It's all about IAM

Identity And Access Management - Rajiv Dewan

Why most of IDM Projects don't succeed

 Why most of The IDM Projects don't succeed ?

Yesterday I was having a discussion with my friend on the topic "Why most of the IDM Projects don't succeed ?". I saw couple of discussions on LinkedIn on same topic as well. It's quite simple and interesting question but is it ?

There can be n number of answers for this question based on different client/vendor experience. So I would like to share something based on my experience. I worked mainly with OIM and little bit with SIM so my views will be based on these products only. 

IDM Projects don't succeed:

Just A Java Application:

IDM Projects don't succeed When people think, IDM is just a Java Application. They think that if they are good in Java, they can do anything in IDM. They implement the things based on their Java experience instead of using IDM features. Things look easier in the beginning but later client has to pay for this. And also we face lots of challenges at the time of upgrade of IDM environments.

Just A Database Application:

IDM Projects don't succeed When people think, IDM is just a Database Application. They make use of SQL Queries instead of using IDM Provided APIs/Components. They use direct queries for different operations and play around with Audit Data.

Just An Application (GUI) for Automation:

IDM Projects don't succeed When people think, IDM is just an Application which provides Graphical User Interface  to automate some process like Create User/Delete User/Provisioning Access etc. They care more about Look and Feel instead of its features.

Lack of IDM People:

IDM Projects don't succeed When we don't have proper IDM People at the time of Requirement Gathering/Design/Development/Testing and we give more responsibilities to people who are having good experience BUT in different domains.

Lack of IDM Knowledge:

IDM Projects don't succeed When client expects more than the product capability. I agree that they don't have much knowledge that's why they are asking others to implement the same but they should understand the boundaries of the product.


IDM needs at-least one unique field to map target users with IDM users. Unique field can be a combination of 2-3 fields as well. Without this field, IDM won't be able to link identities and accounts. So people should understand that Unique field is mandatory for running Reconciliation Job into IDM. If they don't provide such field(s) then IDM won't be able to link the users.

Oracle Product Development team has done a great job in OIM 11g R1, OIM 11g R2. Hats off to Product Development Team for coming up with such a great architecture.

Although there are some bugs but those will be found in each and every product. We should understand that these products are man made so nothing can be 100% perfect, so instead of blaming each other we should work together and come up with a stable product which will satisfy the need of today' world.

                                                      Happy IDM !!!

OIM 11g R2 Bundle Patch

OIM 11g R2 Bundle Patch Released

Download Patch:14606628 from Metalink for upgrade from OIM 11g R2 to OIM 11g R2 BP01

Bundle Patch Number :

Release Date: 17-Oct-2012



Bundle Patch 5 is also released for OIM 11g PS1 (OIM

 Patch Number: 14609562

 Bundle Patch Number: 

 Release Date: 17-Oct-2012




 Other OIM 11g R2 Related Posts:

OIM 11g R2 Features
OIM 11g R2 Upgrade
OIM 11g R2 Self Service Console Screens
OIM 11g R2 Wildcard Search
OIM 11g R2 Attestation
OIM 11g R2 Application URL