Flexibility, interoperability and the number of adapters/connectors that come with the product are key differentiating strengths in my opinion.
The product allows for extensive customization, particularly for things like workflow and policy configurations, which can get complex in a large IAM environment. Configuration is UI-driven, but the same can be accomplished in a more powerful and direct manner by writing scripts, which are based on JavaScript syntax. This is in contrast to products like Sun IDM, which rely on a proprietary language for product configuration.
Many IDM /IAM products require a database, directory server, web application server and other middleware components to function. Some of them require (or strongly recommend) those components to be made and sold by the same vendor. This is not the case with Tivoli. I've seen it work on Windows, AIX, Linux, Oracle, DB2, Sun ONE Directory Server, ITDS, WebLogic, WebSphere, etc., and it supports many other vendor products for OS, Database, Application Server and Directory server.
Connectors are plentiful, partly due to how long the product has been on the market, and developed by IBM instead of by 3rd parties.
I don't use the product at my company because it only makes sense to do so in a mid-to-large corporate environment. Having said that, in my own opinion, the main benefits are, in order:-
- Better compliance posture
- Stronger account security; and
- Automation of identity management processes