Symantec Identity Governance and Administration Reviews

The most valuable features to us are:

• Provisioning engine (on the back-end, separate from front-end components, that's part of layered architecture);
• Access-request system (to manage on- and off-boarding of users); and
• Mobile interface (ability to manage workflows and user requests from smartphone).

Through the centralization and automation of access management functions, and providing a baseline for identity and security analytics, we've improved our security.

I think CA Identity Manager could improve in the following areas:

• Usability

• Stability
• It's complex
• The reporting functions

I've been using it since 2011 as Identity Manager (before: CA eTrust Admin).

We had multiple failures with Linux-based installers hindering deployment process on Linux platform.

No major issues with deployment on Windows.

Multiple issues with stability of the provisioning servers.

No issues encountered.

7/10

5/10

CA eTrust Admin 8.x had been upgraded to CA Identity Manager 12.5 SP9.

Initial setup was complex due to multiple inter-dependencies and high diversity of infrastructure components.

Initially implemented through the vendor team, following upgrades with an in-house team.

The level of expertise delivered by the consultancy firm was high, however it has decreased significantly in the past two years.

Pricing and licensing models are adequate and reasonable.

Identity Manager solutions from Oracle, SailPoint, IBM and RSA/EMC. The products from the mentioned vendors generally seem more competitive than today’s offering from CA.

Run PoC with as close to production deployment as possible; pay attention to TCO and ROI after including provisioning costs on support services for implementation and maintenance as well as required design of reports and business processes and UIs.

We previously manually provisioned staff, but now Identity Manager allows us to do auto-provisioning. Auto-provisioning means that when there's any HR activity associated with an employee, it automatically, for example, de-provisions if the employee is fired or moves positions with different access privileges.

We used to have a manual for new hired instructing them to send and email or make a phone call. It used to take 7 days for this process, for example, if we hired a $200/hour consultant. It didn't matter from a security admin perspective because they knew the new hire was coming on board, but it took a lot of manual effort and time.
Now that we have auto-provisioning, we just define the provisioning rules for access privileges and defined, targeted endpoints.

I'd like to see it better integrated with the other CA security products.

We've had no issues with deployment.

We're still executing Identity Manager, so far we haven't had a very bad experience. It looks like it's good, but we still have to learn a lot about how to use the product, but so far from what we've seen, it's a prominent product.

We scaled for fifteen targeted endpoints. We are still at six, so we are still within the scoping half of what we anticipated. So far, so good.

The initial setup was IDM v8, but we could not really upgrade to v12. I don't remember on top of my head what were the technical reasons because the product has changed quite dramatically. It's a completely different architecture and everything, but the migrations we are doing now, from one version of 12 to another is quite straightforward.

Have something in your mind, like a handful of targeted endpoints. Stick with them, implement it, then extend to the others. Don't just change your scope.

We use Symantec Identity Governance and Administration for user creation, division, modulation, workflow, and giving access to managers. We also use the solution for reconciliation and recertification purposes.

What I found most valuable in Symantec Identity Governance and Administration is its simple GUI. It's also easy to deploy compared to other products. With other products, you have to install the Windows version inside the Windows machine on all units, but with Symantec Identity Governance and Administration, it can work offline, so the solution is a little bit easier than other systems.

There are several areas for improvement in Symantec Identity Governance and Administration. They have no proper documentation on how to do backups. They also have a lengthy workflow process where we have to make some configurations to manage automation in the rules and in our tasks which takes time. We have to manually configure all the configuration files, and we cannot export users because there's no export system in Symantec Identity Governance and Administration.

What we'd like to see in the next release of the solution is for them to make configuration and integration with other systems their top priorities. We have many API systems to manage, so hopefully, if they make these enhancements shortly, we can directly connect with our API systems when using Symantec Identity Governance and Administration.

We've been using Symantec Identity Governance and Administration since 2019, so three years now.

Symantec Identity Governance and Administration is a stable solution, though sometimes you'll experience an issue or a problem with it. Stability-wise and performance-wise, I would rate it three out of five.

Currently, my company has a license for two thousand two hundred users, so you could scale Symantec Identity Governance and Administration, but only a few use it, probably because the solution has a lengthy process where you have to make a lot of connections in the backend, and that's taking up a little bit of time.

Currently, the technical support for Symantec Identity Governance and Administration isn't as good as it used to be. Broadcom has introduced other support and my company also provides support to customers, but in terms of getting good support from Broadcom, my team hasn't been getting it.

The support team for Symantec Identity Governance and Administration is responsive, but there's a delay in the response.

On a scale of one to five, with five being the best and one being the worst, I'm rating support two out of five.

We didn't use a different solution before using Symantec Identity Governance and Administration, but currently, we're searching for other solutions that have similar features to Symantec Identity Governance and Administration. We haven't found a solution with the WSO2 identity feature. We didn't find a better product. We're trying to look for a new solution because Symantec Identity Governance and Administration has a lengthy configuration. Deploying the solution and configuring rules on it is lengthy as well. We have to do all these manually, which customers don't want, so we're planning on replacing Symantec Identity Governance and Administration.

The initial setup for Symantec Identity Governance and Administration was very easy. It took around thirty minutes to be fully deployed. Setting up the solution was quite simple, but configuring it was a little bit lengthy.

On a scale of one to five, with one being the worst and five being the best, I would rate the setup for Symantec Identity Governance and Administration four out of five.

In my company, I did the deployment of Symantec Identity Governance and Administration myself. My company also supports customers in terms of deploying the solution, but via vendors.

I'm not aware of the licensing cost for Symantec Identity Governance and Administration because I'm part of the technical team, not the sales team.

In my company, Symantec Identity Governance and Administration is deployed on-premises, but planning to deploy it on the cloud, though it hasn't been decided yet. I still need to learn how to use the cloud version of the solution.

Symantec Identity Governance and Administration doesn't require that much maintenance, and maintaining it is an easy process.

My company has between fifty to one hundred users of the solution.

I would recommend Symantec Identity Governance and Administration to others because it's a good product, particularly if you're okay with limited features. It also has a straightforward installation. The product is good enough to be used in a smaller environment, but if you want to automate more processes, then Symantec Identity Governance and Administration won't be as good. It utilizes the CPU and there could be some issues with a higher degree of automation.

I'm rating Symantec Identity Governance and Administration six out of ten.

My company has no partnership with Symantec Identity Governance and Administration.

One of the primary features we use is the password reset. The challenge we had was that our helpdesk had to manually reset customers in the field and reset their passwords one at a time, so we implemented CA Identity Manager to allow us to automate this self service reset of passwords.

One of the biggest benefits is the reduction of calls to the help desk. We reduced by a third our calls for password resets because users of the system could then reset themselves using the challenge questions and you know, people forget passwords it's an easy function. That was a huge benefit.

We are actually looking at something to make it easier from a user front end. The helpdesk does a lot of work today, so we're looking at another product from CA. I think it's called the Identity Suite.

Make the maintenance and the updates easier. As well as a more intuitive interface.

It's been very solid. We went live a year ago, so almost 18 months and it's been rock solid.

It's been very good. We have above 40,000 users on that platform and we never have any issues.

We haven't had any issues that required us to go to technical support, so it's really been very good.

We were using a product from Oracle - OID. Primarily it was all home grown, we had to build the backend database, we did some interactions, so it was really a custom solution and it wasn't as scalable, and it didn't have the security features. Rather than invest our development effort into creating security components, partnering with somebody made more sense.

Converting from our old system took a little bit of work. We had a lot of old database access accounts that we had to move over, again, 40,000 or 45,000 but once we took care of that it was pretty painless.

We compared a couple of other vendors. Some of the newer ones are cloud-based, we weren't comfortable with that yet.

The most important criteria when selecting a vendor is stability, the quality of their product, price is always a factor; to make sure you can afford it. We looked at what we had, switching to a new product then we compared it with several other vendors. We typically would go through a matrix and say, "Okay, here are all the items that we feel are important," so when we make that decision you can go back and say this is why and how we made it.

Rating: I'd say probably 8/10. Again, we haven't had any issues from a support perspective, once we've implemented it it's been very solid, people love it and we've saved a lot of money and time from the help desk perspective, so it's been a good investment. I'm really hard on numbers, so 9 or 10 is like impossible.

With security, you have to have a culture of security, and protecting the accounts and passwords and access has to be number one, given every time you see a breach in the news, it's because somebody is not taking care of security. It's top of mine.

It's [CA Identity Manager] done exactly what we want it to. We've actually branched out and done some additional federation logs and stuff like that. Because of the success we've also looked at some other products like CA Advanced Authentication from a external consumer standpoint. It's been a good partnership with CA.

I use the user record (a permanently stored data element), self-service features (access requests, application access, remove/change users), and the rules and entitlements for users.

These features really help our organization because they are the best features available for managing users.

The only issue we have is that sometimes we have an issue related to the Microsoft integration. That impacts Identity Manager's performance, and it's something we need.

I've been using it for four years.

No issues with deployment.

Most of the time, because we do a lot of testing, it seems to be in good shape, and as far as I can see there's no problem at all with stability.

We have issues with scalability, and it has taken time due to the requirement of extra memory and more CPU.

Very well, as I have been working with these people for a while. I have never had any issues with the technical support. They support us 24/7 and are really good.

The initial set up was complex because we had a lot of documentation. We had to look at our system first and see the platform with other products. It takes a while to build and for it to work with our sandbox, but eventually it was fine. Although it did take time initially, after that it was a cake walk.

It was all done in-house, but again the technical support was there when required.

We saw other options in the market, but the technical support of CA made the difference. This is why we chose the product. If the system is down, someone could help us and this was an important factor.

I don't see any issues with CA, and everyone in the business is happy with CA and their support. Everything is good.

The product is easy to install, setup and configure. For me the ease of installation and configuration was most valuable as my experience with earlier Oracle Identity Manager products was slightly tedious. Things might be different now with Oracle products though. Also, CA provided a long list of standard connectors which did not require too much of customization and it suited well with the customer.

For the customer, the product provided an easy to use GUI for user-account centralization and auto-maintenance of accounts on different end points (target systems). Much of the manual tasks such as sending mails for approval and requests were reduced greatly. The amount of helpdesk calls were greatly reduced due to self-service tasks provided by the product.

With the new age products such as Dell, Forgerock, and Ping, and the change in demands of the customer, CA needs to do a lot more. For example, Dell IM provides built-in features with governance in mind, although they also provide a separate product called IM with governance edition.

The GUI in CA is more complicated where a user might have to drill down more into the menu to find the real form. Also, during configuration for a new person it's a tough deal to drill into the menus to find the place to actually setup.

CA came up with SIGMA to be better on GUI and scalability, but it had a lot of issues and poor scalability in both versions. I lost one bid purely based more on the poorer GUI provided by CA, and due to the fact that SIGMA did not provide things which were asked by the customer and did not provide scope of much customization either, so I did not understand the use of the product. I am not aware if SIGMA is officially launched now or not.

I've used it for around three years.

Migrating and comparing objects using the add-on tool Config Xpress has its own challenges, we had some issues when we connected the two development and production environments and tried comparing. We used it the other way, i.e exporting the environment XML files which was indeed time consuming.

Overall, it's quite a stable product.

I would 3.5/5 as it was good, but with some slight delay.

I have used Oracle's product, and am currently also using Dell. My previous customer moved from Oracle to CA purely due to cost factor. With a simple requirement, I would still use CA, but with newer customer demands. CA has to come up with new features which other vendors provide and tune up the GUI.

It's a very straightforward process, very easy to use.

I have implemented it both with a vendor team and an in-house one as well. Implementation is straightforward, you just need to read the manuals provided by CA which says it all from installation and configuration to tuning.

I haven't actually dealt with the licensing costs etc. but i know it's cheaper than Oracle, but more expensive than Dell/Microsoft/Forgerock.

As with all products, this has its pros and cons please do a study of other products based on your requirements before deciding on a product.

The valuable features are the speed and the ability to provision all of our employees. I like the usability as well.

I'm happy with the features that are in the current release.

We have IDM integrated with Provisioning, SiteMinder, and CA Directory as our IAM solution. When we embark on an upgrade initiative for one of these components we quickly find that newer versions of IDM are not supported with the other exisiting components. This results in a much larger project to upgrade SiteMinder, IDM, Provisioning, Directory, and the OS which results in Senior management abandoning our upgrade project. I would like to see IDM supported with a larger version footprint in relation to the other required components in our IAM application framework.

The provisioning perspective is very stable. In terms of identity management, the logic is good, but performance could be better.

The tool is not scalable. That is not a limitation from a CA software perspective. The lack of scalability is more a result of how we originally set up the product.

We have used technical support. Overall, we find it very good. For Identity Manager, it is hard to get the right support agent.

I was involved in the installation and it was complex. We were coming from a very old version and we had to upgrade. There was a lot of data migration.

I have many colleagues from different companies and we all tend to lean towards CA products. We are accustomed to using CA.

• The user interface
• The synchronization with our HR system

I know that CA are always trying to improve and upgrading with improvements.

I've used it for 11 years, and it has improved greatly over time.

After a big update and upgrade, we have no problems with the system.

The system is very stable, it isn’t freezing and it handles everything very well.

They don’t give a resolution immediately. They tend to take time coming up with answers. We are not really satisfied with the customer service. They do solve problems in the end, it just takes time.

No, we didn’t use a previous solution. This is the first solution we ever implemented and we have been very satisfied ever since.

Initially it was a bit complicated as it was really something new in the market and the idea of identity management that works automatically and synchronizes with a HR system was not common. We were a pioneer. It was complicated to start these projects, the planning, architecture, and data mining that we had to do in the first step.

We did it by ourselves, and had to do a lot of thinking by ourselves to get to the step of implementation. It took a bit of time because at that point there was not a lot of knowledge on how to implement such a new solution, so it took time. After we passed this step it moved on. But today when you launch these projects, everyone has a lot of experience from over the years and knows the steps. In 2004 it was really a startup. Now we are specialists.

Yes, we have had a return on investment. All of the time saved on administration and user lifecycles. Now it’s all automatic. When a new employee is coming to the organization a new user is created, when I put it in the HR system a new user will be automatically created. Also when a user is let go, or has retired everything happens automatically. It helps because we have a lot of temporary employees that we bring in. It’s hard to imagine having to do this all manually.

I think the pricing is reasonable.