Oracle Identity Governance — previously Oracle Identity Manager (OIM), rebranded as OIG in 12c — is the identity provisioning and governance platform underpinning access control, role management, and compliance workflows for thousands of large enterprises. Banks run SOX access recertification campaigns on it. Utilities manage privileged account lifecycle on it. Healthcare organisations control clinical systems access governance on it. The Oracle Identity and Access Management Suite, which includes OIG, Oracle Access Manager (OAM), and Oracle Unified Directory (OUD), represents years of integration investment that cannot be unwound with a simple migration project.
Oracle's account teams are using every OIG renewal cycle to push customers toward Oracle Cloud IAM — Oracle's cloud-native identity service. The migration pitch is the usual one: modern architecture, quarterly updates, ML-driven access intelligence. The omission is the same: a mature, customised OIG 12c deployment with hundreds of application connectors, custom approval workflows, and SoD ruleset libraries does not migrate to Oracle Cloud IAM in under 18 months without significant disruption. Third-party support on OIG 12c cuts your annual support cost by 50–65% and removes Oracle's leverage entirely.
Running Oracle? Find out exactly what you're overpaying. Free cost analysis, no commitment.
500+ enterprise clients · Est. 2016 · 15-min response · No commitment
Oracle Identity Manager 11g R2 PS3 (11.1.2.3) Premier Support ended December 2021. Oracle Identity Governance 12c R2 PS4 (12.2.1.4) Premier Support extended to January 2026 — but as of March 2026, this version is approaching or at support boundary for many organisations. OIG 12.2.1.4.0 on OracleWLS 12.2.1.4 also requires Java SE 8 (Oracle Java licensing trap — see our Oracle Java licensing guide). Many OIG customers are exposed to dual support cost pressure from both OIG maintenance and Oracle Java SE licensing simultaneously.
Oracle Cloud IAM Migration Pressure — What Oracle Won't Tell You
Oracle Cloud IAM (part of Oracle Cloud Infrastructure) is a genuinely capable cloud identity service for organisations building identity infrastructure on OCI. For organisations with on-premise ERP, PeopleSoft, E-Business Suite, or custom Java applications managed by OIG, the migration picture is materially more complex than Oracle's product marketing suggests.
OIG 12c's connector framework supports hundreds of target applications — Oracle E-Business Suite, SAP, Active Directory, LDAP, Unix/Linux, mainframe RACF, Oracle Database, and custom application connectors built on the Identity Connector Framework (ICF). Migrating these connectors to Oracle Cloud IAM requires either adopting Oracle's cloud-native connector catalogue (which covers a fraction of what ICF supports) or rebuilding custom connectors using Oracle's Bridge infrastructure. For organisations with 50–150 application connectors, this rebuild represents £600K–£2M in professional services. GoVendorFree TPS on your existing OIG environment costs a fraction of that, annually, to keep your identity infrastructure operational and compliant.
OIG and OIM Version Matrix — TPS Eligibility
| Product / Version | Platform | Oracle Premier Support | TPS Available |
|---|---|---|---|
| OIM 11g R2 PS3 (11.1.2.3) | WebLogic 10.3.6 / JDK 7 | Ended Dec 2021 | ✓ Yes — ideal TPS candidate |
| OIG 12c R2 PS3 (12.2.1.3) | WebLogic 12.2.1.3 / JDK 8 | Ended Jan 2024 | ✓ Yes |
| OIG 12c R2 PS4 (12.2.1.4) | WebLogic 12.2.1.4 / JDK 8 | Premier Support ended Jan 2026 | ✓ Yes — largest current TPS cohort |
| OIG 14c (14.1.2) | WebLogic 14.1.1 / JDK 11 | Premier Support to Jan 2029 | ✓ Yes |
| Oracle Cloud IAM (OCI) | SaaS | Subscription — always current | N/A — SaaS product |
GoVendorFree TPS Coverage for Oracle Identity Governance
GoVendorFree's Oracle TPS covers the full OIG/OIM identity governance stack — provisioning engine, workflow, connector framework, self-service, and access certification. Coverage includes:
- OIG Provisioning Engine: User provisioning and de-provisioning lifecycle; request management (approval workflows, escalation, delegation); IT resource and IT resource instance management; reconciliation framework stability (trusted and target reconciliation)
- Identity Connector Framework (ICF): OIG ICF connector stability for Active Directory, LDAP (OUD, eDirectory), Oracle Database, Unix/Linux, SAP HR, Oracle E-Business Suite HR, and custom ICF connectors; connector server management; incremental reconciliation troubleshooting
- Access Certification (SOX/SOD): Certification campaign configuration and stability; role-based, user-based, and entitlement certification; SoD policy engine (Oracle Role Manager integration); access review workflow and evidence management; LDAP synchronisation for user population
- Role Management: OIG Role Catalog; business role hierarchy; role mining and role lifecycle management; Enterprise Role Lifecycle Management (ERLM); SOD analysis and remediation workflow
- OIG Self-Service and Catalogue: Identity Self Service (ISS) portal stability; request catalogue; approval history and audit trail; notification framework (email, BPM integration); OIG REST API and SCIM provisioning advisory
- Integration — OAM, OUD, and Oracle Database: OIG–OAM integration (Oracle Stack SSO); OIG–OUD LDAP synchronisation; Oracle Database as OIG metadata store; SOA Suite BPEL workflow integration for custom approval flows
- Security and Compliance Advisory: Independent CVE advisory for OIG/WebLogic/JDK stack; GDPR data subject access request workflow; PCI DSS access control documentation; ISO 27001 access management control evidence
The Oracle Java Double Exposure for OIG Customers
OIG 12c R2 PS4 runs on WebLogic 12.2.1.4 and requires Java SE 8. Oracle's 2023 Java SE licensing change — moving from per-CPU to per-employee pricing — created a significant unplanned cost increase for many OIG customers running Oracle JDK 8 on their identity servers. An OIG deployment on a 3-node WebLogic cluster for a 10,000-employee organisation that previously paid £18,000/year for Oracle Java SE (CPU metric) may now face a £95,000–£180,000/year Oracle Java SE subscription under the new per-employee pricing model.
Third-party support on OIG enables parallel resolution of both cost vectors: GoVendorFree TPS covers the OIG application layer, while simultaneous migration from Oracle JDK to Eclipse Temurin (OpenJDK distribution) eliminates the Oracle Java SE cost entirely. WebLogic 12.2.1.4 and OIG 12c PS4 are certified on OpenJDK 8 distributions including Temurin — the migration is a JVM swap, not an application migration. Our Oracle Java licensing guide covers the full migration path and TPS compatibility in detail. The combined saving on a mid-tier OIG deployment (TPS + OpenJDK migration) typically reaches 72–78% of the combined Oracle support and Java licensing spend.
SOX and SoD Recertification Under TPS
The primary compliance concern raised by financial services organisations considering OIG TPS is the question of SOX access recertification and SoD audit evidence. SOX auditors require evidence that access recertification campaigns were completed, that access violations were remediated, and that the system producing this evidence is operating correctly. Under TPS, GoVendorFree supports the OIG platform stability, certification campaign execution, and audit trail integrity. The auditor's evidence requirement is unaffected by the support provider — what matters is that the OIG system produces accurate, timely certification output and that your IT general controls documentation correctly describes the system in use.
We have supported SOX IT general controls audits for OIG customers under TPS for multiple financial years without audit qualification. The key documentation requirement is ensuring your IT controls narrative describes OIG as a production identity governance platform maintained by an independent support provider (GoVendorFree) rather than Oracle's standard support. This is equivalent to the documentation approach used for any third-party maintained system. Our audit defence service includes specific OIG SOX documentation templates. See our Oracle Audit Defence Playbook for the full compliance framework.