We performed a comparison between Oracle Identity Governance and SailPoint IdentityIQ based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When we started with identity and access management, we cleaned up and skipped 500 accounts. Therefore, there are a lot of people who are still in our system. Using this tool, we have cleaned up a lot of accounts for ourselves as well as our partners and suppliers. So, we can manage everything now."
"You can make resources. You can import them from Azure or Active Directory and put them in an application. For example, if there is an application that uses a lot of Active Directory groups, you can make the groups available for people. If they need to access that application, you can tell them the resource groups you have for that application. People can do everything by themselves. They do not need anybody else. They can just go to the Omada portal, and they can do it all by themselves. That is terrific."
"It has a lot of out-of-the-box features. It is flexible, and there are a lot of possibilities to configure and extend it. It is user-friendly. It has an interface that is end-user or business-user friendly."
"Omada's best feature is creating accounts, automatically assigning permissions, and distributing resources based on assignment policies."
"We are able to onboard new user accounts much faster by automating the process and standardizing our operations globally. Previously, there were many individual processes and manual admin interactions. We also see a lot of cost savings and benefits because through automation and standardization."
"The Governance and self-service that can be set up so you can use them yourself to work in the system are the most valuable features. End users can be enabled to help themselves."
"The most valuable aspect of the product is that it is Microsoft-based and it supports all Microsoft technology."
"The best feature in Omada Identity is that it enables us to implement standardized employee life cycle processes so that we don't have to create them ourselves. We can then use the standard workflows. The breadth and scope of the solution’s IGA features also fulfill our requirements."
"It's a stable and scalable solution."
"Its most valuable feature is its scalability."
"OIM in my organization has improved its use and dependability, allowing us to pass audit each time."
"The most valuable feature is the user manager certification that approves or removes user access."
"Identifying connector framework for unifying provisioning capabilities from OIM."
"It has a very good response time."
"Scalability-wise, I rate this solution a nine out of ten. Oracle Identity Governance is a scalable solution, without a doubt."
"I have found the OIM Connector framework, based on ICF, to be the most valuable feature."
"Deployment takes a bit of time, however, once it's done properly, everything becomes very organized and easy to use."
"We like the integration with other systems."
"IdentityIQ's best features are the hassle-free user experience and security."
"One of the most valuable aspects of SailPoint is its open integration interface."
"I find the built-in connectors, lifecycle management, certification, and recertification features to be the most valuable."
"The most powerful feature of the solution is its platform-based approach. Unlike other solutions, this tool offers a high level of customization. It is an open and flexible platform, allowing users to tailor it to their needs. This ability to customize and adapt the solution to individual requirements makes the solution stand out as a powerful product."
"It provides a lot of out-of-the-box functionalities. You don't have to do too much custom development like other solutions such as Microsoft or NetIQ. It also has a lot of out-of-the-box connectors for different sources, directories, databases, etc. Its cloud version is working very well, and its pricing is okay. Its value for money is fine for most of the customers. It is also very flexible. They have frequent new releases and patches for fixing errors and things like that."
"The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure."
"I am not working with the product, but they have this BI tool for role-based mining, and I think that should be included in the core product rather than an add-on."
"The UI design needs improvement. One or two years ago, Omada changed its user interface to simplify, but the simplification has not really kicked in."
"There's a challenge with handling large amounts of data in this system."
"In our organization, all the data is event-driven, which means that if an attribute is changed in the source system, it can be updated within a few seconds in all end-user systems. There is room for improvement in Omada regarding that. Omada is still batch-based for some processes, so sometimes it can take an hour or even four hours before the execution is run and the update is sent."
"Omada's performance could be better because we had some latency issues. Still, it's difficult to say how much of that is due to Omada versus the resources used by our other vendors in our on-prem environment. Considering the resources we have invested into making it run well, it's slightly slower than we would expect."
"If you're running Omada on a cloud service, you may have some issues deploying the newest release. Sometimes, the latest release doesn't adapt to the processes we have already installed. Identity Access Management is a critical system for our organization, and we need to ensure that everyone has the same access as they did before the release."
"Omada could make it a bit more convenient to send emails based on events automatically. Having that functionality is critical for us to maintain transparency."
"The architecture of the entire system should also be less complex. The way they process the data is complex."
"One of the areas that need some improvement with Oracle specifically is the ease of implementation."
"They need to improve their backup strategy."
"The development and the administration side could be a lot more intuitive and easier to use than it currently is, in terms of functionality and what it tries to achieve as a Single Sign-On entity for an enterprise environment."
"The user interface experience needs to be improved."
"I have yet to see its full functionality exercised in my organization."
"The solution should be easy to implement with components combined in one file and built-in features to integrate target applications without having to install additional connectors."
"t is too complex, has too many bugs, and is an immature product, even the best case, beta version."
"Simplify & add more functionality to Identity Cloud Service (IDCS)."
"We faced some issues while integrating the solution with a third-party tool."
"They can work on their strategy for the on-premise version. They have to decide whether and for how long they will support the on-premise version. The new features first appear in the cloud, and after that, they are released for the on-premise version. In the cloud, you have more options and flexibility, which is absolutely normal. They have to have a clear strategy regarding whether they'll support the on-premises version with the same focus. The licensing for on-premise and cloud is a little bit different. They can make it the same."
"In the past, we had a lot of problems with SailPoint IdentityIQ, particularly in providing access and provisioning. There were some gaps in the operation of the solution because they were manual rather than automated, and the users and administrators were given access directly via Active Directory, and it wasn't appropriate for us at the time to use. In terms of integration, we could provide a more automated solution after a minimum number of years, but not in the SailPoint IdentityIQ platform, but there were problems in the registration, for example, with putting information inside ADP, but in general, we were able to solve those problems, and after implementing SailPoint IdentityIQ we had increased evaluations."
"The UI is complex."
"They should lower the price and technical support should be better."
"There is a need for further enhancements, specifically in the multifactor authentication capabilities."
"It is too technical. You need really good technical skills in Java and other technologies, which are hard to find. If they can make it easier so that things can be done with a few clicks, it will be great."
"One needs to understand that SailPoint is into full-fledged IAM practice with a long-term vision, and customers will get a quick ROI with best practices implementation."
Oracle Identity Governance is ranked 4th in User Provisioning Software with 66 reviews while SailPoint IdentityIQ is ranked 1st in User Provisioning Software with 61 reviews. Oracle Identity Governance is rated 7.4, while SailPoint IdentityIQ is rated 8.2. The top reviewer of Oracle Identity Governance writes "A scalable solution designed to meet the requirements of medium and large-sized companies". On the other hand, the top reviewer of SailPoint IdentityIQ writes "Flexible, easy to customize, and not too difficult to set up". Oracle Identity Governance is most compared with One Identity Manager, CyberArk Privileged Access Manager, Saviynt, Microsoft Identity Manager and ForgeRock, whereas SailPoint IdentityIQ is most compared with Saviynt, One Identity Manager, Microsoft Entra ID, ForgeRock and NetIQ Identity Manager. See our Oracle Identity Governance vs. SailPoint IdentityIQ report.
See our list of best User Provisioning Software vendors and best Identity Management (IM) vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Here follow my inputs about your questions concerning SailPoint IQ and Oracle.
WHERE DOES IT COMES FROM?
1. As representatives of SailPoint told me in 2008, SailPoint IQ was designed in 2005 by reusing the functional and technical requirements of SocGen Corporate Investment Banking (I participated to the initial design in 2004 in Paris… we live in a small world).
2. Oracle Identity Governance was formerly RBAC X purchased by Sun Microsystems then selected as the Identity Analytics components by Oracle.
WHAT ARE THE FOUNDATIONS OF THAT?
Both solutions are based on the Role Based Access Control model (RBAC) consisting of telling who occupies some business roles to be granted more or less consistent list of authorizations.
This is a model of the second generation while the NIST envisioned up to 6 generations in 2009! So… it’s a pretty old model.
IF ONE ORGANIZATION SUCCEEDS TO MAKE IT WITH RBAC
If one succeeds to implement this model, then it is possible to tell:
1. Who should have access to what by occupying a role that has to be mined with a half automated process that is pretty laboring and expensive,
2. Who has ‘’out role’’ entitlements to be terminated. Reviews of entitlements can be focused on ‘’Out roles’’ and even if they don’t understand the descriptions of authorizations, managers can take a decision.
HEAVY PREREQUISITES TO MAKE IT
LABOR, TIME AND CASH BECAUSE OF HEAVY PREREQUISITES
If one large organization is willing to satisfy the core prerequisite of these 2 solutions, it is necessary:
1. to spend 30 to 60 minutes for each department of an organization to mine User Roles and to associate a list of authorizations that are impossible to understand by any business analyst,
2. then spend about an hour with each manager to validate the roles and associated entitlements (impossible to understand by managers as well),
3. last but not least, implement the roles and lists of entitlements.
REAL USE CASE IN THE USA
Large organizations are totally unable to implement such an approach for following reasons:
1. ..X for example used SailPoint IQ and mined 1.500 roles instead of estimated 15.000 (low estimation),
2. ..X was unable to validate roles because managers could not understand labels of authorizations such as: ZZX00152, ZX215521, zz_top_group_senior,…
3. it would have been:
a. too long to make it for 126.000 employees / 10 team members in average = 12.600 work units located in about 100 countries * 30 minutes in average = 787 man days without vacations, travels, coordination!
b. too expensive:
i. 1 role analyst * 30 minutes in average * 80$ per hour * 12.600 units = 504.000$ for role mining only
ii. 1 role analyst + 1 manager * 220$ per hour * 12.600 units = 2.772 K$ for role validation
iii. Implementation of roles into IAM solution such as Oracle Identity Manager or IBM SIM is a technical thing that costs more…
IF ONE ORGANIZATION CANNOT MAKE IT BECAUSE MANAGERS DON’T UNDERSTAND WHAT MEANS ‘’ZX023455``
SailPoint and Oracle have nice features to add translations to entitlements.
The thing is that where you have several ten thousand labels to translate…
* it takes time and lots of $ before to deliver.
* People around a table will take time to come to a shared understanding (if they are very motivated)
IF ONE ORGANIZATION CANNOT MAKE IT BECAUSE IT’S IMPOSSIBLE TO TRANSLATE ‘’ZX023455``
* SailPoint proposes to use Risk Based approach and to add Risk Criteria to several ten thousands labels… (sic) to be considered from a Risk Standpoint…
* Oracle proposes to use indicators and requests and to let managers think about a decision to be taken thanks to dashboards and reports. Some kind of Business Intelligence.
WHAT IS THE OPTION?
1. ...X came to the conclusion that it was not possible to make it with SailPoint IQ alone. A custom algorithm is necessary to enhance SailPoint capabilities.
2. The Gartner Group exposed the issue for the last 3 years. Advanced analytics and Self Learning systems will make it.
3. We, at EasyPatternZ:
a. are the first to make it with Artificial Intelligence.
b. take about 5 seconds per work unit in average to deliver the answer to the question ‘’Who has access to what, why, whatever the circumstances’’ better and faster than any leader.
c. made it 3 times since 2013. The Federal Government of Canada will qualify it between April and July this year with 23.000 employees.
d. Are watched by USCIS.
My experience in IAM is with HPE Aruba ClearPass & Cisco ISE. A couple of other competing products, such as the ForeScout and Auconet products that were evaluated at a high level, but didn’t progress further.
I’m not at all familiar with Sailpoint IdentityIQ and Oracle Identity Governance and couldn’t provide any meaningful insight into either of them.
I am not an SC so my response is very salesy :).
Sailpiont is more of a next gen solution in the IAM space.
If an organization was a huge Oracle shop I would have them consider Oracle – if not I would be heading to Sailpoint.
*Sailpoint is as robust but does not have the legacy issues that Oracle has to deal with which makes it easier to implement/operate
Sailpoint will also be lower in price.
Basically the question is 'what will you achive ?'. I agree with the comment above, Oracle is known to have a high TCO due to complexity. The fact is also that Oracle claims to ease the end-user experience but this mean a mandatory extensive preparation in order to provide users with accurate and in context information. Sailpoint IIQ is probably easier to implement and indeed is efficient in respect of RBAC and ABAC or preferably some kind of hybrid modeling. Don't forget IAM needs a very good preparation (analysis, modeling, inventory, classification, process analysis etc.) From my experience, IIQ is able to respond to complex needs and is far cheaper than Oracle and this allows to invest in added value activities (extra licence). Sorry if this is not a factual response in terms of pros & conts between OIG and IIQ but IIQ is more affordable and from my point of view covers all needed capabilities to build a strong IAM solution.
I think at a high level, both are going to provide the same functions. You'll see the main differences in how one has to implement workflows, UIs, and rules. Where Oracle uses BPML, ADF and OES, respectively, SailPoint is more Java-centric, IMHO. I found OIG's SOD rule definition UI hard to use and some serious limitations in its hierarchal role model. I think SailPoint has surpassed OIG in its extensibility with the framework in its 7.0 release. I would definitely evaluate roadmap if you want to stay on-prem.