PG&E’s Oracle-to-modern identity shift: what IAM teams should note

TL;DR: An eleven-month migration from Oracle Identity Manager to SailPoint at PG&E covered 165,000 identities, 75 apps in production, and 400+ requirements, with reported gains in access review simplicity, performance, and $450k in savings, according to SailPoint. Legacy identity debt is no longer just a tooling problem; it is a governance and operating-model problem.

NHIMG editorial — based on content published by SailPoint: Blog Legacy to Modern, Replacing Legacy Identity at PG&E

By the numbers:

• PG&E reported $450k in savings after go-live.

Questions worth separating out

Q: How should security teams judge whether an identity modernisation programme is succeeding?

A: Judge it by governance throughput, not by the fact that a new platform is live.

Q: Why do legacy identity platforms create risk in regulated environments?

A: They create risk because they slow down the controls that prove access is appropriate.

Q: What do IAM teams get wrong about identity platform replacement?

A: Teams often focus on cutover success and underweight the quality of the controls after cutover.

Practitioner guidance

• Assess identity platform control debt Inventory workflow latency, certification backlog, integration failure rates, and custom-code dependencies to determine where the current platform is slowing governance decisions.
• Tie migration milestones to governance outcomes Define success criteria around access review completion, provisioning reliability, evidence quality, and audit continuity rather than only application counts or project dates.
• Simplify certification workflows before expanding scope Remove entitlement noise, reduce reviewer ambiguity, and validate data quality in the first application waves before scaling to broader populations.

What's in the full article

SailPoint's full blog covers the operational detail this post intentionally leaves for the source:

• The migration sequencing and integration work needed to unwind Oracle Identity Manager at enterprise scale.
• The specific certification, workflow, and compliance requirements that shaped PG&E's project plan.
• The phased go-live approach across 75 applications and how the team managed cutover risk.
• The reported savings and post-migration benefits that support the business case for change.

👉 Read SailPoint's blog on PG&E's identity platform migration →

PG&E’s Oracle-to-modern identity shift: what IAM teams should note?

Explore further

View Full Forum →  |  NHI Foundation Course →