Symantec Siteminder Reviews

Our primary purpose for using it is to manage and control access to our web applications. We've extended the use somewhat to protect other environments in our shop where we need to authenticate users.

For example, we have a GemFire caching product, and we want to limit what data users can access within the GemFire environment. So we leverage SiteMinder and its policies within GemFire to authenticate the user and to authorize them based on what type of data they are accessing.

We also use it to federate identity with external clients and vendors. We use the federation component to federate identities between ourselves and outside third-parties.

We're moving to an API-based application development model with SiteMinder in that environment. It's important for us to be able to handle authentication and authorization issues when client-side mobile apps are calling to our services. We needed to handle the responses from those authentication problems better than the traditional SiteMinder SSO system did. 12.52 provides a really nice web-app customer response feature that allows us to customize responses back to the mobile app or the browser assignments.

We're really interested in the containerized version of CA SSO where the product will be delivered as a container image rather than the traditional binary.

We'd also like to see a more streamlined implementation update process.

Also, I think they need to improve their support a little bit better especially with experienced customers who are very knowledgeable in product. It's difficult when working on level higher than support.

We brought it in a little over 10 years ago. We're currently in production on 12.0, but we're right in the middle of our migration to 12.52.

We have a very carefully planned roll-out of these products. We won't go into production as long as we're having stability issues. I would say for 12.0, our experience was fairly elongated to get to the resolution of some issues, probably a couple of months. With 12.52, we've had a couple of issues, but we already have patches and work arounds for them, and so we think that things have improved.

In the past, whenever we migrated to a new version, there's been a little bit of stability issues at the beginning and I would say with 12.0 in particular we had some stability issues. But we believe 12.52 is a lot more stable, but that's yet to be seen.

It's a hit and miss thing, like all support organizations. For the most part, for simple problems they can get to a resolution fairly quickly. If the problem is a little more complicated, they really struggle with getting us a solution. We usually have to escalate the problem to our contact engineer. But then it depends on how important the problem is. If it's like a real critical problem affecting our production environment, we'll push a little harder. We'll call up our CA representative and try to escalate the problem.

I wasn't involved in this initial decision to bring it in, but I was brought onto the team fairly soon thereafter.

I think Oracle and IBM have similar products. For due diligence purposes, We occasionally take a look at other vendors and compare features, but so far we're happy with CA.

I would totally recommend this product, but I think CA has a really good handle on what the drivers are and where the business is going in terms of application development. They seem to be a good fit.

The most valuable features are security and ease-of-use.

Tokenization of the web applications is easy for application owners to integrate with the tool. On the back end the dev side, and the deployment cycle with web agents and policy creation are easy.

It's seamless with several hundred internal applications, which is a time and frustration-saving mechanism. It definitely gives a productivity increase with less time logging into things instead of logging in from application to application, while maintaining the security layer.

We’d like them to go back to the C version of the admin console. It was much smoother than the web-based version. Everything else is pretty good.

Very stable product. The only time we’ve had problems with it is deep behind SiteMinder, which feels the ramifications. The application we’re protecting usually has the issue, not the SiteMinder/SSO itself.

Very easy to scale. They have a good sizing guide it vertically scales very easily.

Once you get past the first level, it’s good support. Typically once you’ve supported the CA product for a couple of years, you probably know more than first-level support, so it’s frustrating to explain to them the issue.

It was already in production when I joined.

It’s definitely an industry leader in the web access realm. It’s easy to deploy and integrate.

You need to understand the overall design of your web infrastructure, and what do you want to protect – the entry point or the entry point and application server? Design questions, really. You need to decide whether you want fine-grain or course-grain authorization. For the CA solution, make a support matrix and understand other peripheral products in the environment.

It is a flexible platform.

Using this product makes it easier for enterprises to integrate a majority or even all their apps into one single solution for access. Its easy-to-use functionality is the most valuable part.

The primary benefit of this product is security. It improves the overall security posture of the organization.

Secondly, establishing such a platform helps in saving costs as different applications are not trying to build their own security solutions and spend more money there.

A simple feature that still does not exist but it should be implemented as soon as possible, is that if a user is accessing an internet app from the internet, then it should perform a desktop single sign-on. But, if the same application is accessed outside of the network, the users should be given a page login. I don't want customization to implement this behavior, since this should be a simple configuration within SSO functionality. This should detect whether you are accessing from inside/outside of the network and accordingly present the authentication. This feature does not exist today and it is something, that almost all our clients ask for.

This is a mature and stable product. It has been a leader in the market for around 10-15 years. I can't imagine another competing product out there.

This product is both stable and scalable. I've seen up to 5-6 million users.

One advice for all would be to build relationships with the CA technical support team.

It is important to utilize your account manager if you're a customer or your partner contact if you're a partner, as this is the best way to get more information from them. In my opinion, building these relationships makes the entire the experience better.

Some of our clients, at times, have thought of using different solutions. The main reason for that is sometimes they do not have skill to harness the capability of this product along with the features that it offers.

When the client approaches CA, it provides an answer that is more product-oriented, rather than solution-oriented, so there is a communication gap. When we are at the client's side, we bridge this gap and that's why our customers are more successful working with us and CA together, rather than working directly with CA.

I was involved in the initial setup process for some of our clients.

For SSO and its setup, the process was straightforward.

It is very important to educate yourself in regards to the capabilities of this product by interacting with CA or attending conferences like CA World as they give you an insight about all that the product has to offer.

Single Sign-On is a mature product and hence I would be confident in recommending it to our clients.

We primarily want to use the solution to implement our SSO, Single Sign-On solution.

The single sign-on is the solution's most valuable feature.

Since we're in the early stages of examining the solution, it's hard to predict what might be lacking.

We're currently unable to find information about if the solution can do a full implementation with SQL. Some better and more accessible documentation for new users or those curious about the product would be helpful.

We want to implement a simple application. Currently, from what we're finding, we're not sure if it would work the way we need it to.

The solution is quite new to us and I only really started looking at it about two or three weeks ago. We're in the testing phase.

We've never contacted technical support.

For a long time, we used SiteMinder, We're currently looking into what might be a better solution for SSO. That's why we're currently evaluating CA SSO. We'd been using the previous solution for two or three years but it hasn't been able to provide us with what we needed. Currently, we're trying to implement CA on servers for IPMP.

The initial setup seems straightforward, but we're curious about the aspect of SSO for SQL servers. We're also investigating from the net side to see what requirements are needed. We haven't implemented or deployed it yet.

We have our own in-house team that will handle the implementation.

I'm an implementor, so I help clients implement the solution for their companies.

We're still in the process of testing the solution. We're currently not providing services on it as we are still in the testing phase.

So far, with a simple implementation of the SSO, I'd rate the solution eight out of ten.

The best feature would be single sign-on across multiple applications for our customer-facing sites. We don't want our customers to have to enter their user ID and password multiple times. We have a suite of a dozen or so sites as well as about 200 external sites that we federate with. Single sign-on is important, and federation is important.

We have a standardized way of integrating with applications so the application owners don't have to handle authentication or security. We handle that for them, so we use the burden from other application owners.

It puts the expertise around authentication and security on our organization where it belongs. The company doesn't have to depend on each individual application to maintain their own security. This allows us to really maintain control over the security aspect of it.

It's also enabled a quicker time-to-market for new applications that have to handle user ID and password security.

A more modern management interface would be nice. The existing interface feels like it's about 10 years old.

It's been probably about 10 years since we integrated with it.

We've had no issues deploying it.

It's been stable for the last 4-5 years, though we had some significant issues early on. We had some performance-related issues that caused some outages. Outages actually happened pretty frequently back then. If one centralized authentication mechanism went down, all the applications that depend on it were also unavailable. We've gotten past that, so we're much more of a reliable, robust platform now.

We serve about 10 million users all over the country in the US. Scaling it is not a problem as we just add more servers at that point. The one good thing about SiteMinder is that to scale you basically just add more servers. You can piggyback, use the same basic architecture, and just add more.

We have support contracts with CA, but it's hit or miss. We have to have an escalation path with a direct red phone to senior management support because of the nature of our contracts. We had to utilize that frequently, rather than go through the lower-tier support. Our infrastructure is different enough than CA's reference infrastructure that we take a lot of time to bring somebody new up to speed. We have a direct line to people who really know our implementation pretty well, and have been working with us for a number of years, so it helps.

Some years ago we had some other vendors early on. But we've got a pretty well-established build out with CA right now, so if we have some significant new functionality in the future, we'll certainly look at other vendors too.

There's a lot of manual work that has to go through transferring a configuration from a lower environment to an upper environment production, so be prepared for that.

I think the most valuable features are handling user authentication and integration with the other applications within the suite, like Single Sign-On.

Multiple users with multiple applications can be authenticated in a single location.

I really can't answer this right now. We have so many other products that serve our needs. There are other vendors that satisfy some of our requirements, so I'm not exactly sure what CA would be able to provide us with.

For the most part, SSO is very stable. Since deployment, it's been very stable for us. We do very regular metrics on availability and we're in the high, high 90s, 99% I think, so it's a very stable, durable product.

I think there are some drawbacks to the scalability. At a recent conference, we heard that it's going to be a lot easier to scale for larger companies. That's going to be good in the future.

Sometimes technical support is slow to respond, and that’s typical. Normally, the first response is, "send us your logs", so they can review our environment. There are specific people assigned to our account, so they know what our environment is like, but they still want to have the log so they can look at it. Sometimes that slows the process of problem resolution.

This decision was made before my time. I came in when the decision was made to go with CA for identity management. Our company was going through a transition of ownership and all the decisions were made at the time. That was about 7 or 8 years ago.

I came 2 or 3 months after the initial setup, so I wasn't part of that. We had a third-party company help us with our development and deployment, so they pretty much took the ball and ran with it. I don't know how complex it was for them. When they presented it to us at deployment time, we were ready to go.

We were looking for anything that would have satisfied our requirements.

Make sure you know who your support staff is, who your vendor representatives are for your account and really get to know them. Give them the requirements that you need and make sure that they're following through. Build good rapport with them. That way they can help you determine what you need to do and feel free in giving different types of suggestions.

When selecting a vendor, we look for:

• responsiveness
• technical support of the product
• accessibility of the technical support teams
• product knowledge
• ability to train their customers on their product

With Single Sign-On, we don't have to do anything in our system.

After they deploy the application, everything works seamlessly. That's the main benefit that we get out of this product. For authentication purposes, we can keep security out of our applications, which is productive for us.

We can rapidly onboard different partners. We don't have to wait for months to do that. For this, we use the Federation feature from CA Single Sign-On, which helps us a lot.

There is a need to introduce more templates in the UI side and this would help design this aspect better. As of now, there are only a few samples available.

There is scope for improvement in this product.

It works fine. We did not find any stability issues. It is very rare to see something go wrong, so the application is quite stable.

However, we have noticed that when you update to the latest version, it can be unstable. Right now, we are in a stable environment.

You can scale it very easily. It works exactly the way the product has been documented. We can scale it well and we did not find any issues with it.

The technical support level is moderate. I would give it a 5/10 rating.

It depends both ways - we need immediate solutions however from their end, it takes time to get answers.

We required such a product, as we were using an old solution. That’s how we started using CA Single Sign-On with the CA SiteMinder.

The setup was not straightforward. I would give it a 7/10 rating - 1 being simple and 10 being complex. So, it was quite complex.

I would advise others to use this tool as it is robust and mostly it solves all the problems that arise in our industry.

We did consider other vendors. However, after we saw the demo for this product, we decided to purchase this product.

The factors we looked into before purchasing this product are the benefits of this product, how CA functions with other tools, costs, the level of support provided, upgrades and so on.

Single sign-on allows you to log into multiple areas and sessions with just one user login. SiteMinder uses a cookie to pass the credentials along to different applications, and it’s encrypted. You can determine how long the session will last before users have to log in again. And if you have NTFS capability, it just automatically logs in again for them, using a firewall to protect LDAP.

We use it for our tier-1 applications through GLBA and SOX. It helps with compliance because we can make sure who a user is, log-in information, etc.

It’s never been an out-of-box solution except for IIS, which installs web servers for you. Basically, you do a bit of configuration, and the client on the other end is heavier use. That’s the beauty of SiteMinder -- you can do anything with it.

It’s really difficult to initially configure, but once you know where the traps are, it’s not a big deal. It’s done everything we’ve needed it to do.

It could use better air handling -- if your policy doesn’t work, you just get some dots instead of real information without looking at the logs. It would be nice to find the info without hunting in the logs.

Once every one to two years, the service will freeze, but if you have redundancy, all you have to do is restart. If you have redundancy, it’s not a big deal. The way it works, is that it does a round robin so that if one server goes down the other three handle the traffic.

Very scalable. You just have to have a central database where all servers hook up to the policy store, and all servers can use the database without a problem. You can then add as many servers as you want.

We’ve been using it since they were Netegrity, who had amazing an KB. But unless you’re standing up a new application, you don’t need it. We only get tech support involved when we have a new application.

I’ve been running SiteMinder since v4, the first time I had to learn everything. It’s easy to export the policy to the policy store, which is your most valuable thing. It’s on v12 now, and I haven’t had to update for two years. We’re no longer handling the server admin, that’s another team, but we’re handling all the policy configurations. We can take that and go from version to version with no problem.

As far as software goes, it’s as close to the energizer bunny as it gets. Every now and again, service will freeze, but other than that it just goes.

It depends on whether you can log in directly to your LDAP and manage it, because that would be easier. If you need the ability for just logging without buying an application and want good security, it’s an awesome solution.

Most people use it as an external firewall, but all our firewalls are internal, so this is a good back stop.