Symantec Identity Governance and Administration Reviews

The most valuable features of this product are the following:

1. Policy Xpress
   Allows for the ability to build policies triggered off of events in a codeless manner.
2. Separation of Duty (SOD) policies
   Gives the ability to create roles and/or policies with a criteria for removal or addition of a role, policy, or an entitlement based on the user’s title as an example.
3. Connectors
   IDM has a rich set of connectors that covers traditional on premise, SAAS related, or custom resources. IDM provides the ability to create a custom connector through its Connector Xpress module. The module itself allows one to build a connector to any resource that is either LDAP or database driven. Once again this process involves no coding for the task.

I'm an integrator, and as a result I deploy solutions in behalf of an organization. IDM improves the organizations ability to govern the life cycle of an end user. The life cycle starts with the on-boarding of an individual to the organization, whether it’s a contractor, consultant, employee (full or part time), or a partner. The life cycle ends with the departure of the individual from the organization. Everything in between is about managing the user's access, permissions, profile, and evolution from an identity stand point. We (Mycroft) advise and implement the necessary user cases that drives the successful central management of identities for an organization. Plain and simple, IDM provides the automation that allows the IT and respective business department(s) to focus in on other pressing needs while IDM standardizes the identity practice.

The areas of this product which requires improvement are as follows:

1. The User Interface (UI)
   The User Interface has been improving over time and there are products such as IDMLogic Sigma that improves upon the user UI experience.
2. Its delegation model
   While IDM has the capability to delegate, the delegation process is not intuitive or forthcoming to the clients. The delegation model is present but it’s not a straight forward model to design against.

These two areas are the ones that stand out, as I probably developed a tolerance over the years for any other if others do exist.

Eight years.

Yes, but deployment issues are hardly product installations, but rather retro-fitting the installation to the core principals of the organization. Anyone can install the product within a 20 minute window in an ideal scenario. Each organization has environmental complexities and business policies that at times causes issues with the deployment.

No issues with stability.

No issues with scalability. Typically deployments are done with an assumption that an organization will grow by a certain percentage in the foreseeable future. As a result the architecture will adhere to the growth plans accordingly.

Technical support has drastically improved over the years, as a result I would rate them at 7.5 and climbing.

While I implement solutions for organizations, I witness switches for the following reasons:

• Staff are no longer knowledgeable on the solution as a result of staff turnover over time
• Product configuration has not been maintained to support needs of the business over time
• Vendor Support and direction
• Cost model
• The direction of the organization and its relationship with other vendors

In my experience, the posture of the setup has a direct correlation to the use case mapped to the feature set and functionality. There are numerous ways to implement a solution, but the level of complexity stems from the ability to simplify the requirements and work with the business on compromises. All organizations have security and business policies that they mandate by or govern towards. As a result, the initial setup or configuration is a direct by-product of how the use case is socialized into the product. At times, some business processes should not be subjected to IDM at all. unless there are compromises to how the business flow is managed. Understanding this basic idea and product limitations go hand in hand.

The ROI on CA IDM is a result of the following 3 areas:

1. Employee productivity
   Faster onboarding process and provisioning. The ability for end user to perform self-service password resets and utilize an access requests system.
2. IT cost savings
   The ability to focus less on traditional cost areas around password resets, user on-boarding, and essentially the whole user life cycle allows IT to spend on other technical areas wisely. Cost savings to IT is not only how to save but also how to re-purpose the funds to other needed areas.
3. Cost avoidance.
   Potentially recovering from security breaches or violations and the cost to recover from them. Centralized management introduces efficiency that leads to shared resources not redundant work throughout an organization.

Identity Policy and its Ability to support Account Provisioning to RACF and AD/Exchange.

This solution was implemented for a Financial Client to automate account provisioning across various disparate systems (more than 80 systems across 5 countries). From an HR perspective, when an employee leaves the organisation, suspension, transfer and removal of access to systems can be completed within 7 days in comparison to up to 30 days when handling it manually. Access to system(s) can now be approved and granted within 3 working days going through a self-service application and approval process.

Lack of a comprehensive attestation component/product and easy to use workflow that supports both attestation and provisioning. However, currently CA does have a product for attestation.

3 years

Main issues were with migration of data from a 8.x to 12.5 sp2.

No stability issues.

No scalability issues

7/10

8/10

No previous solution used.

Initial Setup is considered straightforward due to its wizard based installation. However, it is complicated due to HA requirements.

Compilation of data for Attestation manually may take 3-6 months or more if the organisation has large number of assets distributed across several countries. The need to maintain up-to-date access list on every asset also poses a challenge.

I am a consultant and we consult for identity and network management. We work with Symantec, which is owned by Broadcom, and also with Microsoft and Oracle. Additionally, we work with open-source solutions like Glue.

From an identity management point of view, the automated provisioning feature is a very key feature. The quick access reviews have been very beneficial to our customers, providing a consolidated view of the environment.

The automated provisioning feature has been very key from an identity management point of view. The access reviews have also been beneficial to our customers.

Symantec should develop a SaaS solution for cloud environments to make the solution available in various marketplaces for easy deployment. It should also offer bundle installation instead of one by one installation to minimize complexity. Some interfaces were not good initially but creating a portal helped improve the user experience.

I have been familiar with Symantec Identity Governance and Administration since 2009. Before that, it was CA Identity Suite and prior to that, it was CMI.

The reporting features are robust, producing good reports and offering automation, which supports our audit processes well.

Technical support by Broadcom is very good. I am currently dealing with them for one of our clients and they are excellent.

Positive

I previously worked with Oracle and Sun Microsystems back in the day. The previous identity management solutions we used were different, and we switched to Symantec because of its features.

In the current setup, installations happen one by one, which makes it complex due to the many moving parts. A bundled solution would simplify the process.

The solution should ensure that one knows what they are doing and understands the components they are using.

The pricing has been very reasonable, but licensing costs vary based on the customer. It follows a user-based licensing model.

For banking environments or companies with less complex environments, Symantec works best. It's recommended for straightforward access management systems.

I'd rate the solution seven out of ten.

Identity Manager allows us to have a programmatic and paradigm shift in the way that we handle identities within our organization. What we had in the past was sort of a homegrown-built system to manage identities. That is individuals coming onto our systems and out of our systems. With the Identity Manager product, we're able to automate that in a way that we couldn't in the past. The single largest improvement has really been the ability to take what was a paper sort of process, e-mail sort of process, manager phone call process, down to an automated process which allowed us to go from one week to provision someone to ask the appropriate access down to about two hours.

We've met with the product development folks, and as far as improvements, we're really looking at them from a user experience. While all the key components are there to make the product work very well, what we're looking at is enhancing the product to have much more of a more modern approach and look and feel.

The actual application is very well designed and architected, and is very stable. We're very happy with the solution so far. The product is easily scalable and horizontally in that manner, so what that allows us to do is as we onboard more and more applications as endpoints for the Identity Manager, we're able to scale appropriately. Horizontal scaling is the ability to basically say, "Hey, I have ten more endpoints. I need two more instances of the application to manage those endpoints." It's easy to just instantiate them, as opposed to us having to buy bigger and bigger boxes to manage with more memory, more compute, more storage to manage those entities.

Technical support from CA comes in two forms for us. The first one was regard to their sort of, what we call, staff augmentation model. Well, they helped us to understand the paradigm for a using Identity Manager, while at the same time helping us to understand how to use the actual product. The support that comes afterwards, which is also excellent, comes in the fact that they have forums for us to interact with. They also have sort of escalation procedures that we have a chance to work with, and so that supports us from both ends of the project. The introduction as well as the ongoing maintenance.

In the past, we did sort of a simple sort of management of identities through, what we called, the manager calls you up and says, "I'm identifying the following person." It was sort of ad hoc, so to speak. With the Identity Manager product, in conjunction with the identity governance product, we were able to define roles, enterprise type roles, and then use the identity minder product to push those role's accesses out into the application world.

I think the actual product itself is fairly simple and straightforward. The difficulty comes in trying to understand what is a paradigm for identity management in the context of this particular product.

Selecting a vendor is important to us. We need to make sure to pick the right vendor. Firstly, we look at are they one of the vendors we currently work with. Consistency in approach, consistency in the technology, consistency in the style, is all important for us. The product in and of itself is good, but what you need is a holistic approach from your organization, because identity management is not just simply a one area focus. It is an organizational issue. Make sure to include all the areas of the organization. We had a sort of homegrown applications that we wrote. Scripts and programs that were wrote to manage in the context of our current applications.

It is really important that we find out what the community thinks of these products. They have been through the war, so to speak, and their ability to learn and understand what the shortcomings were, what lessons learned happened for them in their particular context, is really important for us. Simply getting a White Paper is great. It's a starting point, but I like to augment that with blog reviews and understand what the rest of world thinks about our product, especially when it comes to critical products like something like an identity management system.

I've used it to manage users, create and update, delete users, change passwords, and assign and change rules. Those are some of the most important cases.

The most valuable feature, in my opinion, is the option to deploy this solution as a virtual appliance. It's an easy and fast way to deploy the solution, and it doesn't require a lot of hardware or digital machines. Just one machine is enough. 

Another valuable feature is that it is an easy way to deploy a cluster with this solution, as it's included in the options of the virtual appliance. It's not a complicated option.

The product could be improved. I think when you work with this kind of solution, you have to work with endpoints, and not always do you have the input you need. Sometimes, it's necessary to develop the connector to some kind of endpoint. The development process to create this connector is not as easy as I would like. It's sometimes a little bit complicated. This process involves code that we need to develop to get that connector.

I've used Symantec for maybe four or five years.

The group is really stable. We don't have problems with the stability of the product. It's not complicated to upgrade or reset, restart, and deploy. And the services work well.

It's a good product, and if you have to work with a lot of users, it's not complicated to get scalability with this product. It's not complicated. 

The customer service and support are good. 

Positive

The initial setup is not complicated. It's easy, in my opinion. After that, you have to do some configuration and setup for specific use cases, and this could be a little bit complicated if these use cases are customizable. It depends on the use case. The basic use cases are not complicated; it's just the next-next-next configuration. But if you want to do some customization, this could be complicated.

The product has a good price in competition with another product with the same solution. It's not the best, but it's a good price.

My advice is to always have a role strategy to work with this kind of solution, no matter the brand. If you don't have an enrolled solution, it won't work.

Overall, I would rate the solution an eight out of ten because it's a good product with stable use cases, but there are some points to improve.

We previously manually provisioned staff, but now Identity Manager allows us to do auto-provisioning. Auto-provisioning means that when there's any HR activity associated with an employee, it automatically, for example, de-provisions if the employee is fired or moves positions with different access privileges.

We used to have a manual for new hired instructing them to send and email or make a phone call. It used to take 7 days for this process, for example, if we hired a $200/hour consultant. It didn't matter from a security admin perspective because they knew the new hire was coming on board, but it took a lot of manual effort and time.
Now that we have auto-provisioning, we just define the provisioning rules for access privileges and defined, targeted endpoints.

I'd like to see it better integrated with the other CA security products.

We've had no issues with deployment.

We're still executing Identity Manager, so far we haven't had a very bad experience. It looks like it's good, but we still have to learn a lot about how to use the product, but so far from what we've seen, it's a prominent product.

We scaled for fifteen targeted endpoints. We are still at six, so we are still within the scoping half of what we anticipated. So far, so good.

The initial setup was IDM v8, but we could not really upgrade to v12. I don't remember on top of my head what were the technical reasons because the product has changed quite dramatically. It's a completely different architecture and everything, but the migrations we are doing now, from one version of 12 to another is quite straightforward.

Have something in your mind, like a handful of targeted endpoints. Stick with them, implement it, then extend to the others. Don't just change your scope.

We use Symantec Identity Governance and Administration for user creation, division, modulation, workflow, and giving access to managers. We also use the solution for reconciliation and recertification purposes.

What I found most valuable in Symantec Identity Governance and Administration is its simple GUI. It's also easy to deploy compared to other products. With other products, you have to install the Windows version inside the Windows machine on all units, but with Symantec Identity Governance and Administration, it can work offline, so the solution is a little bit easier than other systems.

There are several areas for improvement in Symantec Identity Governance and Administration. They have no proper documentation on how to do backups. They also have a lengthy workflow process where we have to make some configurations to manage automation in the rules and in our tasks which takes time. We have to manually configure all the configuration files, and we cannot export users because there's no export system in Symantec Identity Governance and Administration.

What we'd like to see in the next release of the solution is for them to make configuration and integration with other systems their top priorities. We have many API systems to manage, so hopefully, if they make these enhancements shortly, we can directly connect with our API systems when using Symantec Identity Governance and Administration.

We've been using Symantec Identity Governance and Administration since 2019, so three years now.

Symantec Identity Governance and Administration is a stable solution, though sometimes you'll experience an issue or a problem with it. Stability-wise and performance-wise, I would rate it three out of five.

Currently, my company has a license for two thousand two hundred users, so you could scale Symantec Identity Governance and Administration, but only a few use it, probably because the solution has a lengthy process where you have to make a lot of connections in the backend, and that's taking up a little bit of time.

Currently, the technical support for Symantec Identity Governance and Administration isn't as good as it used to be. Broadcom has introduced other support and my company also provides support to customers, but in terms of getting good support from Broadcom, my team hasn't been getting it.

The support team for Symantec Identity Governance and Administration is responsive, but there's a delay in the response.

On a scale of one to five, with five being the best and one being the worst, I'm rating support two out of five.

We didn't use a different solution before using Symantec Identity Governance and Administration, but currently, we're searching for other solutions that have similar features to Symantec Identity Governance and Administration. We haven't found a solution with the WSO2 identity feature. We didn't find a better product. We're trying to look for a new solution because Symantec Identity Governance and Administration has a lengthy configuration. Deploying the solution and configuring rules on it is lengthy as well. We have to do all these manually, which customers don't want, so we're planning on replacing Symantec Identity Governance and Administration.

The initial setup for Symantec Identity Governance and Administration was very easy. It took around thirty minutes to be fully deployed. Setting up the solution was quite simple, but configuring it was a little bit lengthy.

On a scale of one to five, with one being the worst and five being the best, I would rate the setup for Symantec Identity Governance and Administration four out of five.

In my company, I did the deployment of Symantec Identity Governance and Administration myself. My company also supports customers in terms of deploying the solution, but via vendors.

I'm not aware of the licensing cost for Symantec Identity Governance and Administration because I'm part of the technical team, not the sales team.

In my company, Symantec Identity Governance and Administration is deployed on-premises, but planning to deploy it on the cloud, though it hasn't been decided yet. I still need to learn how to use the cloud version of the solution.

Symantec Identity Governance and Administration doesn't require that much maintenance, and maintaining it is an easy process.

My company has between fifty to one hundred users of the solution.

I would recommend Symantec Identity Governance and Administration to others because it's a good product, particularly if you're okay with limited features. It also has a straightforward installation. The product is good enough to be used in a smaller environment, but if you want to automate more processes, then Symantec Identity Governance and Administration won't be as good. It utilizes the CPU and there could be some issues with a higher degree of automation.

I'm rating Symantec Identity Governance and Administration six out of ten.

My company has no partnership with Symantec Identity Governance and Administration.

We provide technical expertise for some of our clients. I've worked with thousands of clients.

I work with both small clients (1,000 users) and large clients (100,000 users). Our clients use this solution every day. With people constantly being hired and fired, user access is always being granted to new employees and taken from old employees. We use this solution to decipher and determine user access.

Our clients collect information surrounding the access that many of their users have. Different users are granted different access and rights. We have a process that monitors and plans user rights in accordance. From the information that we compile using this solution, we then release a report to the manager who then determines the type of access a user gets. 

It improves security. It's a very useful tool that has improved our client's security, from day one.  

This solution is very easy to use. Once it's been configured correctly, it's very easy to use, but it's not an easy tool to configure. Technically speaking, you need a lot of knowledge to make it run properly.

All software has room for improvement. There are some features that could be added to make it even more user-friendly.

Integration capabilities with other solutions and formats, including JSON, could be improved. Integration is not easy at all. 

I have been using Symantec Identity Governance and Administration since 2004.

The stability could be improved. It really comes down to proper monitoring — there are a lot of good replication processes behind the scenes. If there are problems with the monitoring, then there will be problems, stability-wise. 

On a scale from one to ten, scalability-wise, I would give this solution a rating of seven.

Personally, I don't think the technical support is very good. The technicians don't seem to have enough training and knowledge surrounding the solution — they don't have in-depth knowledge.

The installation is easy, but system integration for specific clients is very complex because each client has their own use case. You have to really understand what a client needs in their environment to master this solution. In short, installation is very easy but customization is not. 

In most cases, deployment takes roughly two to five days.

As the final decision comes down to our clients, they are the ones who evaluate other possible options.

I would recommend this solution, but only for small to medium-sized companies. It doesn't perform that well for large companies.

Overall, on a scale from one to ten, I would give Symantec Identity Governance and Administration a rating of seven.