Symantec Siteminder Reviews

Security to protect digital assets is most valuable to us. For the financial industry, security is a high priority. SSO provides solid security, specifically authentication and protecting digital apps and applications. We can define what we protect.

Federation is valuable as well, using the same security across multiple channels like mobile, e-side and m-side, and web services for partners. We can cover all channels with one security solution.

It protects business assets and functionality. It enables the business to serve customers through multiple channels without asking the user to register multiple times. Register once and it serves multiple channels. It also helps our security and fraud teams to protect assets and lock compromised accounts. It allows all channels to go through the same rules.

We go by agents for authentication; anything relating to agent configuration could be improved, or even agentless security.

Also, reporting on analytics and the health of the system could be improved.

Very stable. It’s rock solid. As it is serving 100 million requests, it works.

It’s very scalable horizontally. We deploy multiple policy servers as we see load increase, and we do have 16 million users.

We have dedicated services, and they’re OK. Whenever we ask the questions, we get documentation and we do place calls. When we place calls, we do get good support. Theoretical questions or subject matter questions are usually answered with documentation and some back and forth. Overall they have been good.

It was already implemented, but we did migrate to a new data center. The experience was pretty good.

SSO architecture is different from other kinds of application development. Plan up front. Understand the tool, and understand how to configure the tool, which partially depends on LDAP, and how to configure agents to perform.

Understand how you want to protect which assets, and how you want to open asset protection to other channels because it will grow. People will be asking more and more. For us there is no other way when I’m serving that many customers – we have to be fully prepared and plan way ahead.

Our primary purpose for using it is to manage and control access to our web applications. We've extended the use somewhat to protect other environments in our shop where we need to authenticate users.

For example, we have a GemFire caching product, and we want to limit what data users can access within the GemFire environment. So we leverage SiteMinder and its policies within GemFire to authenticate the user and to authorize them based on what type of data they are accessing.

We also use it to federate identity with external clients and vendors. We use the federation component to federate identities between ourselves and outside third-parties.

We're moving to an API-based application development model with SiteMinder in that environment. It's important for us to be able to handle authentication and authorization issues when client-side mobile apps are calling to our services. We needed to handle the responses from those authentication problems better than the traditional SiteMinder SSO system did. 12.52 provides a really nice web-app customer response feature that allows us to customize responses back to the mobile app or the browser assignments.

We're really interested in the containerized version of CA SSO where the product will be delivered as a container image rather than the traditional binary.

We'd also like to see a more streamlined implementation update process.

Also, I think they need to improve their support a little bit better especially with experienced customers who are very knowledgeable in product. It's difficult when working on level higher than support.

We brought it in a little over 10 years ago. We're currently in production on 12.0, but we're right in the middle of our migration to 12.52.

We have a very carefully planned roll-out of these products. We won't go into production as long as we're having stability issues. I would say for 12.0, our experience was fairly elongated to get to the resolution of some issues, probably a couple of months. With 12.52, we've had a couple of issues, but we already have patches and work arounds for them, and so we think that things have improved.

In the past, whenever we migrated to a new version, there's been a little bit of stability issues at the beginning and I would say with 12.0 in particular we had some stability issues. But we believe 12.52 is a lot more stable, but that's yet to be seen.

It's a hit and miss thing, like all support organizations. For the most part, for simple problems they can get to a resolution fairly quickly. If the problem is a little more complicated, they really struggle with getting us a solution. We usually have to escalate the problem to our contact engineer. But then it depends on how important the problem is. If it's like a real critical problem affecting our production environment, we'll push a little harder. We'll call up our CA representative and try to escalate the problem.

I wasn't involved in this initial decision to bring it in, but I was brought onto the team fairly soon thereafter.

I think Oracle and IBM have similar products. For due diligence purposes, We occasionally take a look at other vendors and compare features, but so far we're happy with CA.

I would totally recommend this product, but I think CA has a really good handle on what the drivers are and where the business is going in terms of application development. They seem to be a good fit.

The most valuable features are security and ease-of-use.

Tokenization of the web applications is easy for application owners to integrate with the tool. On the back end the dev side, and the deployment cycle with web agents and policy creation are easy.

It's seamless with several hundred internal applications, which is a time and frustration-saving mechanism. It definitely gives a productivity increase with less time logging into things instead of logging in from application to application, while maintaining the security layer.

We’d like them to go back to the C version of the admin console. It was much smoother than the web-based version. Everything else is pretty good.

Very stable product. The only time we’ve had problems with it is deep behind SiteMinder, which feels the ramifications. The application we’re protecting usually has the issue, not the SiteMinder/SSO itself.

Very easy to scale. They have a good sizing guide it vertically scales very easily.

Once you get past the first level, it’s good support. Typically once you’ve supported the CA product for a couple of years, you probably know more than first-level support, so it’s frustrating to explain to them the issue.

It was already in production when I joined.

It’s definitely an industry leader in the web access realm. It’s easy to deploy and integrate.

You need to understand the overall design of your web infrastructure, and what do you want to protect – the entry point or the entry point and application server? Design questions, really. You need to decide whether you want fine-grain or course-grain authorization. For the CA solution, make a support matrix and understand other peripheral products in the environment.

It is a flexible platform.

Using this product makes it easier for enterprises to integrate a majority or even all their apps into one single solution for access. Its easy-to-use functionality is the most valuable part.

The primary benefit of this product is security. It improves the overall security posture of the organization.

Secondly, establishing such a platform helps in saving costs as different applications are not trying to build their own security solutions and spend more money there.

A simple feature that still does not exist but it should be implemented as soon as possible, is that if a user is accessing an internet app from the internet, then it should perform a desktop single sign-on. But, if the same application is accessed outside of the network, the users should be given a page login. I don't want customization to implement this behavior, since this should be a simple configuration within SSO functionality. This should detect whether you are accessing from inside/outside of the network and accordingly present the authentication. This feature does not exist today and it is something, that almost all our clients ask for.

This is a mature and stable product. It has been a leader in the market for around 10-15 years. I can't imagine another competing product out there.

This product is both stable and scalable. I've seen up to 5-6 million users.

One advice for all would be to build relationships with the CA technical support team.

It is important to utilize your account manager if you're a customer or your partner contact if you're a partner, as this is the best way to get more information from them. In my opinion, building these relationships makes the entire the experience better.

Some of our clients, at times, have thought of using different solutions. The main reason for that is sometimes they do not have skill to harness the capability of this product along with the features that it offers.

When the client approaches CA, it provides an answer that is more product-oriented, rather than solution-oriented, so there is a communication gap. When we are at the client's side, we bridge this gap and that's why our customers are more successful working with us and CA together, rather than working directly with CA.

I was involved in the initial setup process for some of our clients.

For SSO and its setup, the process was straightforward.

It is very important to educate yourself in regards to the capabilities of this product by interacting with CA or attending conferences like CA World as they give you an insight about all that the product has to offer.

Single Sign-On is a mature product and hence I would be confident in recommending it to our clients.

We primarily want to use the solution to implement our SSO, Single Sign-On solution.

The single sign-on is the solution's most valuable feature.

Since we're in the early stages of examining the solution, it's hard to predict what might be lacking.

We're currently unable to find information about if the solution can do a full implementation with SQL. Some better and more accessible documentation for new users or those curious about the product would be helpful.

We want to implement a simple application. Currently, from what we're finding, we're not sure if it would work the way we need it to.

The solution is quite new to us and I only really started looking at it about two or three weeks ago. We're in the testing phase.

We've never contacted technical support.

For a long time, we used SiteMinder, We're currently looking into what might be a better solution for SSO. That's why we're currently evaluating CA SSO. We'd been using the previous solution for two or three years but it hasn't been able to provide us with what we needed. Currently, we're trying to implement CA on servers for IPMP.

The initial setup seems straightforward, but we're curious about the aspect of SSO for SQL servers. We're also investigating from the net side to see what requirements are needed. We haven't implemented or deployed it yet.

We have our own in-house team that will handle the implementation.

I'm an implementor, so I help clients implement the solution for their companies.

We're still in the process of testing the solution. We're currently not providing services on it as we are still in the testing phase.

So far, with a simple implementation of the SSO, I'd rate the solution eight out of ten.

The best feature would be single sign-on across multiple applications for our customer-facing sites. We don't want our customers to have to enter their user ID and password multiple times. We have a suite of a dozen or so sites as well as about 200 external sites that we federate with. Single sign-on is important, and federation is important.

We have a standardized way of integrating with applications so the application owners don't have to handle authentication or security. We handle that for them, so we use the burden from other application owners.

It puts the expertise around authentication and security on our organization where it belongs. The company doesn't have to depend on each individual application to maintain their own security. This allows us to really maintain control over the security aspect of it.

It's also enabled a quicker time-to-market for new applications that have to handle user ID and password security.

A more modern management interface would be nice. The existing interface feels like it's about 10 years old.

It's been probably about 10 years since we integrated with it.

We've had no issues deploying it.

It's been stable for the last 4-5 years, though we had some significant issues early on. We had some performance-related issues that caused some outages. Outages actually happened pretty frequently back then. If one centralized authentication mechanism went down, all the applications that depend on it were also unavailable. We've gotten past that, so we're much more of a reliable, robust platform now.

We serve about 10 million users all over the country in the US. Scaling it is not a problem as we just add more servers at that point. The one good thing about SiteMinder is that to scale you basically just add more servers. You can piggyback, use the same basic architecture, and just add more.

We have support contracts with CA, but it's hit or miss. We have to have an escalation path with a direct red phone to senior management support because of the nature of our contracts. We had to utilize that frequently, rather than go through the lower-tier support. Our infrastructure is different enough than CA's reference infrastructure that we take a lot of time to bring somebody new up to speed. We have a direct line to people who really know our implementation pretty well, and have been working with us for a number of years, so it helps.

Some years ago we had some other vendors early on. But we've got a pretty well-established build out with CA right now, so if we have some significant new functionality in the future, we'll certainly look at other vendors too.

There's a lot of manual work that has to go through transferring a configuration from a lower environment to an upper environment production, so be prepared for that.

I think the most valuable features are handling user authentication and integration with the other applications within the suite, like Single Sign-On.

Multiple users with multiple applications can be authenticated in a single location.

I really can't answer this right now. We have so many other products that serve our needs. There are other vendors that satisfy some of our requirements, so I'm not exactly sure what CA would be able to provide us with.

For the most part, SSO is very stable. Since deployment, it's been very stable for us. We do very regular metrics on availability and we're in the high, high 90s, 99% I think, so it's a very stable, durable product.

I think there are some drawbacks to the scalability. At a recent conference, we heard that it's going to be a lot easier to scale for larger companies. That's going to be good in the future.

Sometimes technical support is slow to respond, and that’s typical. Normally, the first response is, "send us your logs", so they can review our environment. There are specific people assigned to our account, so they know what our environment is like, but they still want to have the log so they can look at it. Sometimes that slows the process of problem resolution.

This decision was made before my time. I came in when the decision was made to go with CA for identity management. Our company was going through a transition of ownership and all the decisions were made at the time. That was about 7 or 8 years ago.

I came 2 or 3 months after the initial setup, so I wasn't part of that. We had a third-party company help us with our development and deployment, so they pretty much took the ball and ran with it. I don't know how complex it was for them. When they presented it to us at deployment time, we were ready to go.

We were looking for anything that would have satisfied our requirements.

Make sure you know who your support staff is, who your vendor representatives are for your account and really get to know them. Give them the requirements that you need and make sure that they're following through. Build good rapport with them. That way they can help you determine what you need to do and feel free in giving different types of suggestions.

When selecting a vendor, we look for:

• responsiveness
• technical support of the product
• accessibility of the technical support teams
• product knowledge
• ability to train their customers on their product

With Single Sign-On, we don't have to do anything in our system.

After they deploy the application, everything works seamlessly. That's the main benefit that we get out of this product. For authentication purposes, we can keep security out of our applications, which is productive for us.

We can rapidly onboard different partners. We don't have to wait for months to do that. For this, we use the Federation feature from CA Single Sign-On, which helps us a lot.

There is a need to introduce more templates in the UI side and this would help design this aspect better. As of now, there are only a few samples available.

There is scope for improvement in this product.

It works fine. We did not find any stability issues. It is very rare to see something go wrong, so the application is quite stable.

However, we have noticed that when you update to the latest version, it can be unstable. Right now, we are in a stable environment.

You can scale it very easily. It works exactly the way the product has been documented. We can scale it well and we did not find any issues with it.

The technical support level is moderate. I would give it a 5/10 rating.

It depends both ways - we need immediate solutions however from their end, it takes time to get answers.

We required such a product, as we were using an old solution. That’s how we started using CA Single Sign-On with the CA SiteMinder.

The setup was not straightforward. I would give it a 7/10 rating - 1 being simple and 10 being complex. So, it was quite complex.

I would advise others to use this tool as it is robust and mostly it solves all the problems that arise in our industry.

We did consider other vendors. However, after we saw the demo for this product, we decided to purchase this product.

The factors we looked into before purchasing this product are the benefits of this product, how CA functions with other tools, costs, the level of support provided, upgrades and so on.