Symantec Siteminder Reviews

The ability to easily manage user accounts is great.

Segregation duties is another great benefit. It has allowed us to automate the process of creating user accounts really well.

I can't think of any additional features I'd like to see, as it does everything we need.

We've been using it for around two years.

It’s been very stable so far and hasn't gone down at all.

It’s scaled up as far as we've needed so far. We're a midsize customer with about 2000 users, and it's been totally fine.

They get us answers, but often they’re too slow. It could take us as long as two weeks to get the answers we need. While sometimes it's quick, it has often been slower than ideal.

We’ve always been using this, and beforehand we used a homegrown solution. We switched because it had insufficient automation and our homegrown solution was just too inflexible.

I wasn't involved in the initial setup.

I always look for quality of services. CA have been OK so far, but not a slam dunk. We had one problem where they took forever to get back with us, but they eventually solved the problem fast.

My company also looked at IBM and Oracle, and I don't know why they chose CA.

Check how many endpoint systems it supports. We chose this because of the amount of endpoints, you can automate the creation of endpoint systems, and it has the ability to create custom connectors. It supports the connectors out of the box and this is faster and easier than doing it yourself.

The most valuable features for us are:

• Access management
• Role-based authorization
• Identity provisioning
• Identity federation

The product greatly facilitates a centralized identity and access management system. It provides seamless navigation across different applications in addition to enabling the flexibility to personalize contents based on user attributes without additional requests.

It enables security and single sign-on to applications deployed on thick clients, web based applications, and ERP systems.

It easily integrates with third-party service providers by enabling federation gateway capabilities.

There is a considerable improvement in the product from previous versions, but a few items we feel need a little attention are the web agent installation process and steps – as it behaves differently on the same OS.

Improvements are also needed in the password policy template customization and it's missing the required documentation to do it.

The knowledge base needs to be enhanced as there are very limited resources on the web while debugging issues.

Avaya has used SiteMinder 12.5s2 and IdentityMinder for eight years. We also use the following products -

GovernanceMinder 12.6 – New to Avaya; in initial deployment
PIM R12.8 New to Avaya; in initial deployment

CA Single Sign-On – No issues encountered during deployment.

CA Identity Manager – No issues encountered during deployment.

CA Privileged Identity Manager – Few issues encountered during deployment, mainly related to resolution of DNS entries for Active Directory.

So far no issues encountered with stability.

So far no issues encountered with stability.

It's very good.

It's very good.

No previous solution was used.

It was a mix of internal Avaya and an IdmLogic team.

CA Single Sign-On was deployed by an internal Avaya team and CA Identity Manager was deployed by the IDMLogic team.

A CA team was instrumental in deploying CA Privileged Management solution.

CA and IDM Logic have very good expertise in implementation of these products.

No other options were evaluated, it's just upgrades.

Have a significant knowledge of the applications transitioning, as it requires interfacing with these products to ensure proper adoption. Have a roadmap to integrate identity and access management into your organization.

We use single sign-on to provide a single login page for all of our client apps across the organization and it performs wonderfully. We almost never have outages nor see slowdowns, not from our stuff anyway. 

People do not have to remember 35 to 40 usernames and passwords. They have a link to go to their page that they need to work on, and it is there. It knows it is them. If we lose an employee, they no longer can sign in from anywhere in the world, they are immediately gone. 

Simplifying the user experience. We use a lot of integrated Windows authentication with it. All of our applications get a point, click, and you are in, while we increase security at the same time.

I would prefer to see their SAML integration be a more streamlined and easier interface, more like PingFederate's interface. Their product works just as well for that use case, but we do not use it, because it is a much larger learning curve to get it running.

It is one of the most stable products in the banking organization that I am in. It never goes down and if it does, it is usually because my partner or me did something to it. 

I have been using it for a year. The company has been using it for probably 20 years. It has always been a very stable product.

It is immensely scalable. We have 18,000 employees running on six servers right now. They are not even at 10% usage, but to spin up more just to add a server and plug it in, it is ready to go.

Technical support is fantastic. They provide quick answers. It is very rare that it takes more than two or three days to actually resolve a non-production problem. With a production problem, they are right there with you the whole time until it is fixed.

We have had large-scale issues, but it never really took them a long time to fix. Usually within a few hours, we would have a fix.

They also take use of their community.

I was not involved in the initial setup, but I am involved in building a parallel platform right now for an upgrade. 

The upgrade is a very straightforward setup, easy to install and run. A little bit complex to set up rules, but that is why you want engineers around.

We have a resource that we are paying for from CA, but we really do not need to use them, except for on the Identity Management side. 

I would absolutely recommend they go with SiteMinder SSO. I have worked a little bit with some of the other products out there and they are not as easy to use, and they are definitely not as stable. Shibboleth is a competing free product. It is horrible. A lot of companies use it, but it is not fun.

Because I am new to this area, the thing that surprised me about CA is how quick they are to respond to changing needs. If we tell them we need something or do not know how to do something, they make it happen for us. It seems crazy for such a large organization to make that kind of move. 

The tool is easy to integrate with old, archaic, existing infrastructures that may not have been built with security in mind in the first place. With very little modification, we can usually secure a platform that never really had it before.

Most important criteria when selecting a vendor: responsiveness. When everything is good, the vendors are always around. It is how they respond when you have a problem.

The most valuable feature is being able to debug problems, even though it can be a little bit complex and you have to know quite a bit to be able to dig around, root around, and figure out what the problem is. But I think getting into it, once you understand it, it's not too bad.

It definitely makes customers' or users' lives easier. People don't really appreciate it until they don't have it. Once everyone has SSO, if you took it away, they'd say something like, "Oh my God. I've got to put my password in every single time."

Just having it there, even though people may not consciously realize it, is a big benefit for companies. It simplifies things; reduces user/customer frustration.

• I would like to have a really simple interface; a more modernesque, cloud-based interface, with dynamic real-time information on the various configurations or object configuration points that associate with the applications.
• Ease-of-use
• Smarter error messages

It's had its moments in the past couple years. We've had interesting bugs that we've hit. When you see those bugs, and when they hit you, and it hits production, you get this big skew of, "This is a problem. This is not good." You feel like, "Why did this make it through QA?" Ultimately, there's going to be explanations, potential revenue loss.

CA SSO does have stability issues. Once you can find ways to get around them, whether it's fixes or you configure around them, it starts running for a while and it's OK.

It can scale. You could add more infrastructure. It's very manual.

CA was talking about doing a Dockerized solution, or being able to push out and basically configure new instances of the components. I haven't heard much about it recently.

CA SSO can be scalable, but it's not exactly the easiest thing to do. There is a lot of manual work involved.

I'm not very happy with technical support. I know the people in technical support. I usually give the frontline guys a chance but usually, when I report issues, I've kind of gotten as far as I could and I usually need somebody on the back line. With my recent cases, I haven't been too happy with the technical support that I've gotten.

I wasn't involved in the initial roll-out or the initial discussions around the solution. From previous experiences, it's usually, a company realizes, if you're part of the security team or the identity team, if the company gets to a certain size, they try to find ways to make things easier to do; not only for employees and customers, but also for audit compliance.

Within that space, there are a handful of companies that do it and they each have their own reputation. CA has a reputation of being a simpler product to use, in some ways, as compared to Oracle, which is a pretty complicated product to roll out. There's a handful of players. Usually, if CA wins, then CA is there.

If you compare it on a spectrum of really easy products to deploy – like single-clicks that can maybe even automate themselves and push out their own instances of themselves – versus, here's a big book of steps that you have to go through, I think CA SSO is kind of on the left side of that spectrum.

Whatever you're considering, this is a good solution. It's got all the plug-ins and the various components – app servers, web servers – and you can customize it quite a bit.

In its space, most of the other competitors have the same sort of challenges. It's probably a little bit easier out of the box to get it to work.

For what it is, it does things reasonably well, once you get it working.

It definitely has maturity, but for all the number of releases that it's been through, I kind of expect that over those years, it just gets better and better. Like, with Microsoft, after three times, Microsoft usually gets something done really well.

CA has gone through SiteMinder/SSO 3.5, 4.0, 5, 5.5, 6, 12, 12.51, 12.52, so you start getting into the game of semi-releases, for different reasons. There hadn't been much changes in SiteMinder significantly until the 12.5 series, so between 6 to 12, there wasn't that much change, and then 12.5, there's a bit more change.

The most valuable feature is that it's a rock-solid enterprise solution. It's the de facto standard. It works. It does what we need it to do in those circumstances, and it does it at scale.

It presents a standard pattern for people to secure their applications. In that regard, along with the tooling that we've built around the product, but the product itself as well facilitates app teams being able to do their application development, and then let security be layered on in the front of that. Given that we are a bank and we have significant issues around strong authentication, etc., that means, we can take care of that. The app teams don't need to keep up to date with whatever is new and current. They can just keep deploying applications. We deal with the security.

I think our questions, from me and our team, relate potentially to other products in the CA portfolio. There are other things such as strong authentication, risk-based authentication, and especially API management, which all represent a portfolio that could be integrated. Our interest is knowing the roadmap for making those part of a more seamless offering. If you like, it's the aggregation of the features of all those products, and how they come together.

It's very stable. I don't know that we've ever had it go down on us. It's occasionally gone really slow, but I don't think we've ever had a complete and utter outage that was the result of the product.

It scales. You have to pay attention to its dependencies on the rest of the ecosystem, and especially the directory. That's what's bitten us before; make sure that your directory is responsive, near, and is scaled appropriately for CA SSO.

We use technical support. It's not the best feature of CA. Lots of enterprise product companies have variable support offerings. CA are not the worst, but they're not the best. They're okay.

I wasn't necessarily involved in the decision to invest in a solution like CA SSO . I was brought on post that decision, but it can really be summarized as: The previous solution was a combination, a kind of hybrid, of a third-party vendor who we fell out with, and some home-produced stuff that was clearly not fit for purpose. There were commodity products out there that could do it, and SiteMinder, CA SSO as it is now known, was the best and most scalable one at the time. We have a large enterprise, so it was the obvious choice.

I believe the one that we had fallen out with, a big third-party vendor, was still on the list but for nontechnical reasons, they were not really considered. I think there were two other vendors in the frame.

It's difficult to name the most important criteria when selecting a vendor like CA. In our minds, CA is a product company and not so much of a solution company. I think they have aspirations to be a solution company. Delivery of a solution, working with us on the requirements is quite important; understanding our problem and our space. Price is actually quite an issue with us. The new, modern world, cost constraints, especially in the financial services sector; we're all looking to improve margins in a tough climate. Cost is an important issue as well.

You definitely need to consider CA SSO but you need to be mindful of the new ways of developing applications, and possibly look at the CA API Gateway product or some hybrid solution as well. You definitely need to consider CA SSO.

It is quite solid. It's never really gone down. It's a well-understood and reliable piece of our enterprise. The only reason I didn't rate it higher is that it's becoming a little less appropriate for the more modern styles of web application development, which is why I am curious about CA API Gateway and leveraging that. I think that represents all the features that are missing from CA SSO.

Clearly, we can go and buy the new product set and I guess CA would love that, but there needs to be a story about how the two live next to each other. It seems like that story is worked on in the SSO world, and it's worked on in the Layer 7 world, in the API Gateway world. I don't know if it's being worked on as a consolidated whole; a solution. That brings me back to the point I made elsewhere about solutions vs products.

It's flexible, powerful, and superperforming, I'd say. It performs very well on the road.

We can secure many access points, whether they are local apps, or on-premise, or in the clouds with third parties, with partners, or with customers. It manages user profiles and identities so we can secure and standardize our web access management.

The admin UI needs to be more stable. They should bundle more of the products and get rid of a lot of the small pieces which we need to configure on the top of the initial setup. Examples of this are the SM Console and the registry.

It should be easier to implement and deploy; and it should support more platforms, such as more operating systems.

It is much more stable than it was before. Now it is getting to be very stable, especially when you tweak it properly and follow CA best practices.

It's very scalable. Right now we're on the 32-bit version. We need to add more servers and more capacity to handle the loads. I hope the next version will be even better than it is now.

Technical support is above average. It used to be below average, but they improved a lot over the past year and a half.

• We needed to implement secure access. CA is a leader in this area, so we went naturally with the best. We also chose CA because of the way they interact with customers, pitch new features to us, ask us for feedback, and provide us with support.
• The product itself is easy to implement.
• The login is super-responsive so that there is no lag before you can access the system. This provides a positive user experience. It is flawless. I log in once to my portal, and that's it. CA Single Sign-On takes care of everything else.

You need to know exactly what you need to do. So you need to know your use cases, your needs. Just go ahead, contact CA, and see what comes out of it. It's a great product, so just use it. Try it out.

The biggest value for us is being able to use SSO as a service that we can expose to all of our customers. For all of our customers, the idea is to have a single sign on where one account is created to access all of our systems.

It really improved the speed to market from account creation through provisioning, and onboarding. That's really one of the biggest advantages. Also, as users move from system to system, their account access follows them through it; so you don't need to create new credentials every time. That's one of the biggest benefits for us.

For instance, we have our HR system and our time reporting system. Those are two separate systems, but integrated access is possible using a single profile. It's great. You log in once, and you get that seamless account integration.

I'm not sure that it needs to do any more than it already does. I think as a solution, SSO works pretty well out of the box today. Out-of-the-box integration with other products would be an improvement, like the API Gateway; how we use the SSO in the Cloud organization and Sandbox; those kind of things. I think that's solved in this kind of integrated solution. But it would be if that was supported out-of-the-box.

But I think it's good. We're not in any major problems right now, so things are good.

It has been very stable.

We haven't had to scale really far out yet, but that's coming. We're probably going to double our usage in the next 12 months. That remains to be seen, but we don't really foresee any major problems there.

Technical support has been great. We do rely on them quite a bit. The organization is small, so having the ability to reach out to some really qualified people on the team helps. They've stepped up and really helped us through some of our implementation problems early on; but we're all good now.

Initial setup is pretty straightforward. There were no major problems there. Some of the use cases we are doing are a little complicated – that's where the nuance came in – but, from a high level, as a 'ready-to-go out-of-the-box' solution. It's been fun.

We looked at some of the Microsoft tools, ADFS and those pieces. We also looked at Azure and all those; but ultimately, we wanted something one per miss. We wanted it to be a service so that we could expand. We wanted to be able to scale up at our pace; and that's really where the SSO product fit right in.

From our experience, start with a focus group first. Understand what the problem is, and what the needs are. Get those initial users in, and then focus on your long-term objective. If you have a very large set of people, you need to get into the system. Don't try to get them all at once. start small. Go to that business case, get the proof of concept. Take that pattern and evolve it.

For us, it’s the best-of-breed pick on the market today. More importantly it’s the least complex enterprise solution that we can manage. It integrates well with multiple applications in multiple environments. That’s a big deal for us.

It makes it easier to find all the policies we have in place and run. Less work for me!

One big problem we have is keeping track of the various patches and bug-fix releases. They come out for different platforms (Windows, Linux, etc.) and it’s complex. It’s tough to keep up with all the releases and bugs that get fixed.

It’s complex compared with similar products out there.

It’s stable and mature, but we’ve had challenges as we grow. We see glitches here and there, and a little bit of latency in performance.

We have challenges, performance issues for which we’re unable to find the root cause as we scale. But we’re working with CA on this.

It’s excellent. We’re able to get enough attention for fixes. Sometimes the cycles are long, but it’s still good considering what we need.

The initial setup was not straightforward. It definitely has its learning curve.

It loses points because of the performance issues when we scale, which has to do with the complexity of our environment. If it’s out-of-the-box, maybe others don’t have this issue, but we do because we’re large.