IBM Tivoli Access Manager [EOL] Reviews

Centralized policy management and reverse proxy-based architecture make it very flexible in terms of deployment, adoption, and implementation. SSO capabilities over various technologies is another strength of this product.

This product enhanced the overall security at perimeter and improved user experience via SSO. A central place for policy and credentials simplifies the authentication over application landscape.

The product has not been updated with emerging technologies over the years specifically around AJAX, REST and Mobile app integration. Also the federation capabilites are very limited.

I have deployed this product at various clients over the last 10 years.

Initial deployment of the product is always critical and issues do come up but not due to limitation in the product. Most of the issues were around bad planning or incorrect deployment.

No, there were bugs identified many times but mostly they were fixed via patch release or a workaround was offered.

No, if deployed correctly it is highly scalable product.

Customer Service:

Fantastic customer service from IBM.

Technical Support:

Technical support is good as you can raise issue any time and based on criticality of the issue IBM can provide support immediately. In some cases even on-premise support is also available.

A home grown solution was replaced by ISAM to change and configure SSO quickly for applications and at the same time using a scalable product was other major consideration.

The initial setup is always complex due to number of applications and user base involved. As the product is a front door for all applications this is very critical and complex setup. Also due to internal and external users and multiple authentication mechanisms involved for different type of users it gets complicated.

IBM team was used for the initial deployment and support and the support provided by them was fantastic. They offer quality consultants all across the globe with short notice.

Yes, it was compared with Siteminde.

This is a great product with proven history. A little better planning is required before deploying it. Given the change in web technologies and SSO protocols it might be better to check other products in market too.

Scalability and the easy integration with existing web applications with no or minimal change to applications.

Tivoli Access Manger lets you separate security from applications and manage at one place. Several applications can be rolled into to the same security model.

Redundant Policy servers had to be manually configured using LB.

12 years.

No

No

No

Customer Service:

Excellent.

Technical Support:

Excellent.

It is straightforward. However it also takes experience to roll out this product.

We used a vendor team and they were excellent.

CA Siteminder was considered.

ISAM 8.0 the new version of Tivoli Access Manager may be considered for large web security implementations.

It is a single product that caters for all the business needs throughout the organization. It provides a seamless integration that in turn encourages most of the applications to use the SSO features.

Reverse proxy is the most valuable feature as it provides central control over authentication and authorization. The integration effort with the end application is quite straightforward and easy.

Multi-factor authentication with social integration needs to improve.

There were no stability issues.

There were no scalability issues.

An acceptable prompt response is received from the technical team depending on the severity of the issue.

More features were found in this product compared to the previous solution that we were using.

It needs quite a lot of time to design the architecture and properly layout the deployment for the high availability setup.

We looked at a couple of other products namely CA and Oracle.

Properly understand the requirement and deploy the application correctly as the product comes with a vast number of features, that we might not use unless we don't check wisely.

Identity management

We have managed to automate the creation of all employees, and the company's clients and then assign the accounts/accesses according to business need.

TIM logging

Three and a half years.

Little issues that were quick to resolve. I don't understand why they have to separate the deployment, as I have used other products that make the deployment as easy as possible.

Never.

Never.

Good.

I have only ever used this product.

The initial set-up is a bit complex for a novice as the Linux version of it needs you to be somewhat good with Linux. There are certain OS requirements which if you are not familiar with Linux, you going to struggle a bit.

Through a vendor team, and their level of expertise was very high.

No other options were evaluated.

It is a very good product to implement.

Tivoli Access Manager (or IBM Security Access Manager) is a fully featured web authentication, sso and authorization product.The product supports multiple user information repositories and also integrates with a variety of strong authentication solutions.Supports reverse proxy as well as adapters placed directly on web servers and app servers.Later product versions supports fine grained authorization as well as XACML based authorization configuration. The DP integration provides support for authn and authz for web services.

Complex to install and run. Requires the full IBM stack to reach full potential.

• Simplified architecture
• Security

It is a totally secure way of accessing clients through various application portals for more than ten EU countries, just by using single sign-on. Moreover, its EAI makes customization easier with the Java/J2EE Applications.

• Multi-source authentication
• Common configs: These need to be moved into a single config file at the appliance level

I have used this solution for three years.

There were no stability issues. However, trends are changing so fast and so are the clients' requirements. The clients also want their hold on the product. They are showing interest in customization.

There were no scalability issues.

This is my first product. However, I am moving, along with my clients, towards ForgeRock OpenIdentity Stack.

It totally depends on the way the client wants to set up and implement the product. The security requires complex implementation. This is where no one wants to compromise.

The pricing is always costly.

After working for three years with this solution, I am now looking for other products.

It is the best product for bigger organizations, but trends are changing so fast. You should look at ForgeRock OpenIdentity Stack if you are looking for a slightly lower price range.

It’s a very flexible and customizable product.

• It provided a secure and robust end to end security solution.
• You can fine tune authentication and authorization
• It’s also easily scalable.

• Installation and configuration.
• If you don’t know the requirements of the supporting components, it could be complicated to install and this has been improved in the later versions that are renamed to IBM Tivoli Security Access Manager.
• Also the knowledge base articles on the internet are limited.

Several years.

No issues encountered.

This is a very stable product that can run forever.

There are no issues with scalability with this product. Easily to do with no downtime.

Customer Service:

Good. Nothing to complain about.

Technical Support:

The technical support are very skilled and has helped solve all issues that I needed help with in a timely fashion.

No previous solution used.

Not as straight forward as Microsoft products where the dependencies are bundled in the installation.

I was part of the in-house team and we managed to handle it without the help from the vendor.

The setup cost is like any other product, and once setup, this product requires very low maintenance.

No other options were evaluated.

Most often IBM Tivoli Access Manager is not involved when backend applications are developed an this can sometimes cause the applications to not function properly and you need to spend time troubleshooting and do changes in the application.

An IBM Tivoli Access Manager technician should be involved from the start when developing a new application.

Reverse proxy component, known as WebSEAL. It provides large number of authentication options that are out of the box.

I am a consultant and work on designing and implementing this tool for our customers. It has helped them to improve and control web and mobile application security.

This product is also available in the appliance offering which has not yet matured and has many issues. Most of the time application of fix-packs cause problems to existing functionality. Also, all the features of the product are not available in the appliance version. Lastly, there is huge room to improve the administration UI to make more user friendly.

10 years.

Deployment is quite easy, and the only issues that were faced were with fix pack applications afterwards.

Not really.

No issues encountered.

Customer Service:

Overall, it's decent. Many times it depends on the IBM support team member handling the customers' issue.

Technical Support:

Overall, it's decent. Many times it depends on the IBM support team member handling the customers' issue.

I have not used a different solution.

Initial set-up is straightforward.

It's one of the best available products of its class. Worth investing in.