What users love (and hate) about 4 leading identity management tools

open gate access

Four of the top identity management products on the market are Oracle Identity Manager, CA Identity Manager, IBM Tivoli Identity Manager, and SailPoint IdentityIQ, according to online reviews by enterprise users in the IT Central Station community.

But what do enterprise users really think about these tools? Here, users give a shout out for some of their favorite features, but also give the vendors a little tough love.

Oracle Identity Manager

Valuable Features:

"The most valuable features are the attestation of identities and the robust set of identity analytics." - Mike R., Lead Solutions Architect at a media company with 1000+ employees
"I feel the Provisioning and Reconciliation Engine as well as the Adapter Factory are the most valuable, apart from the standard features which most identity management solutions provide." – Gaurav D., Senior Infrastructure Engineer at a tech services company with 1000+ employees
"Automated User Creation and provisioning of connected resources in the case of Identity Manager, Access control to protected web resources with regards to Oracle Access Manager." - Mwaba C., Identity and Access Management at a manufacturing company with 1000+ employees

Room for Improvement:

"With Oracle, it's always about the learning curve and the nature of how the product is integrated. It takes tons of training and getting the right experienced people involved in order to launch the initial framework. Some of the adapters also do not work very well or have limited functionality." - Mike R.
"Connectors that are available for integrating with different products. General stability of the product needs to be improved." - Usman J., Solution Architect at a tech services company with 1-100 employees
"The management of workflows could use some improvement as well as the overall performance of the product. Because this is such a complex product, we find that it runs a bit slower than its competitors." - Mwaba C.

Read more Oracle Identity Manager reviews on IT Central Station

CA Identity Manager

Valuable Features:

"I would say the most valuable feature is provisioning where we are able to provide user access to all the resources they need in a uniform way that we can audit. We don't need to spend a month going to every individual server, every individual database granting user access. We can do it from one central place." - Boyan V., Senior IT Manager at a hospitality company with 1000+ employees
"The user interface. The synchronization with our HR system" – Idita S., Information Security Manager at a aerospace/defense firm with 1000+ employees
"Policy Xpress makes modifications to how our user data is handled so easy." - AppAnalyst250, Applications Analyst at a software R&D company with 1000+ employees

Room for Improvement:

"Something to help us migrate our code between environments from QA to UA to production in an easier way. That would probably be the big one." - Boyan V.
"The GUI in CA is more complicated where a user might have to drill down more into the menu to find the real form. Also, during configuration for a new person it's a tough deal to drill into the menus to find the place to actually setup." - Gaurav D., Senior Infrastructure Engineer at a tech services company with 1000+ employees
"An out of the box way to control when a policy executes." - AppAnalyst250

Read more CA Identity Manager reviews on IT Central Station.

IBM Tivoli Identity Manager

Valuable Features:

"I think, the most important feature of Tivoli is "Custom Adapter Development" which allows to create agents for almost every application, so that Tivoli can communicate with those applications." - Abhinav S., Senior Software Engineer at a tech vendor with 1000+ employees
"Flexibility, interoperability and the number of adapters/connectors that come with the product are key differentiating strengths in my opinion.

The product allows for extensive customization, particularly for things like workflow and policy configurations, which can get complex in a large IAM environment. Configuration is UI-driven, but the same can be accomplished in a more powerful and direct manner by writing scripts, which are based on JavaScript syntax. This is in contrast to products like Sun IDM, which rely on a proprietary language for product configuration." - Sergei V., Founder & President at a consultancy with 1-100 employees
"The ability to suspend/restore user accounts across multiple products over which Tivoli controls security." - TechCommsDir318, Director of Technical Communication at a media company with 1-100 employees

Room for Improvement:

"ITIM/ISIM pre-installation may take some time. Users need to create ITIM instances manually. IBM can bundle all the pre-installation components and make a single installation package." - Kamala K., Security Developer at a tech services company with 1-100 employees
"1. Enable the business users to manage their permissions by themselves without the technical guys
2. Make the process of creating rules easier
3. Improve the admin GUI
4. Allow functionality to work with the cloud base services"
- Oren H., IT Management Information Security at a financial services firm with 1000+ employees
"As far as I have understood the product :-
1. IBM can work on providing better options for creating custom reports, although various supporting IBM products are available. However, if the functionality is provided in the Tivoli product, then the options should be there for creating Expected Report formats.
2. It's highly dependent on the database connection, if there would be even a slight network glitch in the connection between Tivoli and, mostly DB2, databases and the system was not able to recover and re-establish the connection, it would require a complete environment restart."
- Abhinav S.

Read more IBM Tivoli Identity Manager reviews on IT Central Station.

SailPoint IdentityIQ

Valuable Features:

"User Access Review, User Access Request and SOD Policy detection. Another important feature is IdentityIQ’s provisioning broker which allows us to either use its built-in provisioning engine or easily integrate with third-party provisioning and help desk/ticketing systems (such as IBM TIM/SIM, Oracle IdM, BMC IDM, BMC Service Desk, Novell IdM, Microsoft Forefront IdM, ServiceNow etc.) The backend provisioning of IdentityIQ is lightweight and fast to implement." - Matt C., Principal Technologist at a tech vendor
"Certification of user's access, enabling the organization to have a strict governance of what its employees are for entitled to currently." - SecConsultant790, Security Consultant at a tech services company with 1-100 employees
"1. Very user friendly unified UI (for users and administrators)
2. An excellent out-of-the-box features (hierarchical RBAC, flexible provisioning policies, role-mining, certifications, life-cycle events, etc)
3. Modest hardware requirements
4. A large list of out-of-the-box connectors (with no additional charge)
5. Using only standard java technologies (java, beanshell, HTML, jsp, JavaScript, XML, some Apache projects)
6. Possibility to deploy the solution on different DBMS and application servers of your choice
7. Very fast implementation of the solution with custom modifications"
- Andrey S., IdM Consultant at a tech services company with 100-1000 employees

Room for Improvement:

"We would like to have a bit more flexibility in how the screens are laid out and the content. Some of our clients prefer feature-rich UI/screens whilst others would like to have simpler interaction and presentation.
Report writing is much better in the latest versions, but it is still not comparable to what one can get out of dedicated reporting tools." – Matt C.
"Some of the features like multi-aggregation and self healing feature in case of corrupted certificates would be pretty useful which would enable easy debugging in case of issues." - SecConsultant790
"1. The price is very high
2. The partnership program is very inflexible
3. Provisioning. This functionality sometimes require too much coding to implement some customers' requirements
4. "Ease of use." IdentityIQ has a function that can be described as duplication (this can depend on the point of view) for example, groups, population, and work-groups
5. Implement the support of organizational structure"
- Andrey S.

Read more SailPoint IdentityIQ reviews on IT Central Station

* These reviews of select identity management products come from the IT Central Station community. They are the opinions of the users and are based on their own experiences.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)