IBM Tivoli Identity Manager [EOL] Reviews

• Workflows
• Provisioning Policies
• Adapters

• GUI has improved significantly from the previous version
• Role management has improved

All the features provided by the product Tivoli are very useful for any organization as Tivoli and its component products provide every feature of Identity Management concept, but it totally depends on the requirement of the project. And I think, the most important feature of Tivoli is "Custom Adapter Development" which allows to create agents for almost every application, so that Tivoli can communicate with those applications.

I am working on a team which is involved in setting up Tivolii solutions for other organizations. So, I giving example of one of our clients. Initially when a new user joined the organization the user's ID has to be created in the following three places:-

1. HR - to store the identity and process it accordingly for salary, bonuses and all other financial and HR related work.
2. Active Directory:- to allow the user to log into the system and managing the user under various access levels.
3. Tivoli - create the user's ID in Tivoli and allow the user to pass through various workflows for different access on different resources in the organization and then managing their passwords on different applications.

After Tivoli has been implemented all these processes can be combined into ONE and become automated, i.e. we have integrated Tivoli with HR products and with Active Directory. So, as soon as HR enters the new user's information in the HR product, Tivoli picks the information from there and automatically creates the account in Tivoli as per the information received from HR. Tivoli then creates the account in Active Directory without manual intervention and in real-time. Also, the password management also becomes centralized.

Flexibility, interoperability and the number of adapters/connectors that come with the product are key differentiating strengths in my opinion.

The product allows for extensive customization, particularly for things like workflow and policy configurations, which can get complex in a large IAM environment. Configuration is UI-driven, but the same can be accomplished in a more powerful and direct manner by writing scripts, which are based on JavaScript syntax. This is in contrast to products like Sun IDM, which rely on a proprietary language for product configuration.

Many IDM /IAM products require a database, directory server, web application server and other middleware components to function. Some of them require (or strongly recommend) those components to be made and sold by the same vendor. This is not the case with Tivoli. I've seen it work on Windows, AIX, Linux, Oracle, DB2, Sun ONE Directory Server, ITDS, WebLogic, WebSphere, etc., and it supports many other vendor products for OS, Database, Application Server and Directory server.

Connectors are plentiful, partly due to how long the product has been on the market, and developed by IBM instead of by 3rd parties.

I don't use the product at my company because it only makes sense to do so in a mid-to-large corporate environment. Having said that, in my own opinion, the main benefits are, in order:-

1. Better compliance posture
2. Stronger account security; and
3. Automation of identity management processes

• Single Sign On
• Access Management

This product is mainly used to implement secure access of web applications,

Ease of configuration is the most valuable feature, most things work with clicks and the rest with JavaScript.

I'm a contractor and don't stay for the after-effects of the installation.

Provisioning module is valuable.

The ROI of IAM projects and platforms is to enable our employees to work on their application in a short time.

It is a big repository of identities, allowing administrators to manage them and their accounts. Workflow approvals e-user/accounts operations is very important for user life cycle.

It improved the access re-certification. Re-certification was deployed using Excel and took too long too be completed. Using TIM, this time was reduced.

The ability to suspend/restore user accounts across multiple products over which Tivoli controls security.

Mainly that it enables us to centrally control access to the various applications we support.