use is too old (JDK 6), some of RuntimeExceptions are relative to OSGi and Oracle dont provide information about it.

I think two aspects of this product can be improved. The first is that the product overly complex to install and configure. The second is the reliability of the product. It was not very stable and dependable during the period of our experience with it. We definitely had some problems with the stability of the product.  

Specifically, I remember we had some performance problems due to coherence issues and also problems related to the database. It seems that Oracle Access Manager makes use of a database to store configurations and the session information. In practice, this did not work very well and was resource-intensive. I don't remember exactly everything about the situation right now, but the resources were not being used well and that was the main issue with the product performance and lack of stability.  

It is difficult to consider the potential for additional features the product might need because the product already has all the features that we needed to fulfill our customer's requirements for the product. So we do not actually need any additional features in particular in order to satisfy our use case. There is the possibility that there could be an addition of some type of risk analysis or adaptive authentication based on risk analysis. But if I'm not mistaken, Oracle already has a separate solution called Oracle Adaptive Access Manager that provides this functionality. It is a feature in another product that is a separate solution — which also means a separate licensing cost. Maybe that is already how they want to pose this as a solution: you install the Oracle Adaptive Manager as a separate product and you integrate both of them. It is just adding another level of complexity and cost.  

I have not used Oracle Adaptive Access Manager, so I cannot say much about it. But risk analysis is a trending topic in web access management products these days.  

It's difficult to say how this solution can be improved since I have been using it for one month. Maybe the user interface needs improvement. However, it's easy to navigate and the process is clearly shown, I don't see much that needs improvement.

The product could be improved by simplifying changing the master password. That is, if you change a password in one place it would be good to automate changing the password for all the gateways so that change is less complicated.

There could be some improvements in the documentation and overall knowledge base of the solution.

The initial implementation can definitely be improved because you have to work on several components to configure it correctly. Nowadays, most of the solutions are a few clicks before they are installed and then configured.

Technical support needs improvement, they could be 200% better. The reason that most people are having problems is because of the support they provide.

It's very difficult to engage with them or to get the answers to your queries. The turnaround time is very slow. It needs to be faster.

In the next release, I would like to see the integration with non-Microsoft products as well. 

It takes a lot of time to integrate it with non-Oracle products. 

If you have an Oracle ecosystem then you can integrate it, but if it is Microsoft SQL or any other databases that are being used then it is not interoperable. It works but it takes time.

I would like to see if they can easily integrate with other technologies.

The ADF UI is clunky, IMO
The session URL redirects have to be accounted for network-wise. Default is client talking to OAM Server (PDP) in middle tier, which is not realistic. Need separate load balancer/VIP just for this.
Identity propagation to backend apps still immature, IMO. Still relying on headers without any kind of callbacks or 2-way verification, even with Oracle apps.

The pricing of the solution is in need of improvement. Oracle products are very expensive. 

The customization is good, but it could be better still.

The documentation needs to be improved. It should offer much more detail than what is currently available.