Symantec Siteminder Reviews

The most valuable feature is the flexibility of this product to integrate with any third-party components and platforms. Support for those is a really interesting feature.

It is a decent solution. We have been using it for our SSO API stuff. We also use it for implementing single sign-on across internet-facing applications.

One of the features that needs improvement is the capability of implementing single sign-on in cloud. As a client-server model, we depend on the IP addresses that break when we move into cloud, so more of a REST API approach is needed.

There are still areas in this product that need to be improved, as in every other product.

The newer releases are quite stable. We do come across some issues, but the release cycles are good and quite impressive.

Scalability is decent. We have been using it for a long time and we don't have any issues with the scalability part of it. It is quite scalable.

The technical support level varies from average to medium. We would like them to improve parts of their technical support so as to provide quicker and better solutions.

I wouldn’t blame the technical support team, as they need support from the engineers. There is need to provide more training to the technical staff in regards to the latest features.

We were using some other tool previously. At one point, a requirement came up for a more stable and enterprise-wide solution, so we decided to invest in the CA tool.

The setup was complex because we customized the entire implementation process. Although, I doubt any other customer would use it in a similar way.

I was not part of the discussion for shortlisting other vendors but I am aware that our company did perform some POCs and narrowed it down to CA SiteMinder.

It is a decent solution. CA is focusing on improving the stability of this product and their future roadmap looks quite promising as well. Companies should invest in this product and should think of it as a competitor.

When selecting a vendor, we focus more on the technology standpoint; how flexible the product is; how much customization we can do; the support availability.

The most valuable feature for us is the user experience in being able to use one set of credentials to access multiple applications. Also, I've never seen anything that does what SSO does. The first time I ever saw SiteMinder/SSO was in the early days of Netegrity, which was version 3.0.

It allows us to be able to collaborate with external partners, such as the government, in such a way that we're able to find out what they're actually looking for in a product we provide.

We've been looking for a tool that can help us do a better job of monitoring and of helping our users. Unfortunately, SSO doesn't really allow us to do that. We have to basically do it through brute force.

We've recently purchased a product called IdentityLogix which is going to help us do it. We looked at IdentityLogix for two-and-a-half years and we recently purchased a license from them. We'll be setting that up in the next couple of months. It should also allow us to see some analytical information that we're not able to see right now without doing, like I said earlier, brute force.

Currently, management wants to see how many authentications we have daily and monthly. And in order to do that, we have to write our own scripts based on certain logs, and that's not something I really want to do. If SSO could do that for me, that would really help me do my job better.

I haven't encountered any issues with deployment.

We've been using SSO since the Netegrity days. So for the last ten years, we've seen some bugs, but lately much less than in the past.

We have a highly-redundant system. We haven't had to do anything else to scale it up any more than what we've already got.

We've had a designated CA support engineer for the last four or five years now. Some have been mediocre, while some have been really good. Overall, technical support is very good.

I used Netegrity 3.0 in a previous job.

For the most part, the installation and setup of it with SiteMinder for the policy server aspect of it is fairly easy. For the web agent aspect of it, we've run into issues and have had to call support or refer to old notes from prior installations. For the most part, the setup is between easy and medium difficulty.

SSO is a very robust application. It's very easy to administrate and use. Users don't even know you're using SiteMinder or SSO. They just think they're on a website. I can tell by the URL that a company is using it, and I like that. It makes me want to use that company more often.

My primary use case of Siteminder was single sign-on. 

Siteminder was deployed on cloud. 

Siteminder helped my business function better by covering multiple use cases to perform single sign-on. Some had a web application, some had a native API-based application, some interacted based on SAML, and some had a single-link browser-based application, so there were different scenarios in which you wanted to perform single sign-on. There were different policies for different types of applications, using a single product. 

A valuable feature of Siteminder is the way it handles bulk traffic. The features it has, in terms of routing the traffic and load balancing, are good. 

An area Siteminder could improve on is that there are a few limitations, in terms of new protocols for OpenID. If I want to have different scopes, the features are limited. They also do not have APIs exposed, which is a major drawback. API is a feature I would like to see included in the next release. 

The last time I used Siteminder was eight months ago. 

Siteminder is stable. I would say it's stable with respect to the features it offers. If you are trying to perform something which is not coming out-of-the-box, then it might give you some trouble, but otherwise, the out-of-the-box features are quite stable. 

There is maintenance required for Siteminder, so you will need team members to work on it. If there is a new liability that is out there, then you need to figure out how it impacts your infrastructure, how you can modify it, whether that modification will impact your use cases, and if there is not a patch given by the vendor in order to fix it, how you can do it yourself, and whether that will impact the functionality. 

Whether it's easy or complex to scale will depend on how scalable your enterprise is. If you have multiple data centers, located in multiple places, then it becomes complex to scale. However, if you have a straightforward flow, then the scalability is good. 

I've worked with multiple businesses, some small and others large, ranging from one hundred users to one million users. I know companies who have been using Siteminder for 15 years and others who migrated from Siteminder two years back. Whether they will increase their usage depends on their leadership. If they have already invested money into this, in order to migrate, they would have to invest further, which requires a lot of people. If they see it as a benefit and they think that, by migrating, they can cover multiple other use cases that aren't being covered, then they migrate.

The technical support is not that great. They're slow because they don't have enough people, and good engineers are not spread over the globe. I know that, for the US time zone, there are a few good engineers, but there aren't too many in the remaining time zones. 

We have customers who have migrated from Siteminder. If you compare Siteminder to the many other products available in the market, the new products are more modern, enhanced, and offer more features. If a company thinks that they want to use those features, they migrate from Siteminder. Any new product that is coming up in the market will always bring something new to add, and it can attract more customers and companies. 

The deployment process and initial setup is kind of complex, especially if you want to do a migration from an older version to a new version. There are a lot of manual steps that you need to perform, and if you are doing a pipeline-based deployment, then there are a few hard codings that you need to do. It requires planning. 

The number of people you will need depends on how complex the environment is. I worked on it for multiple clients, so for some, we were just a team of two or three, but for others, we had a team of ten and it still took a lot of time and effort to perform the migration. 

I implemented this solution through an in-house team. 

Companies using Siteminder saw a return on investment, in terms of improved security. It gives security, in terms of organization, asking people to log in to different applications, and improving the user experience and login. At the end of the day, it does provide a return. 

Siteminder is a little costly. You pay for licensing, and they offer packages, so if you have less users, then you have to buy different products at different prices. If you have more of a user base, then the package is different. They also include other features—for example, if you have a database and you're using Siteminder, then it's good to use a Semantic-specific database, but if you are using less, then you have to purchase the database separately. Whereas if you are going for a bigger license, then it comes within the package. It depends on which plan you are using. 

I rate Siteminder an eight out of ten. Siteminder has good performance on specific use cases, so if your use cases align with those, then it's a good solution to go with. But it's always good to do research and see what alternative options are available and what they have to offer in comparison. 

Our customers use it to log on to our site.

It has performed very well, so far.

• Authentication
• Authorization 
• The user repository

Without, with the number of customers using our site, if that portion was down, our contact center wouldn't be able to handle the calls, if the authentication and authorization wasn't working.

It has streamlined a lot of the functions, and for all our applications they don't have to worry about the security part, they just ride the application and SSL handles the authentication, the security part of it.

The OpenID Connect piece, we would like to see the new technologies baked into the product, as opposed to going out and using a different product to accomplish the same thing. So OpenID Connects would be great, to have that kind of plug-in, into SSL without having to go in and install new products.

It's very stable. We have experienced occasional downtime, but once we work with support we find the problems and we solve them. Once everything is configured and working, it's stable.

In terms of scalability, so far we haven't really had issues with performance, we haven't faced any problems yet.

Technical support is good. Once we escalate, the proper channels get the tickets, then we have no issues with them.

When selecting a vendor, what is important for our company in that relationship is, obviously, the history that we have that we have with the different companies, and meeting the requirements.

I rate it a nine out of 10. Sometimes it's just a matter of figuring out the quirks and how it works. But once it works, it works really well.

I would definitely recommend it. It's a product that does what it does very well. Once it works, it just works and you don't have to mess with it.

The valuable features are security in general and ease of use. More specifically, ease of use for the developers, and security where the developer doesn't have to know about authentication or security. You just put the agent on, and it's all handled for them.

This product takes the burden off the developer. It increases productivity, because they don't have to worry about security in their code as much. This speeds up and aligns the development. The product works on my IP as well.

I would like to see reporting, REST-based queries. Reporting is a big one for us. We want to be able to put in the URL and get a list of all of the access that that URL has. On the flip side of that, one could put on a LDAP group, and program this LDAP group to get access to all of these URLs. That's something that we don't have today, and we're actually trying to build that. It would be nice if that was built into the product, and be API driven. Anything that we can do in the user interface, we want to be able to do that programmatically through SDKs, or through a rest interface. It's all about automation stuff. With everything moving to AWS right now, we have everything automated with CA Single Sign-On, except for the installation. That's the main reason behind my rating.

The stability is pretty good. Probably on a scale of ten, I would rate it as a nine or ten.

I would rate the scalability as an eight or nine.

In the past, I'd say our quality of technical support was probably pretty low. In a lot of cases, it seemed like we knew more than the support person, but recently it has gotten a lot better. In the last few support cases, it seemed like they were really knowledgeable people, so I think it's heading in the right direction. Technical support is a lot better now.

The installation process was complex. There are a lot of different moving pieces, and the main complaint is that it's hard to automate any of it. There are so many disparate pieces, and it's not built on top of micro services, neither is it API driven.

I think the relationship with the vendor is good, that they come to us for feedback. They ask us what we want to see in the product. I think is becoming better now than it has in the past with the community. I actually submitted a community idea, and within a year that was actually put into the product, so I think it's getting better in that regard. I would say first try to figure out what your business requirements are before you come up with a solution, and then look at what the solution is. In a lot of cases, CA Single Sign-On could meet those business requirements.

CA Single Sign-on is actually our main access control solution which we use to protect our websites, portals and applications, which are exposed internally as well as on the cloud and externally, as well as commercial applications.

It was very hard to get the end user experience in favor of like you login into one website and then you don't need to login into other website you can just click on the link and go over there. CA Single Sign-on has helped us a lot. The user only needs to use credentials once and then they can single sign-on into other websites which are already integrated into the CA Single Sign-on product.

Overall I'd say we're very satisfied with the product but yes, we had outages and performance issues but again I think based on the load and then how we're increasing our applications which are integrating into the solution. We have to do the technical and architecture review time to time to increase our capacity. CA has helped us with the architecture review and with the suggestions to take on the load. Definitely we need to add more servers, more capacity and also we need to go through the architecture review process there.

I'd say the speed to upgrade because I think I heard in the conference that they are trying to go with agile, getting new features in like period of months, a couple of months. That makes it very important for product management team to make it simple to upgrade. That's one of the biggest feature I'd suggest I'd like to see that if they can make the upgrade process simple. Overall I'd valuate it around 7.5 to 8. Definitely even when we select the vendors the product has to be best in the breed in the market.

I think we have a very good relationship with CA. I'd say because I think being a major access vendor product for us it's very crucial for our help cloud as well as our internal applications. We having a tier-1 support from CA and they have been very response whenever we have an issue, I think we get appropriate response from the support. I think right now we're using the solution for our cloud services which is having around 4 million users. I think it will grow to around 11 million plus users by next year and we're actually counting on the Single Sign-on solution to take the load and still meet our requirements.

Yes it can be complex, I think that's one area we have already given feedback to the product management, that is a little complex to get the set up and get it going and the upgrade process is very complex. Again it takes time to get but I think once the product is installed and it's there then definitely the stability is there. The complexity is the number of components involved in the overall installation and the education part. Like if we don't have skilled team members definitely it needs people with proper skills set to understand the product, different components, the app layer, the database layer all those components makes it little bit complex too to install.

For us the support and maintenance matters most there because once the product is implemented but if we don't have good support at all so that makes it very difficult to run the product. For us, yes the stability plus support is very important. I'd definitely say, do use them to first of all note down all the use cases whatever they want to achieve by implementing SiteMinder. Definitely SiteMinder has a lot of features, a lot of capabilities at all but usually it's not possible for everyone to use each and every feature.

I think based on the business requirements, application requirements they should first list down what are the main criteria or their use cases and based on that they should go with the implementation. That's very important for us because yeah, definitely when a vendor comes in and they tell us about the product and the features which can meet our business needs definitely that helps. Again as I mentioned for us support and maintenance is very important so it's not just once the product is in house and we're done with it.

We definitely look for possible forums and get the user reviews, go to the user groups so that we can find more about the product and supportability. I think we’re early adapters of it when we choose it like it is or it's still the best in the breed product available in the market.

It is our authentication system for access to online and mobile banking.

Its performance has been good. It works well for us.

It keeps our members safe, that's a benefit for us. It's important.

Federation, for sure, because we have a lot of third-party vendors that we need to integrate with, and this is a turnkey solution in some ways.

The Directory is secure. It's our user store, and it's important to keep our members safe. The product does well with that.

I think they need to integrate some of the newer types of authentication into the product. I'm not seeing the innovation when it comes to biometrics in the product.

Also, easier integration with third-party partners to OpenID Connect because username/passwords are a thing of the past. People are going to be using facial recognition. Apple has gone that way. There are other companies like Daon that are doing this. CA SSO will be left behind if they don't have it yet. There's some innovation being done, but it's not there.

Improvement is being made all the time. I just came out of a session here at the CA World conference where they showed how you set up Federation partners is being improved, through more APIs. Making life easier for the engineer is always important because we are lazy in general. So improvements are being made in that space. There's more to be done, like how to make configurations easier, and not have the engineer having to guess what will happen when he changes a particular setting.

If I had answered this question four years back I would have said "poor." But over the last four years they've done a lot of work to make it stable and it's reasonably stable right now.

It still goes down once in a while. But that's not the product's problem, it's probably how it's configured in our environment. So the product is pretty stable.

It is scalable. It depends on where it's running, and on where it's deployed, and how it's configured. In our case, it is scalable. 

Some parts are scalable, not all parts. We do have some customized pieces within the product itself that we paid CA to build for us. Some of those things are not scalable.

Technical support is good. We're a large scale customer for CA, so we do have Premium Support from them. We had a problem about three years back with the stability and we were going down all the time. We actually got somebody in-house from CA, to come to our office within a few hours, and the person stayed on until the problem was fixed.

We had no choice. We were growing too big. We had a homegrown solution in place six years back, and our CTO at that point made a conscious decision to go towards this approach. And it worked.

I think CA had a pre-existing relationship with our company. And our CTO had used a CA SSO product before, and the recommendation was made at that point. So I don't know whether it was a full evaluation that was done, or whether it was the fact that, "Hey, it is a product that had worked before in other places, and we're talking about a straightforward use case here. So let's just go for it."

In terms of advice to someone looking for a similar solution, this one has worked for us, so think of whether it fits into your space. It may be best-in-class for doing a particular type of function, but that doesn't mean it fits in your ecosystem. So think of that first before you pick something which is best-in-class.

Complex, painful. But that is to be expected of any new setup. When you're a big bank like us, any kind of migration to a new product is hard. I expect it to be painful, and it was painful. But it's not something that you can avoid.

One thing that recently surprised me about CA is how big it is. The product I'm talking about in that context is not a CA product, it's an acquisition that CA made a few years back. I was used to working with the other company. Once we knew that CA bought it, I was surprised to see how big CA is. Just the product suite itself is pretty large. So just that was surprising.

As for the most important criteria when selecting a vendor, technical support is clearly one of them. Vendors tend to sell us something and then walk away, and we're left holding the bag. So tech support is clearly important. Apart from that, in terms of products, we don't care much about best-in-class. We just need to make sure it fits within any kind of technology ecosystem that you have. You could come and sell me a product that is best-in-class for doing a particular thing. But if it doesn't fit into my current stack, than it's useless.

It is basically for authenticating the users, whether it be privileged users or employees. Thus, we use that single sign-on (SSO) as an authentication mechanism.

It is a simple solution to implement, and it provides additional flexibility.

Right now, federation that comes out-of-the-box with single sign-on is the most valuable feature that we have, and also scalability.

Better documentation. I went through some sessions on single sign-on for version 12.7. Whatever features we are looking for from a REST API perspective, they will be there. So far, it is good. We have to implement it, and figure out what is good or bad about it.

There are a few other competitors which are taking up advantage over the segment being more agentless. SiteMinder is more driven with agent-based authentication, but the others are going with being more agentless. So, we have to go into the more next gen technology, where other vendors are going into, and that is where SiteMinder is lagging behind. The speed at which they are bringing up these features, it is very slow. 

It is stable, but certain features which are out in the market are not available to make it more robust.

We are able to scale well with the amount of users that we have and the users that we are supporting. So, it is quite scalable. However, it does not scale vertically. It is only scalable horizontally. Therefore, it increases the footprint.

Right now, we have hundreds of policy servers between two datacenters. If it was vertically scaling, the footprint would have been reduced, and we have been looking towards a solution. However, the SiteMinder platform as such, even the 64 bit, is built on a horizontal scaling architecture. I do not think it is built on vertical scaling. Even if it is, for most of the companies like us, where we invest in a lot of infrastructure, vertical scaling would not really help.

We had a legacy implementation, and their technical support has been acclimatized to the new partnership federation, so they could not help much in terms of the solution. Therefore, I had to do trial and error to figure out what to do with it, and get it working.

Over the past years, CA support has been only focused on problem areas. When there is a specific problem, they will focus on resolving that problem. They are more focused on closing tickets. They are more focused on getting the tickets closed than resolving them. If the solution is not resolved, and if I requesting, "Hey, I want a couple of weeks for that to be open." Sometimes, they do it. Sometimes, they say, "Hey, we will close the ticket, then you can reopen a new one."

Other instances, if it is a feature that we need answers on, support sometimes says you need to get professional services to get engaged. I do not know whether it is the right direction that CA wants to go, because support is something that support professionals are supposed to know about the product. I would go and open up a ticket to get answers based on the feature that is available or what we are planning to do. We cannot just go hire professional services for everything that we do.

All of the feedback within our team for CA Support is not good. It really is on a very low level, but then it is very specific for CA SSO. The CA support for other products, like CA Spectrum, has been good. However, for CA SSO, it is absolutely poor.

The initial setup was straightforward. Also, we have been doing upgrades, in place upgrades, as well as cloning infrastructure, which has been pretty straightforward. 

However, the documentation is very unclear. It is painful to go through the actual documentation and get the information which we need. 

I opened up a ticket a couple of weeks ago. It was on strong authentication where we wanted to upgrade from an older version to a newer version. I had to go through three documents and open up a ticket to understand how the upgrade process should happen. It was so confusing. In one document, they say something, and in another document, they say another thing. I actually had to open up a ticket for this. I wanted to delegate the work to somebody else, and when they asked me the question, I did not have the answer, because it was distributed across three documents.

Even during my initial deployment of strong authentication, this was the older six stack two version, if I would have gone through the document to build it, I would not have done it. We had professional services sitting with me, because I was doing a PoC. At that time, we went through the installation, and I was able to receive some help.

But for everything, I cannot go to professional services. If the documentation was straightforward, then I do not have to refer to professional services. That is one thing that I have noticed, the documentation is really unclear.

Ping and ForgeRock. In our company, because they are competitive and have an edge over SiteMinder, they are even considering going for ForgeRock or Ping. These companies are more flexible and are open source products, whereas SiteMinder is propriety. 

So unless we get into something, then we can't even go to open source and get the information. It is basically, we have to reach out to CA to get answers. 

That is what management is looking for. They want versatility, and when senior management looks for a product, they are looking at:

• Can we customize a product? 
• Can we add features? 

That is the thing that they're looking at, and they are finding Ping Identity, or Ping products, and ForgeRock products more appealing than SiteMinder.

I have been working with Site Minder for the past 10 years, maybe more. However, I know the product, therefore I am able to manage it. The people in my team, they are not really happy with it, mostly from the support perspective.