Symantec Siteminder Reviews

It is basically for authenticating the users, whether it be privileged users or employees. Thus, we use that single sign-on (SSO) as an authentication mechanism.

It is a simple solution to implement, and it provides additional flexibility.

Right now, federation that comes out-of-the-box with single sign-on is the most valuable feature that we have, and also scalability.

Better documentation. I went through some sessions on single sign-on for version 12.7. Whatever features we are looking for from a REST API perspective, they will be there. So far, it is good. We have to implement it, and figure out what is good or bad about it.

There are a few other competitors which are taking up advantage over the segment being more agentless. SiteMinder is more driven with agent-based authentication, but the others are going with being more agentless. So, we have to go into the more next gen technology, where other vendors are going into, and that is where SiteMinder is lagging behind. The speed at which they are bringing up these features, it is very slow. 

It is stable, but certain features which are out in the market are not available to make it more robust.

We are able to scale well with the amount of users that we have and the users that we are supporting. So, it is quite scalable. However, it does not scale vertically. It is only scalable horizontally. Therefore, it increases the footprint.

Right now, we have hundreds of policy servers between two datacenters. If it was vertically scaling, the footprint would have been reduced, and we have been looking towards a solution. However, the SiteMinder platform as such, even the 64 bit, is built on a horizontal scaling architecture. I do not think it is built on vertical scaling. Even if it is, for most of the companies like us, where we invest in a lot of infrastructure, vertical scaling would not really help.

We had a legacy implementation, and their technical support has been acclimatized to the new partnership federation, so they could not help much in terms of the solution. Therefore, I had to do trial and error to figure out what to do with it, and get it working.

Over the past years, CA support has been only focused on problem areas. When there is a specific problem, they will focus on resolving that problem. They are more focused on closing tickets. They are more focused on getting the tickets closed than resolving them. If the solution is not resolved, and if I requesting, "Hey, I want a couple of weeks for that to be open." Sometimes, they do it. Sometimes, they say, "Hey, we will close the ticket, then you can reopen a new one."

Other instances, if it is a feature that we need answers on, support sometimes says you need to get professional services to get engaged. I do not know whether it is the right direction that CA wants to go, because support is something that support professionals are supposed to know about the product. I would go and open up a ticket to get answers based on the feature that is available or what we are planning to do. We cannot just go hire professional services for everything that we do.

All of the feedback within our team for CA Support is not good. It really is on a very low level, but then it is very specific for CA SSO. The CA support for other products, like CA Spectrum, has been good. However, for CA SSO, it is absolutely poor.

The initial setup was straightforward. Also, we have been doing upgrades, in place upgrades, as well as cloning infrastructure, which has been pretty straightforward. 

However, the documentation is very unclear. It is painful to go through the actual documentation and get the information which we need. 

I opened up a ticket a couple of weeks ago. It was on strong authentication where we wanted to upgrade from an older version to a newer version. I had to go through three documents and open up a ticket to understand how the upgrade process should happen. It was so confusing. In one document, they say something, and in another document, they say another thing. I actually had to open up a ticket for this. I wanted to delegate the work to somebody else, and when they asked me the question, I did not have the answer, because it was distributed across three documents.

Even during my initial deployment of strong authentication, this was the older six stack two version, if I would have gone through the document to build it, I would not have done it. We had professional services sitting with me, because I was doing a PoC. At that time, we went through the installation, and I was able to receive some help.

But for everything, I cannot go to professional services. If the documentation was straightforward, then I do not have to refer to professional services. That is one thing that I have noticed, the documentation is really unclear.

Ping and ForgeRock. In our company, because they are competitive and have an edge over SiteMinder, they are even considering going for ForgeRock or Ping. These companies are more flexible and are open source products, whereas SiteMinder is propriety. 

So unless we get into something, then we can't even go to open source and get the information. It is basically, we have to reach out to CA to get answers. 

That is what management is looking for. They want versatility, and when senior management looks for a product, they are looking at:

• Can we customize a product? 
• Can we add features? 

That is the thing that they're looking at, and they are finding Ping Identity, or Ping products, and ForgeRock products more appealing than SiteMinder.

I have been working with Site Minder for the past 10 years, maybe more. However, I know the product, therefore I am able to manage it. The people in my team, they are not really happy with it, mostly from the support perspective.

Validation of people's logins when they log in to their PCs. Everybody, when you turn on your PC, you go SiteMinder to login. Security.

It has performed very well, it does what we need it to do, it's reliable, and it doesn't impose any overhead on the user or on the platform.

• Ease of use for the user 
• Security, of course
• The ease of setup and installation

We can definitely control our user experience better on the PCs. People don't necessarily have to worry about losing something, like a PC, or a tablet, or a phone, because it's controlled by SiteMinder. We can remote wipe it, we can do all sorts of different things to secure it.

Answering this would require me to know what the current platform does or doesn't do, and I'm afraid I'm not a good enough judge to make that evaluation. I might say something and it's already there, and I just don't know about it.

I will say the user interface for login is kind of plain. They could make it a little prettier. The site is a big, blue screen, with "SiteMinder," and that's pretty much it.

It seems pretty stable so far. It's a mature product, it's been around for a long time.

We're using it on thousands and thousands of devices, thousands and thousands of users. So, it's very scalable.

Our customers use it to log on to our site.

It has performed very well, so far.

• Authentication
• Authorization 
• The user repository

Without, with the number of customers using our site, if that portion was down, our contact center wouldn't be able to handle the calls, if the authentication and authorization wasn't working.

It has streamlined a lot of the functions, and for all our applications they don't have to worry about the security part, they just ride the application and SSL handles the authentication, the security part of it.

The OpenID Connect piece, we would like to see the new technologies baked into the product, as opposed to going out and using a different product to accomplish the same thing. So OpenID Connects would be great, to have that kind of plug-in, into SSL without having to go in and install new products.

It's very stable. We have experienced occasional downtime, but once we work with support we find the problems and we solve them. Once everything is configured and working, it's stable.

In terms of scalability, so far we haven't really had issues with performance, we haven't faced any problems yet.

Technical support is good. Once we escalate, the proper channels get the tickets, then we have no issues with them.

When selecting a vendor, what is important for our company in that relationship is, obviously, the history that we have that we have with the different companies, and meeting the requirements.

I rate it a nine out of 10. Sometimes it's just a matter of figuring out the quirks and how it works. But once it works, it works really well.

I would definitely recommend it. It's a product that does what it does very well. Once it works, it just works and you don't have to mess with it.

We use Single Sign On to provide, of course, single sign-on to a variety of web applications. We use it to federate identity for remote web applications as well.

It's performed well. We're on an older version, so there's the occasional stability issue, but overall, that's what you're going to see in any enterprise environment.

As our identity model continues to mature, probably the Federation is most valueable. 

In IT, you're seeing a large shift to the cloud, and to using software as a service applications and, because of that, you still need to be able to securely assert identity. The Federation components of CA Single Sign On allow us to do that effectively and with minimal resource investment, to realize functionality.

It allows us to get, again, both externally hosted and internally hosted web applications up and running using centralized credentials in short order. It makes it easy.

I've talked to them about this: I'd like to see a rework of the user directory configuration. In Single Sign On, whenever you set up a new user directory, there is a pretty specific number of hoops that you have to jump through in order to maximize throughput between Single Sign On and a user directory. A lot of those aren't documented, so the only way you typically get that information is by engaging CA support, which, if you don't think you need to do that beforehand, you're going to have an unpleasant surprise when you cut over. 

So, either reworking the user directory configuration would be great, to make some of those hoops that you have to jump through unnecessary, or redundant. Or, failing that, reworking the documentation for setting up the user directory, explaining the rationale behind why you have to do the things you do. Because, if it were documented, at least then you'd be able to set it up effectively without incurring downtime, as you find out how to do it the right way.

In terms of the stability issues, what we do see is frequent Policy Server service restarts. What will happen is SM Policy Server will die and be restarted by the SM executive. That happens relatively frequently. But again, we're on an older version, and we've been told by CA that that's the reason why, and that it has been patched in later releases of the product. 

But the executive restarts the service as fast as we can log in and look to see, is there any service impact? The environment is once again processing authentication and authorizations. Not only that, but, we do have a relatively large environment as well, so we have policy servers running and multiple datacenters. It's not just one in each datacenter, it's several in each datacenter. So we don't see any large, sweeping impacts to our enterprise authentication traffic; when one goes down, it gets restarted. Although, it is a pain because you do have to allocate resources to go and verify that yes, indeed, it did come up.

The scalability? I think it does well. We've been able to scale horizontally at various times throughout the lifecycle of the product, within our environment, with minimal fuss. It's been good.

It's good, actually. Very good. The product knowledge that they have on hand with that staff is more than adequate. They've sent people on site on several occasions. We've engaged them not only through the phone, but through the web submission portal, and in person. At every opportunity, CA staff has been professional, knowledgeable, easy to work with.

We were using something previously but I don't recall what it was. In terms of switching, it's a similar decision chain to what you think about when you need to invest in an upgrade. Is there a problem with stability? Is there a problem with scalability? Does the solution meet the evolving needs of your enterprise? 

From what I've heard, the solution that was in place in the past was very unstable. In terms of comparison, Single Sign On is much more stable from what we've seen, than the previous candidate. That's why we decided to make a change. We evaluated the options at hand, and selected Single Sign On to move forward.

I wasn't involved in the initial setup for our current environment, but I'm involved with a project that is setting up the upgrade environment. It's pretty straightforward.

When we are looking for a new vendor, what's important to us is the relationship between us as a customer and the vendor. That has to be strong. They need to be available and supportive of our vision. 

Also, we're looking for somebody who also can help us define that vision in places where we might not have it all the way fleshed out. You could go through the list of things that you're looking for in a vendor, and build out a wish list, but, realistically, somebody that supports us when we need it, helps us to figure out where we're going when we don't quite know, and, provides technological solutions that support our long term vision. CA does that, and that's why we're with them.

I gave it an eight out of 10 because it's a really good solution. No solution is perfect, so that's why I picked eight.

I would say to give CA Single Sign On a good hard look. There are a lot of other competitors out there folks like, Okta, PingFederate, I think IBM has a product that does something similar.

I would tell them that CA Single Sign On is a worthwhile option. If they're doing their research, take a look at it, and see whether or not it meets their use case. It does for us, and it does it well, so I would certainly recommend it.

We use it for authentication and authorization for our website. We have multiple external and internal websites that we host, so we are using SSO for authenticating and authorizing for all those websites.

It has performed quite well. We have been using it more than 10 years now.

• Authentication
• Authorization

for our websites. These features are important because all the sites need authentication for security purposes. That has been handled pretty well all these years with SSO.

It doesn't take time for us to configure, maybe because we have been using this product for so long. In terms of security rights, a lot are covered under SSO, so we don't actually have to go and do something on the back end.

We would like to the OAuth be more stable, more issues being fixed rather than not.

We're pretty happy, but there are some scenarios with the new stuff, like OAuth - where authentication happens from Google, Amazon - in which they're still lagging right now. They're developing it, but we have been using SSO for a long time and Oauth capability was not there, and it recently started this year. So we had a little bit of a question, "Should we still use this product or we should go to another product?" That was the one concern.

Stability? There have been some issues but over the years but it's pretty stable. The issue we encountered was a whole site going down. But we were able to bring it up.

Scalability is pretty good.

They're pretty good on some of the non-issues. There are some delays, however, and they keep on asking for logs or try to delay it, maybe it's stuff they don't know. But in most of the cases they respond pretty quickly.

I wasn't in on the initial setup, but I have been installing a lot of the newer versions. Compared to six, seven years ago, now it is very, very smooth.

I would still not rate it a 10 out of 10 because, like I said, we had some issues with the OAuth here and there. Once those are done right, I think it would be a nine out of 10.

Regarding advice to a colleague who is researching this or a similar solution, it depends on what they are trying to accomplish. Are they going legacy, where you authenticate, versus the newer federation?

But I would recommend SSO as a solution.

It is reliable.

I do not think there is anything to improve. It is a pretty complete product.

We are using it as we have implemented it. I have not seen anything that is missing.

No issues encountered.

No issues encountered.

The tech support has not been very good for us so we don't use them anymore. We have had some issues. Nobody is perfect.

It was a long time ago, but we stopped using them because of it. It was very long time ago. It might be better now, but it used to not be so good. Now, we solve problems in another way.

We started to use the product before it was CA. It used to be another company's product. CA bought the company a couple of years ago. I do not remember who it was actually.

• Simplified federation
• Integrated Windows Authentication (IWA)

Our customer had two requirements:

• Authentication without any challenges
• Access to the partner's application without any additional login required

The first requirement got covered by IWA. The second requirement was covered by simplified federation.

IWA is an out-of-the-box feature. The SAML-based federation is standard for all tools. However, CA Single Sign-On has made the federation configuration way too simple and handy to set up and use.

Updates as on 09/21/2017

CA SSO is helping us a lot in providing the access solution to the customers. The enhanced features in the Simplified federation and the support for a number of different User store types allow us to support almost anything that customer needs. Very pleased with the new Reporting tool from CA that has ut of the bx integration capabilities with CA SSO and is an excellent tool for simplified and useful reports.

My customer is able to get seamless authentication done using IWA and straight access to the partner's application without any further authentication.

Reporting an auditing was one of the most needed requirements that was fulfilled very easily by CA SSO.

The upgrade/migration process can be simplified further.

If the reporting feature can be integrated into SSO itself that will be an icing on the cake.

I have used this solution for almost eight years.

Not until now form CA SSO side. Only one time we had to deviate from requirement because CA SSO does not support Oauth as a token provider and need additional tools to achieve this.

We have never experienced any stability issues.

Up until now, there were no scalability issues. We are able to manage around 25K users without any issues.

Good customer service for the support and comfort to the customer.

The technical support team is not very proactive. CA can improve in this area. I would give them a rating of 5/10.

This is the first solution that we have tried.

The initial setup was very easy and straightforward.

In house implementation

It is a good return on investment and we are able to deliver SSO as a service.

The price is quite comparable to the other enterprise-level solutions in that market. Since it has a user-based license, one should plan in advance regarding the scope in scalability.

We looked at similar solutions from Oracle and IBM. However, CA was much better, in terms of its user-friendly nature and the cost.

The major focus should be on planning, design, scope, and scalability. The rest is a piece of cake.

It provides the breadth and the width to provide solutions for the different kinds of technologies which we have. Stability is the most important thing for us. It just allows the user a simple, one way of authenticating. They really made life simple for the user and and the user experience has improved. The user doesn't have to memorize and retain many passwords. They provide a secure and an easy to use solution.

As we are moving in to the mobility space, this is where we really see SiteMinder and their other product really come together to provide a solution base to a different area where the IoT is coming, the different business communications are happening. All of those things require authentication and we really want to see this product grow into that role.

We have been using SiteMinder for the last 15 years and we have been very good and successful in implementing the solutions. The solutions have been working for us. We have not used up any of those solutions since 2001.

Regarding the implementation aspect of it, any Single Sign-On solution has multiple components to it. The client side solution has a required plug-in, which is very easy because the majority of the web servers which are out there, their support is always available and for any kind of a new web server comes in and then similarly on the back end side where the servers are really running and it is very easy to incorporate and adopt.

The solution is very stable. It is the most important thing because all of our applications use this product. If the solution goes down and the product doesn't work then we have a major outage in the company, so it is very, very important that any solution we use, not only is it ease of use, but also that it is important that the solution is stable, and it works the majority of the time. Of course, no software solution is 100%, but as long as it provides 99.9% availability, that's what we look for.

It's very scalable as a self service solution and you can add as many servers as you want, and as many locations as you want. There was a time that we had 20 million customers based on this one solution. It can support a variety of ways, but there is a number of applications, number of users. All of these things really provide very good and easy ways to scale without many changes to the environment.

The important thing is not only the scalability and availability, but also having a good partnership. When the problem comes up, how quickly can we can solve it? That's one of the best things what CA gives us. To establish a relationship which is based upon the partnership and they are there to help us whenever we have any problems.

They have a tier support model just like any company has, so depending upon the type of issues we are having we usually get a good response very quickly. A back end engineer on our case if this is going on a severity level one, then we get very good support immediately.

The product is 8-9/10. It's very high because of their availability and supportability on different web servers is very, very, highly ranked.

My advice and best practices is always engage with CA. Make sure that you're working and getting their input and to also see what their best solution is. They provide a very good partnership. They give you a suggestion and recommendation. You'll her from them - What is the right thing? What is the right solution? If you engage and build a good relationship you always have a good solution.

The advice is that whatever you are thinking of the product make sure you are talking to the right people. The majority of them are good people and they'll give you the right solution.

Obviously, the most valuable feature is the flexibility of the solution, it being able to be integrated with a number of applications and solutions; and also, the configurability of the solution.

Security is a big concern of our client and it is certainly something that helps the client be able to secure the application and provide a better user experience; doing a single sign-on instead of multiple logins, for example.

I've seen a lot of analytics capability being built in for a number of products. Obviously, I want to be able to use analytics on CA SSO as well.

The client that I manage it for has used it for four years already.

It's a stable solution. It's been in place for quite some time already. There aren’t a lot of operational or technical issues that are related to the system, so it's a stable solution.

It has been scalable, to us, at this point in time. It's been able to support quite a number of applications for our client. It's scalable to us.

Technical support has been great. Generally, support is very responsive, timely, and obviously, we have account support folks that we can reach out to, to be able to support us if there's any technical issue.

With the setup, obviously, with a large organization, there are quite a number of things to be done. There is some complexity involved, but generally, I would say that it's been quite successful.

We knew we needed to invest in a new solution because, obviously, again, security is a main concern of a lot of clients. Generally, the solution is stable, it's one of the leaders in the market, and it was chosen to be implemented.

I think what we will be looking for when selecting a vendor is in terms of support, technical support, when there is an issue. I think that's a key component to us when we implement a product. We want to be able to deal with issues when they arise. Can we support it? That's what we will look for from a vendor.

Generally, it's been a great product for us to use. It's been stable. It's been a good product.

The most valuable feature is being able to debug problems, even though it can be a little bit complex and you have to know quite a bit to be able to dig around, root around, and figure out what the problem is. But I think getting into it, once you understand it, it's not too bad.

It definitely makes customers' or users' lives easier. People don't really appreciate it until they don't have it. Once everyone has SSO, if you took it away, they'd say something like, "Oh my God. I've got to put my password in every single time."

Just having it there, even though people may not consciously realize it, is a big benefit for companies. It simplifies things; reduces user/customer frustration.

• I would like to have a really simple interface; a more modernesque, cloud-based interface, with dynamic real-time information on the various configurations or object configuration points that associate with the applications.
• Ease-of-use
• Smarter error messages

It's had its moments in the past couple years. We've had interesting bugs that we've hit. When you see those bugs, and when they hit you, and it hits production, you get this big skew of, "This is a problem. This is not good." You feel like, "Why did this make it through QA?" Ultimately, there's going to be explanations, potential revenue loss.

CA SSO does have stability issues. Once you can find ways to get around them, whether it's fixes or you configure around them, it starts running for a while and it's OK.

It can scale. You could add more infrastructure. It's very manual.

CA was talking about doing a Dockerized solution, or being able to push out and basically configure new instances of the components. I haven't heard much about it recently.

CA SSO can be scalable, but it's not exactly the easiest thing to do. There is a lot of manual work involved.

I'm not very happy with technical support. I know the people in technical support. I usually give the frontline guys a chance but usually, when I report issues, I've kind of gotten as far as I could and I usually need somebody on the back line. With my recent cases, I haven't been too happy with the technical support that I've gotten.

I wasn't involved in the initial roll-out or the initial discussions around the solution. From previous experiences, it's usually, a company realizes, if you're part of the security team or the identity team, if the company gets to a certain size, they try to find ways to make things easier to do; not only for employees and customers, but also for audit compliance.

Within that space, there are a handful of companies that do it and they each have their own reputation. CA has a reputation of being a simpler product to use, in some ways, as compared to Oracle, which is a pretty complicated product to roll out. There's a handful of players. Usually, if CA wins, then CA is there.

If you compare it on a spectrum of really easy products to deploy – like single-clicks that can maybe even automate themselves and push out their own instances of themselves – versus, here's a big book of steps that you have to go through, I think CA SSO is kind of on the left side of that spectrum.

Whatever you're considering, this is a good solution. It's got all the plug-ins and the various components – app servers, web servers – and you can customize it quite a bit.

In its space, most of the other competitors have the same sort of challenges. It's probably a little bit easier out of the box to get it to work.

For what it is, it does things reasonably well, once you get it working.

It definitely has maturity, but for all the number of releases that it's been through, I kind of expect that over those years, it just gets better and better. Like, with Microsoft, after three times, Microsoft usually gets something done really well.

CA has gone through SiteMinder/SSO 3.5, 4.0, 5, 5.5, 6, 12, 12.51, 12.52, so you start getting into the game of semi-releases, for different reasons. There hadn't been much changes in SiteMinder significantly until the 12.5 series, so between 6 to 12, there wasn't that much change, and then 12.5, there's a bit more change.