The most valuable feature is that it allows a user the ability use the same credentials for different secured parts of a website. From a user-experience perspective, that's important because you don't want to have to remember or write down several sets of credentials. When a user comes into our website, they just want to go about their business, not spend half and hour trying to figure out how to log in.
Security Engineer at a aerospace/defense firm with 10,001+ employees
Allows a user the ability to use the same credentials for different secured parts of a website.
What is most valuable?
How has it helped my organization?
SSO has been able to bring together many different pieces for authentications -- directories, databases, networks, etc. It's able to, for example, authenticate against ten different directories to give people just one set of credentials.
What needs improvement?
It seems that when there's a new version, patch, or service pack, we find bugs. There have been times where we've had to revert versions because of bugs. It has gotten better, however, and we used to have a lot more issues. There is still a lot of room for improvement in this area.
What was my experience with deployment of the solution?
We've had no issues with deployment.
Buyer's Guide
Symantec Siteminder
November 2024
Learn what your peers think about Symantec Siteminder. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
The stability issues we've experienced have some with new versions, patches, and service packs.
What do I think about the scalability of the solution?
We have it built way above what we need. We have more servers than we need so that we're not impacted if one goes down. We've built in redundancies as well so that there's no single point of failure. We have a highly available system.
How are customer service and support?
Technical support has gotten a lot better. We have a pretty complex environment and we used to have to explain it every time we opened a support ticket. Now the support engineers know our environment.
I'm actually impressed with technical support now because we have many different pieces to our SSO environment with lots of custom modules. They have their resources and can get back to us with answers.
How was the initial setup?
It was initially complex because we had many directories. Upgrades, however, are simple. But there's no way to downgrade. You have to uninstall and reinstall the previous version.
What other advice do I have?
My advice would be to set up several environments, including a sandbox where you can test upgrades and products without impacting users. Then have a dev environment for some users to test.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Program Manager at LS3 Technologies, Inc.
We chose it because you can automate the creation of endpoint systems and create custom connectors. While tech support is sometimes quick, it's often been slower than ideal.
What is most valuable?
The ability to easily manage user accounts is great.
How has it helped my organization?
Segregation duties is another great benefit. It has allowed us to automate the process of creating user accounts really well.
What needs improvement?
I can't think of any additional features I'd like to see, as it does everything we need.
For how long have I used the solution?
We've been using it for around two years.
What do I think about the stability of the solution?
It’s been very stable so far and hasn't gone down at all.
What do I think about the scalability of the solution?
It’s scaled up as far as we've needed so far. We're a midsize customer with about 2000 users, and it's been totally fine.
How are customer service and technical support?
They get us answers, but often they’re too slow. It could take us as long as two weeks to get the answers we need. While sometimes it's quick, it has often been slower than ideal.
Which solution did I use previously and why did I switch?
We’ve always been using this, and beforehand we used a homegrown solution. We switched because it had insufficient automation and our homegrown solution was just too inflexible.
How was the initial setup?
I wasn't involved in the initial setup.
Which other solutions did I evaluate?
I always look for quality of services. CA have been OK so far, but not a slam dunk. We had one problem where they took forever to get back with us, but they eventually solved the problem fast.
My company also looked at IBM and Oracle, and I don't know why they chose CA.
What other advice do I have?
Check how many endpoint systems it supports. We chose this because of the amount of endpoints, you can automate the creation of endpoint systems, and it has the ability to create custom connectors. It supports the connectors out of the box and this is faster and easier than doing it yourself.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Symantec Siteminder
November 2024
Learn what your peers think about Symantec Siteminder. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
Director of Security at a tech company with 10,001+ employees
It enables security and single sign-on to applications deployed on thick clients, web based applications, and ERP systems.
What is most valuable?
The most valuable features for us are:
- Access management
- Role-based authorization
- Identity provisioning
- Identity federation
How has it helped my organization?
The product greatly facilitates a centralized identity and access management system. It provides seamless navigation across different applications in addition to enabling the flexibility to personalize contents based on user attributes without additional requests.
It enables security and single sign-on to applications deployed on thick clients, web based applications, and ERP systems.
It easily integrates with third-party service providers by enabling federation gateway capabilities.
What needs improvement?
There is a considerable improvement in the product from previous versions, but a few items we feel need a little attention are the web agent installation process and steps – as it behaves differently on the same OS.
Improvements are also needed in the password policy template customization and it's missing the required documentation to do it.
The knowledge base needs to be enhanced as there are very limited resources on the web while debugging issues.
For how long have I used the solution?
Avaya has used SiteMinder 12.5s2 and IdentityMinder for eight years. We also use the following products -
CA Secure Proxy Server – 12.52GovernanceMinder 12.6 – New to Avaya; in initial deployment
PIM R12.8 New to Avaya; in initial deployment
What was my experience with deployment of the solution?
CA Single Sign-On – No issues encountered during deployment.
CA Identity Manager – No issues encountered during deployment.
CA Privileged Identity Manager – Few issues encountered during deployment, mainly related to resolution of DNS entries for Active Directory.
What do I think about the stability of the solution?
So far no issues encountered with stability.
What do I think about the scalability of the solution?
So far no issues encountered with stability.
How are customer service and technical support?
Customer Service:
It's very good.
It's very good.
Which solution did I use previously and why did I switch?
No previous solution was used.
What about the implementation team?
It was a mix of internal Avaya and an IdmLogic team.
CA Single Sign-On was deployed by an internal Avaya team and CA Identity Manager was deployed by the IDMLogic team.
A CA team was instrumental in deploying CA Privileged Management solution.
CA and IDM Logic have very good expertise in implementation of these products.
Which other solutions did I evaluate?
No other options were evaluated, it's just upgrades.
What other advice do I have?
Have a significant knowledge of the applications transitioning, as it requires interfacing with these products to ensure proper adoption. Have a roadmap to integrate identity and access management into your organization.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at a financial services firm with 10,001+ employees
All of our applications get a point, click, and you are in, while we increase security at the same time
Pros and Cons
- "We almost never have outages nor see slowdowns."
- "All of our applications get a point, click, and you are in, while we increase security at the same time."
- "I would prefer to see their SAML integration be a more streamlined and easier interface."
What is our primary use case?
We use single sign-on to provide a single login page for all of our client apps across the organization and it performs wonderfully. We almost never have outages nor see slowdowns, not from our stuff anyway.
How has it helped my organization?
People do not have to remember 35 to 40 usernames and passwords. They have a link to go to their page that they need to work on, and it is there. It knows it is them. If we lose an employee, they no longer can sign in from anywhere in the world, they are immediately gone.
What is most valuable?
Simplifying the user experience. We use a lot of integrated Windows authentication with it. All of our applications get a point, click, and you are in, while we increase security at the same time.
What needs improvement?
I would prefer to see their SAML integration be a more streamlined and easier interface, more like PingFederate's interface. Their product works just as well for that use case, but we do not use it, because it is a much larger learning curve to get it running.
What do I think about the stability of the solution?
It is one of the most stable products in the banking organization that I am in. It never goes down and if it does, it is usually because my partner or me did something to it.
I have been using it for a year. The company has been using it for probably 20 years. It has always been a very stable product.
What do I think about the scalability of the solution?
It is immensely scalable. We have 18,000 employees running on six servers right now. They are not even at 10% usage, but to spin up more just to add a server and plug it in, it is ready to go.
How is customer service and technical support?
Technical support is fantastic. They provide quick answers. It is very rare that it takes more than two or three days to actually resolve a non-production problem. With a production problem, they are right there with you the whole time until it is fixed.
We have had large-scale issues, but it never really took them a long time to fix. Usually within a few hours, we would have a fix.
They also take use of their community.
How was the initial setup?
I was not involved in the initial setup, but I am involved in building a parallel platform right now for an upgrade.
The upgrade is a very straightforward setup, easy to install and run. A little bit complex to set up rules, but that is why you want engineers around.
What about the implementation team?
We have a resource that we are paying for from CA, but we really do not need to use them, except for on the Identity Management side.
Which other solutions did I evaluate?
I would absolutely recommend they go with SiteMinder SSO. I have worked a little bit with some of the other products out there and they are not as easy to use, and they are definitely not as stable. Shibboleth is a competing free product. It is horrible. A lot of companies use it, but it is not fun.
What other advice do I have?
Because I am new to this area, the thing that surprised me about CA is how quick they are to respond to changing needs. If we tell them we need something or do not know how to do something, they make it happen for us. It seems crazy for such a large organization to make that kind of move.
The tool is easy to integrate with old, archaic, existing infrastructures that may not have been built with security in mind in the first place. With very little modification, we can usually secure a platform that never really had it before.
Most important criteria when selecting a vendor: responsiveness. When everything is good, the vendors are always around. It is how they respond when you have a problem.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Consulting Systems Engineer at a wholesaler/distributor with 10,001+ employees
Video Review
Being able to debug problems is a valuable feature. I would like a more modern, cloud-based interface with dynamic real-time information.
What is most valuable?
The most valuable feature is being able to debug problems, even though it can be a little bit complex and you have to know quite a bit to be able to dig around, root around, and figure out what the problem is. But I think getting into it, once you understand it, it's not too bad.
How has it helped my organization?
It definitely makes customers' or users' lives easier. People don't really appreciate it until they don't have it. Once everyone has SSO, if you took it away, they'd say something like, "Oh my God. I've got to put my password in every single time."
Just having it there, even though people may not consciously realize it, is a big benefit for companies. It simplifies things; reduces user/customer frustration.
What needs improvement?
- I would like to have a really simple interface; a more modernesque, cloud-based interface, with dynamic real-time information on the various configurations or object configuration points that associate with the applications.
- Ease-of-use
- Smarter error messages
What do I think about the stability of the solution?
It's had its moments in the past couple years. We've had interesting bugs that we've hit. When you see those bugs, and when they hit you, and it hits production, you get this big skew of, "This is a problem. This is not good." You feel like, "Why did this make it through QA?" Ultimately, there's going to be explanations, potential revenue loss.
CA SSO does have stability issues. Once you can find ways to get around them, whether it's fixes or you configure around them, it starts running for a while and it's OK.
What do I think about the scalability of the solution?
It can scale. You could add more infrastructure. It's very manual.
CA was talking about doing a Dockerized solution, or being able to push out and basically configure new instances of the components. I haven't heard much about it recently.
CA SSO can be scalable, but it's not exactly the easiest thing to do. There is a lot of manual work involved.
How are customer service and technical support?
I'm not very happy with technical support. I know the people in technical support. I usually give the frontline guys a chance but usually, when I report issues, I've kind of gotten as far as I could and I usually need somebody on the back line. With my recent cases, I haven't been too happy with the technical support that I've gotten.
Which solution did I use previously and why did I switch?
I wasn't involved in the initial roll-out or the initial discussions around the solution. From previous experiences, it's usually, a company realizes, if you're part of the security team or the identity team, if the company gets to a certain size, they try to find ways to make things easier to do; not only for employees and customers, but also for audit compliance.
Within that space, there are a handful of companies that do it and they each have their own reputation. CA has a reputation of being a simpler product to use, in some ways, as compared to Oracle, which is a pretty complicated product to roll out. There's a handful of players. Usually, if CA wins, then CA is there.
How was the initial setup?
If you compare it on a spectrum of really easy products to deploy – like single-clicks that can maybe even automate themselves and push out their own instances of themselves – versus, here's a big book of steps that you have to go through, I think CA SSO is kind of on the left side of that spectrum.
What other advice do I have?
Whatever you're considering, this is a good solution. It's got all the plug-ins and the various components – app servers, web servers – and you can customize it quite a bit.
In its space, most of the other competitors have the same sort of challenges. It's probably a little bit easier out of the box to get it to work.
For what it is, it does things reasonably well, once you get it working.
It definitely has maturity, but for all the number of releases that it's been through, I kind of expect that over those years, it just gets better and better. Like, with Microsoft, after three times, Microsoft usually gets something done really well.
CA has gone through SiteMinder/SSO 3.5, 4.0, 5, 5.5, 6, 12, 12.51, 12.52, so you start getting into the game of semi-releases, for different reasons. There hadn't been much changes in SiteMinder significantly until the 12.5 series, so between 6 to 12, there wasn't that much change, and then 12.5, there's a bit more change.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: I used to work for the vendor.
Security Architect at a financial services firm with 10,001+ employees
It presents a standard pattern for people to secure their applications.
What is most valuable?
The most valuable feature is that it's a rock-solid enterprise solution. It's the de facto standard. It works. It does what we need it to do in those circumstances, and it does it at scale.
How has it helped my organization?
It presents a standard pattern for people to secure their applications. In that regard, along with the tooling that we've built around the product, but the product itself as well facilitates app teams being able to do their application development, and then let security be layered on in the front of that. Given that we are a bank and we have significant issues around strong authentication, etc., that means, we can take care of that. The app teams don't need to keep up to date with whatever is new and current. They can just keep deploying applications. We deal with the security.
What needs improvement?
I think our questions, from me and our team, relate potentially to other products in the CA portfolio. There are other things such as strong authentication, risk-based authentication, and especially API management, which all represent a portfolio that could be integrated. Our interest is knowing the roadmap for making those part of a more seamless offering. If you like, it's the aggregation of the features of all those products, and how they come together.
What do I think about the stability of the solution?
It's very stable. I don't know that we've ever had it go down on us. It's occasionally gone really slow, but I don't think we've ever had a complete and utter outage that was the result of the product.
What do I think about the scalability of the solution?
It scales. You have to pay attention to its dependencies on the rest of the ecosystem, and especially the directory. That's what's bitten us before; make sure that your directory is responsive, near, and is scaled appropriately for CA SSO.
How are customer service and technical support?
We use technical support. It's not the best feature of CA. Lots of enterprise product companies have variable support offerings. CA are not the worst, but they're not the best. They're okay.
Which solution did I use previously and why did I switch?
I wasn't necessarily involved in the decision to invest in a solution like CA SSO . I was brought on post that decision, but it can really be summarized as: The previous solution was a combination, a kind of hybrid, of a third-party vendor who we fell out with, and some home-produced stuff that was clearly not fit for purpose. There were commodity products out there that could do it, and SiteMinder, CA SSO as it is now known, was the best and most scalable one at the time. We have a large enterprise, so it was the obvious choice.
Which other solutions did I evaluate?
I believe the one that we had fallen out with, a big third-party vendor, was still on the list but for nontechnical reasons, they were not really considered. I think there were two other vendors in the frame.
It's difficult to name the most important criteria when selecting a vendor like CA. In our minds, CA is a product company and not so much of a solution company. I think they have aspirations to be a solution company. Delivery of a solution, working with us on the requirements is quite important; understanding our problem and our space. Price is actually quite an issue with us. The new, modern world, cost constraints, especially in the financial services sector; we're all looking to improve margins in a tough climate. Cost is an important issue as well.
What other advice do I have?
You definitely need to consider CA SSO but you need to be mindful of the new ways of developing applications, and possibly look at the CA API Gateway product or some hybrid solution as well. You definitely need to consider CA SSO.
It is quite solid. It's never really gone down. It's a well-understood and reliable piece of our enterprise. The only reason I didn't rate it higher is that it's becoming a little less appropriate for the more modern styles of web application development, which is why I am curious about CA API Gateway and leveraging that. I think that represents all the features that are missing from CA SSO.
Clearly, we can go and buy the new product set and I guess CA would love that, but there needs to be a story about how the two live next to each other. It seems like that story is worked on in the SSO world, and it's worked on in the Layer 7 world, in the API Gateway world. I don't know if it's being worked on as a consolidated whole; a solution. That brings me back to the point I made elsewhere about solutions vs products.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Architect at a aerospace/defense firm with 1,001-5,000 employees
Secure and standardized web access management provide a positive user experience. A lot of configuration is required.
What is most valuable?
It's flexible, powerful, and superperforming, I'd say. It performs very well on the road.
How has it helped my organization?
We can secure many access points, whether they are local apps, or on-premise, or in the clouds with third parties, with partners, or with customers. It manages user profiles and identities so we can secure and standardize our web access management.
What needs improvement?
The admin UI needs to be more stable. They should bundle more of the products and get rid of a lot of the small pieces which we need to configure on the top of the initial setup. Examples of this are the SM Console and the registry.
It should be easier to implement and deploy; and it should support more platforms, such as more operating systems.
What do I think about the stability of the solution?
It is much more stable than it was before. Now it is getting to be very stable, especially when you tweak it properly and follow CA best practices.
What do I think about the scalability of the solution?
It's very scalable. Right now we're on the 32-bit version. We need to add more servers and more capacity to handle the loads. I hope the next version will be even better than it is now.
How is customer service and technical support?
Technical support is above average. It used to be below average, but they improved a lot over the past year and a half.
Which other solutions did I evaluate?
- We needed to implement secure access. CA is a leader in this area, so we went naturally with the best. We also chose CA because of the way they interact with customers, pitch new features to us, ask us for feedback, and provide us with support.
- The product itself is easy to implement.
- The login is super-responsive so that there is no lag before you can access the system. This provides a positive user experience. It is flawless. I log in once to my portal, and that's it. CA Single Sign-On takes care of everything else.
What other advice do I have?
You need to know exactly what you need to do. So you need to know your use cases, your needs. Just go ahead, contact CA, and see what comes out of it. It's a great product, so just use it. Try it out.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of Project Management at a local government with 1,001-5,000 employees
It enables integrated access to our separate HR and time reporting systems using a single profile.
What is most valuable?
The biggest value for us is being able to use SSO as a service that we can expose to all of our customers. For all of our customers, the idea is to have a single sign on where one account is created to access all of our systems.
How has it helped my organization?
It really improved the speed to market from account creation through provisioning, and onboarding. That's really one of the biggest advantages. Also, as users move from system to system, their account access follows them through it; so you don't need to create new credentials every time. That's one of the biggest benefits for us.
For instance, we have our HR system and our time reporting system. Those are two separate systems, but integrated access is possible using a single profile. It's great. You log in once, and you get that seamless account integration.
What needs improvement?
I'm not sure that it needs to do any more than it already does. I think as a solution, SSO works pretty well out of the box today. Out-of-the-box integration with other products would be an improvement, like the API Gateway; how we use the SSO in the Cloud organization and Sandbox; those kind of things. I think that's solved in this kind of integrated solution. But it would be if that was supported out-of-the-box.
But I think it's good. We're not in any major problems right now, so things are good.
What do I think about the stability of the solution?
It has been very stable.
What do I think about the scalability of the solution?
We haven't had to scale really far out yet, but that's coming. We're probably going to double our usage in the next 12 months. That remains to be seen, but we don't really foresee any major problems there.
How is customer service and technical support?
Technical support has been great. We do rely on them quite a bit. The organization is small, so having the ability to reach out to some really qualified people on the team helps. They've stepped up and really helped us through some of our implementation problems early on; but we're all good now.
How was the initial setup?
Initial setup is pretty straightforward. There were no major problems there. Some of the use cases we are doing are a little complicated – that's where the nuance came in – but, from a high level, as a 'ready-to-go out-of-the-box' solution. It's been fun.
Which other solutions did I evaluate?
We looked at some of the Microsoft tools, ADFS and those pieces. We also looked at Azure and all those; but ultimately, we wanted something one per miss. We wanted it to be a service so that we could expand. We wanted to be able to scale up at our pace; and that's really where the SSO product fit right in.
What other advice do I have?
From our experience, start with a focus group first. Understand what the problem is, and what the needs are. Get those initial users in, and then focus on your long-term objective. If you have a very large set of people, you need to get into the system. Don't try to get them all at once. start small. Go to that business case, get the proof of concept. Take that pattern and evolve it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Symantec Siteminder Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Microsoft Entra ID
Okta Workforce Identity
Ping Identity Platform
IBM Security Verify Access
Red Hat Single Sign On
Akamai Identity Cloud
Buyer's Guide
Download our free Symantec Siteminder Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- CA SiteMinder vs IBM Tivoli Access Manager
- IBM Tivoli Access Manager vs CA SSO
- When evaluating Single Sign-On, what aspect do you think is the most important to look for?
- CA SiteMinder vs IBM Tivoli Access Manager
- How much time does SSO save?
- Why is SSO needed?
- What single sign-on platform do you recommend?
- Why is Single Sign-On (SSO) important for companies?
- IBM Tivoli Access Manager vs CA SSO