Symantec Siteminder Reviews

We use Siteminder to protect our portal site subscribers. In our case, this refers to people who have dental insurance.

We're a dental insurance company and we've got millions of subscribers.

We have thousands of dentists. We have millions of subscribers who use our dental insurance. There are a couple hundred thousand providers (dentists) in the network. 

SSO affords us the opportunity to have a federated connection between our members, groups, and companies. 

We have a trusting partnership with everyone involved. This solution helps us in that aspect. In summary, it protects our applications, relating to benefits and eligibility, etc. 

It gives providers (or dentists, in our case) the ability to transpose across the different Delta Dentals without having to authenticate more than once. With Siteminder, We don't have to log into every site with a different user name and password — It's one identity for all sites.

Some of the new protocols, like OAuth 2.0, could be improved.

It would be nice to see a better cloud-based solution that's both easy and accessible for all organizations.

I have been using Siteminder since 2011.

Symantec Siteminder Is both scalable and stable. If you need to add more groups of members, it's just a matter of adding another web agent. It's very scalable.

I work with the technical support guys all of the time. They are excellent. 

Since I've been doing it for years, it's hard for me to say it was complex. You have to set up the realms, domains, ACOs, access control, configure the objects, and set up the databases. Speaking as a technical person, I think it could be a little more simplistic, but on a technical level, it's about even with the other solutions available.

Symantec Siteminder is expensive; they could definitely do better on the price.

If you're thinking about implementing this solution, make sure you have the proper infrastructure. Also, try to negotiate the cost.

On a scale from one to ten, I would give Symantec Siteminder a rating of eight. If they fixed some of the issues I mentioned, I would give them a higher rating. There's a lot of players out there that are only doing half of what Siteminder does, but they do it with the more advanced protocols.

We use this solution for applications and portals for a bank in Colombia.

The solution has saved our company from a lot of problems.

The solution is easy to use for our managers.

We did not have any issues with the stability of this solution. We have approximately 5,000 clients using the solution.

The solution has been scalable.

The technical support could be better.

The licensing is fair for this solution.

I rate Symantec Siteminder an eight out of ten.

We primarily want to use the solution to implement our SSO, Single Sign-On solution.

The single sign-on is the solution's most valuable feature.

Since we're in the early stages of examining the solution, it's hard to predict what might be lacking.

We're currently unable to find information about if the solution can do a full implementation with SQL. Some better and more accessible documentation for new users or those curious about the product would be helpful.

We want to implement a simple application. Currently, from what we're finding, we're not sure if it would work the way we need it to.

The solution is quite new to us and I only really started looking at it about two or three weeks ago. We're in the testing phase.

We've never contacted technical support.

For a long time, we used SiteMinder, We're currently looking into what might be a better solution for SSO. That's why we're currently evaluating CA SSO. We'd been using the previous solution for two or three years but it hasn't been able to provide us with what we needed. Currently, we're trying to implement CA on servers for IPMP.

The initial setup seems straightforward, but we're curious about the aspect of SSO for SQL servers. We're also investigating from the net side to see what requirements are needed. We haven't implemented or deployed it yet.

We have our own in-house team that will handle the implementation.

I'm an implementor, so I help clients implement the solution for their companies.

We're still in the process of testing the solution. We're currently not providing services on it as we are still in the testing phase.

So far, with a simple implementation of the SSO, I'd rate the solution eight out of ten.

The primary use case of this solution is a single sign-on to gain access to users and servers.

The security from the logistics team has required us to have a single sign-on solution. We implemented several single sign-on servers and we integrated them into one. The users would use it as a jump server. They would connect to it and from there, they would access the main server.

The most valuable feature is the integration with the Active Directory.

To add more value to this solution it needs to be more user-friendly. This is what is really needed in the next release of this product.

I have been using this solution for two years. My experience with this solution is as an end-user.

The stability is fine, we have not had any issues.

This solution is scalable.

We have more than 100 users who are made up of engineers and administrators.

I have not been in touch with technical support.

Previously, I used Arcon as a bridge to build access management. Arcon is different from CA SSO single sign-on.

I changed jobs and in this new location, Arcon was deployed.

The initial setup was not a problem. I would rate the difficulty a seven out of ten.

We have a large network with several servers and it took more than six months for the initial implementation.

We had a team of three engineers to deploy this solution on-premises. They were responsible for the administration of the single sign-on.

We implemented this solution with the help of one of the partners.

My advice to anybody considering this solution is to always create their use cases so that they can do a complete and thorough POC before purchasing this solution.

Do not force the implementation of these types of solutions. It was forced by the management without proper planning. I have learned that proper planning works best for these types of solutions because you have to integrate with different components of the network, in order to be successful.

I would rate this solution a seven out of ten.

Customer was looking for initially an automated self user registration through a secure channel. Apparently it looks like a very easy going requirements but if you look in the detail they want to authenticate before registration process. A user came to create an Identity and customer wants to authenticate and securly takes the same data. 

Another issue was localization and reporting 

If I describe what actually happened, a little bit of the business case, that will help you to understand what it was like. The customer is the kind of customer that really doesn't want to share anything. When a person joins that organization, he has to pass through a couple of security levels, the scrutiny, before the ID is given to him. They used to use a manual process. Whenever a person joined the organization, they used to take his details; they used to write on a piece of paper; then this paper used to go to one of the departments; then it goes to another department; and so on. It wasn’t just a matter of going from one building to another; it was going from region to region.

Finally, this paper goes through a couple of scrutiny procedures. Then, it used to come back to the IT department, and finally, they do their security check and they create the ID and give it to them in an envelope. That was a kind of long procedure that sometimes took 2-4 months to create the ID; just an ID for a person. It was a challenge for the customer for the last 20 years.

We were doing that project and during that project, we found that the project owner wasn’t trusted. The project sponsor wasn’t trusted to just change this overall but they had this security constraint. What they actually wanted was that when they create the ID, they want this person to be authenticated. Generally, this is not the case in any organization, that somebody joins an office and he doesn't have any ID. So, how are you going to authenticate it?

What happened was that what we've been told, “Will you guys do this? Authenticate through a national database? We want, when a person is going to join us and he will request an ID, he should be authenticated through a biometric and that fingerprint will take him to the national database, where he will check in and it will come back to their IDP, their identity provider. They have it internally, and then, we will pass it through our system.”

Now, this was a challenge because in CA Identity Management, when you have a self-user registration page, this page was open so anybody could go and open it. We needed to protect that page, and on top of that, this information had to be protected to a third party. What we did is, we brought a couple of products in the middle of it: CA Federation, CA Single Sign-On, and CA Identity Management.

What happened when the user got authenticated with his fingerprint, it comes to the IDP, we have federation through CA Federation and then, once it passes through it, we have CA SSO, which is protecting the identity management page. Once it gets past this information, it comes to the self-user registration page, but here's another challenge: You've been authenticated but now you have a page which is open. I can authenticate myself and put someone else through the system. That could be a possibility, so we had a problem.

What we did is, we just pulled the data out from the third-party, national database and brought them to the CA identity page, to the self-user registration page, and all his names, IDs, and phone numbers, come in automatically. Then, it goes through several approval processes. Finally, the ID is transmitted over his mobile number that is in the national database.

That kind of work we have done. There are other challenges, as well.

The most valuable feature is that it meets the requirements of the customer. You have a lot of features in the product. Every product has them, but the question is, are these products going to meet the requirement of the customer? Because, if you meet the requirements of the customer, then it's way too easy to get inside the customer. We met the requirements of the customer and that's why I believe that this product has value.

I think the future release is, if you ask me, I think they have done a lot in the new release, especially the front end. The front end was not as good. CA did a good job in doing it, especially when I look at the new identity suite. They have done a good job in changing the overall look and feel. This is actually what the customer was looking for. The look and feel was not good in the earlier product. It's a journey, so we just completed one of the requirements for the customer.

CA has reporting at the moment. With the reporting, every particular segmented product has a reporting engine. I would like to see centralized reporting for all of them together. If an enterprise customer has all of these three or four modules for security, he will get consolidated reporting.

A problem we had with the customer was, at the moment, we were asked, “Are you able to integrate these products together?” Were we able to get the requirement done for the customer, as a business requirement? The reporting side we were unable to do it out-of-the-box. If CA consolidates the reporting for all three together, it may be easier. I'm not sure, but it may be easier.

No at all.

We are changing the architecture to scale it.

Customer Service:

An eight out of 10.

Technical Support:

A seven out of 10

No.

It's one of most complex requirements as explained earlier.

CA Partner implemented it

Time value and money.

CA solutions.. Are generally expensive but for the customer the ROI is big.

Yes

When you are looking for a security solution, products are there in the market, but you really don't want to go for a product that looks very beautiful from the front but has very bad stuff in the back end. One good thing is that CA has, I believe, that is has an edge. It allows me do a lot of what the customer is looking for, beyond the customer; beyond the product boundaries. They are certain things that we would not be able to do if this CA solution didn’t have this flexibility, and it's highly secure. It is a highly reliable solution to work with.

We implemented the solution almost a year and a half ago and up until now, there has been no downtime. It is reliable; it is good; it is open for customization; it is open for integration.

From my experience working with CA for almost 13 years, it’s a company. I'm not saying it’s specific to a solution. I'm talking about CA in general. It's a company with a solution and the company with the right solutions.

I have explained the journey of how these solutions (not specifically CA SSO only, but their entire security suite, including Federated Identity Management) met the requirements:

• The customer was looking to have a self registration and password reset portal for their organization but they don't want to leave this portal open and accessible to everyone without been authenticated. This was only challenge, which I have mentioned it.
• Second solution, open for customization for security from different datasources.
• Thirdly, localization of this solution. Eventually, if these solutions have only listed features and it works only what they present. For sure, we wouldn't be able to achieve it.

There are critics and these critics help CA to build their good solutions.

Extraordinary product; extraordinary flexibility to explore and meet the requirements of the customer.

Our primary use is for client demo on authentication/authorization, federation, and ease of use.

The product was just for client demo purposes. There was no deployment onsite.

• This is the only access management product that I have come across which configures end-to-end and hosts resources. 
• This product is very easy to deploy. I just strictly needed to follow the user-guide.
• The CA directory services is something that I found to be cool. 
• I liked the debugging part. There are only two files (trace file and log file) that you need to look into while performing debugging, and the logs give you the exact info on where and what needs to be fixed. 
• You can quickly deploy the entire product with a basic config within couple of hours.

• The GUIs are not very clear, especially when integrating with other products from CA. 
• Like CA IDM, there can be challenges. One needs to know that they have great hands-on on their app servers to understand the logic and deploy it accordingly.
• There were challenges with version compatibility, and this is something that I did not like. This all happened during the second phase while trying out various integrations.

No stability issues.

No scalability issues.

Technical support by CA Technologies is wonderful. I used to post my queries and get quick responses. The CA forum is something I would recommend to follow if you are dealing with any CA product. I appreciate their timely and effective responses.

Although it is straightforward, for someone new to access management, it is always a challenge to understand what is done and why. That is where I struggled initially, since I was very new to the domain. Domain knowledge is more important when you are new to a product.

I recommend conducting a PoC on every available product before choose one.

Not applicable.

Be sure to get your doubts clear on any product features, integration with other CA products, and other security products.

I recently came across Okta, which also has cool features.

Before implementing, ask a CA manager to provide you a list of use cases, which can help you in building/offering what you have in mind.

The client has a biometric identification module. We integrated that with the CA Single Sign On for new user registration, and it works perfectly fine for us.

It has considerably reduced the amount of time that new users would take to join into the organization. Previously, it was a lengthy, manual process because it's a very secure environment, where they need to verify the user before they can actually grant him a user-ID and password.

Integrating with the built-in custom application, and exposing CA Single Sign On to the internet, we were able to get the employees onboard. The time that we gained was: previously it would generally take from four to eight weeks for each employee, we brought it to one to two days.

The Federation part of Single Sign On, which is customizable and is easily integrated with any customer application or any third party application.

Maybe they could improve on the Federation part, and Federation with the apps. Not only for the websites, but with the apps also.

It's a very stable product.

Once we experienced a crash, the main policy engine of Single Sign On crashed, but CA gave us a fix for that.

Scalability-wise it's good. It's built into the product.

The support could improve in its response times, and in the understanding of the customers' problems.

It was complex. The Federation part of CA Single Sign On, it's a bit complex to implement because it involves the SSL certificates, exchange of certificates, and lot of technical details. The documentation misses some important parts of this, so that's the reason it took some time for us to go live.

When we're looking to select a vendor for a product, what's most important for a client like ours is the security; the product should be really secure. The next most important is the stability.

I rate it an eight out of 10 because, once we implemented it and the Federation part was working fine, we haven't faced any problems, except for that one instance where the policy was crashing.

I would definitely suggest going for CA Single Sign On.

It is our authentication system for access to online and mobile banking.

Its performance has been good. It works well for us.

It keeps our members safe, that's a benefit for us. It's important.

Federation, for sure, because we have a lot of third-party vendors that we need to integrate with, and this is a turnkey solution in some ways.

The Directory is secure. It's our user store, and it's important to keep our members safe. The product does well with that.

I think they need to integrate some of the newer types of authentication into the product. I'm not seeing the innovation when it comes to biometrics in the product.

Also, easier integration with third-party partners to OpenID Connect because username/passwords are a thing of the past. People are going to be using facial recognition. Apple has gone that way. There are other companies like Daon that are doing this. CA SSO will be left behind if they don't have it yet. There's some innovation being done, but it's not there.

Improvement is being made all the time. I just came out of a session here at the CA World conference where they showed how you set up Federation partners is being improved, through more APIs. Making life easier for the engineer is always important because we are lazy in general. So improvements are being made in that space. There's more to be done, like how to make configurations easier, and not have the engineer having to guess what will happen when he changes a particular setting.

If I had answered this question four years back I would have said "poor." But over the last four years they've done a lot of work to make it stable and it's reasonably stable right now.

It still goes down once in a while. But that's not the product's problem, it's probably how it's configured in our environment. So the product is pretty stable.

It is scalable. It depends on where it's running, and on where it's deployed, and how it's configured. In our case, it is scalable. 

Some parts are scalable, not all parts. We do have some customized pieces within the product itself that we paid CA to build for us. Some of those things are not scalable.

Technical support is good. We're a large scale customer for CA, so we do have Premium Support from them. We had a problem about three years back with the stability and we were going down all the time. We actually got somebody in-house from CA, to come to our office within a few hours, and the person stayed on until the problem was fixed.

We had no choice. We were growing too big. We had a homegrown solution in place six years back, and our CTO at that point made a conscious decision to go towards this approach. And it worked.

I think CA had a pre-existing relationship with our company. And our CTO had used a CA SSO product before, and the recommendation was made at that point. So I don't know whether it was a full evaluation that was done, or whether it was the fact that, "Hey, it is a product that had worked before in other places, and we're talking about a straightforward use case here. So let's just go for it."

In terms of advice to someone looking for a similar solution, this one has worked for us, so think of whether it fits into your space. It may be best-in-class for doing a particular type of function, but that doesn't mean it fits in your ecosystem. So think of that first before you pick something which is best-in-class.

Complex, painful. But that is to be expected of any new setup. When you're a big bank like us, any kind of migration to a new product is hard. I expect it to be painful, and it was painful. But it's not something that you can avoid.

One thing that recently surprised me about CA is how big it is. The product I'm talking about in that context is not a CA product, it's an acquisition that CA made a few years back. I was used to working with the other company. Once we knew that CA bought it, I was surprised to see how big CA is. Just the product suite itself is pretty large. So just that was surprising.

As for the most important criteria when selecting a vendor, technical support is clearly one of them. Vendors tend to sell us something and then walk away, and we're left holding the bag. So tech support is clearly important. Apart from that, in terms of products, we don't care much about best-in-class. We just need to make sure it fits within any kind of technology ecosystem that you have. You could come and sell me a product that is best-in-class for doing a particular thing. But if it doesn't fit into my current stack, than it's useless.