Symantec Siteminder Reviews

Single sign-on allows you to log into multiple areas and sessions with just one user login. SiteMinder uses a cookie to pass the credentials along to different applications, and it’s encrypted. You can determine how long the session will last before users have to log in again. And if you have NTFS capability, it just automatically logs in again for them, using a firewall to protect LDAP.

We use it for our tier-1 applications through GLBA and SOX. It helps with compliance because we can make sure who a user is, log-in information, etc.

It’s never been an out-of-box solution except for IIS, which installs web servers for you. Basically, you do a bit of configuration, and the client on the other end is heavier use. That’s the beauty of SiteMinder -- you can do anything with it.

It’s really difficult to initially configure, but once you know where the traps are, it’s not a big deal. It’s done everything we’ve needed it to do.

It could use better air handling -- if your policy doesn’t work, you just get some dots instead of real information without looking at the logs. It would be nice to find the info without hunting in the logs.

Once every one to two years, the service will freeze, but if you have redundancy, all you have to do is restart. If you have redundancy, it’s not a big deal. The way it works, is that it does a round robin so that if one server goes down the other three handle the traffic.

Very scalable. You just have to have a central database where all servers hook up to the policy store, and all servers can use the database without a problem. You can then add as many servers as you want.

We’ve been using it since they were Netegrity, who had amazing an KB. But unless you’re standing up a new application, you don’t need it. We only get tech support involved when we have a new application.

I’ve been running SiteMinder since v4, the first time I had to learn everything. It’s easy to export the policy to the policy store, which is your most valuable thing. It’s on v12 now, and I haven’t had to update for two years. We’re no longer handling the server admin, that’s another team, but we’re handling all the policy configurations. We can take that and go from version to version with no problem.

As far as software goes, it’s as close to the energizer bunny as it gets. Every now and again, service will freeze, but other than that it just goes.

It depends on whether you can log in directly to your LDAP and manage it, because that would be easier. If you need the ability for just logging without buying an application and want good security, it’s an awesome solution.

Most people use it as an external firewall, but all our firewalls are internal, so this is a good back stop.

It provides us with authentications, authorizations, and basically providing the client with better secure services.

We can differentiate between the good logins with a genuine user and unauthorized ones.

It’s easy, versatile, and functionality-wise, it’s very user-friendly as well.

With SSO, we’ve been able to better serve our clients, and wherever these authentications are required we can effectively manage the authentications. The bottom line is that if the clients are happy with the SSO solutions we’re providing, we’re doing a great job and the product has been helpful.

I would say advanced authentication, but they have another product for that. SSO could be merged with automatic authentication, so if I want to use those services I could depending on our requirements, rather than having two different products installed.

Like every other product there are things that need improvement, but it has been pretty stable. From a job perspective, it does what it is designated to do. Sometimes there are issues with non-sequential navigation, but when there’s an issue we get a fix for it. There are no issues with the core functions.

We are applying the solution to a lot of the platforms we are planning for, and we’re pretty confident and positive that it will be the best solution for us.

It’s good. Sometimes you have to wait for the right resources to come up and follow the escalation chain, but they’ve always been very responsible. I would like to get answers right away in most of the cases, not being sent offshore to have some analysis done. But I’ve seen that improvement in the past year – the customer service has improved.

It was already in production when I joined.

We installed one version and there is a bug in it; from a customer perspective I would want that particular issue to be fixed rather than getting an answer that the bug will be fixed in the next version.

It doesn’t mean we’re not trying to address it from our side, but with clients on it, it does take time and we’ve got to keep in mind all of the consequences. If they could have those exact solutions for a particular issue that would be great.

You should understand their requirements before they select a solution. Then you need to verify that you have the correct infrastructure, resources, and that your applications are compatible with the SiteMinder solution.

The most valuable feature is that it enables us to integrate multiple applications and give our users a true single sign-on experience when they go from one app to another app. From the user experience point of view, it definitely adds value to the company.

It's one of the leading products in the market today. Everybody likes it.

It definitely reduces the amount of time the user needs to access each application. They don't need to go through the login process to access individual apps. CA SSO does help us provide our users with a single sign-on experience.

We are definitely looking forward to versions 12.6 and higher because they are based on a 64-bit framework. We are looking forward to leveraging this to get better performance out of the product.

We have been using CA SSO for more than ten years and we don’t see any issues in terms of stability. It is a good product.

We do leverage technical support for any questions about new features; or if there are bugs in existing functionality, we benefit from their help with the fixes.

I wasn’t really involved with the initial setup. Most of it we basically do ourselves with the tools and the documentation that CA provides.

We have two business units: wireless and wireline. Wireline was already using Single Sign-On, so that's why we decided to stay with the same product on the wireless side.

CA SSO is a good product with a lot of features. CA is continuously evolving that product by adding new features. It will definitely help any company achieve their single sign on goal.

When we select a vendor, our most important criteria are the number of features they provide, how those features fit into our ecosystem, and the amount of time users spend to do what they want to do.

It provides single sign on for our company’s intranet. With that, when you log in, you don't need to enter your name and a password. It provides simple, secure access to company's intranet sites.

It was not stable when I got there. The more recent versions have been stable.

They have some strong performers, and then there are some other guys that we get and find that we need to ask for the case to be reassigned. My staff is pretty highly experienced, so they really need to work with the stronger support staff.

If someone came to me for advice, I would ask them specific questions about exactly what they need to secure on the internet, and how much of it they need because I think that one drawback to this product is that it's too big. It's too much of a beast. A lot of times, small to mid-sized companies really just need smaller bits and pieces that are available from other vendors, rather than tackling this whole beast. One thing that other vendors might do better is doing more with less with less cumbersome installation.

The most important criteria when choosing a vendor is the product's stability, so we consider overall impressions of the product’s standing in the market. Does it have good reputation for being stable? Is their company, overall, stable? We also look for ease of use of the product.

The best feature would be single sign-on across multiple applications for our customer-facing sites. We don't want our customers to have to enter their user ID and password multiple times. We have a suite of a dozen or so sites as well as about 200 external sites that we federate with. Single sign-on is important, and federation is important.

We have a standardized way of integrating with applications so the application owners don't have to handle authentication or security. We handle that for them, so we use the burden from other application owners.

It puts the expertise around authentication and security on our organization where it belongs. The company doesn't have to depend on each individual application to maintain their own security. This allows us to really maintain control over the security aspect of it.

It's also enabled a quicker time-to-market for new applications that have to handle user ID and password security.

A more modern management interface would be nice. The existing interface feels like it's about 10 years old.

It's been probably about 10 years since we integrated with it.

We've had no issues deploying it.

It's been stable for the last 4-5 years, though we had some significant issues early on. We had some performance-related issues that caused some outages. Outages actually happened pretty frequently back then. If one centralized authentication mechanism went down, all the applications that depend on it were also unavailable. We've gotten past that, so we're much more of a reliable, robust platform now.

We serve about 10 million users all over the country in the US. Scaling it is not a problem as we just add more servers at that point. The one good thing about SiteMinder is that to scale you basically just add more servers. You can piggyback, use the same basic architecture, and just add more.

We have support contracts with CA, but it's hit or miss. We have to have an escalation path with a direct red phone to senior management support because of the nature of our contracts. We had to utilize that frequently, rather than go through the lower-tier support. Our infrastructure is different enough than CA's reference infrastructure that we take a lot of time to bring somebody new up to speed. We have a direct line to people who really know our implementation pretty well, and have been working with us for a number of years, so it helps.

Some years ago we had some other vendors early on. But we've got a pretty well-established build out with CA right now, so if we have some significant new functionality in the future, we'll certainly look at other vendors too.

There's a lot of manual work that has to go through transferring a configuration from a lower environment to an upper environment production, so be prepared for that.

Customer was looking for initially an automated self user registration through a secure channel. Apparently it looks like a very easy going requirements but if you look in the detail they want to authenticate before registration process. A user came to create an Identity and customer wants to authenticate and securly takes the same data. 

Another issue was localization and reporting 

If I describe what actually happened, a little bit of the business case, that will help you to understand what it was like. The customer is the kind of customer that really doesn't want to share anything. When a person joins that organization, he has to pass through a couple of security levels, the scrutiny, before the ID is given to him. They used to use a manual process. Whenever a person joined the organization, they used to take his details; they used to write on a piece of paper; then this paper used to go to one of the departments; then it goes to another department; and so on. It wasn’t just a matter of going from one building to another; it was going from region to region.

Finally, this paper goes through a couple of scrutiny procedures. Then, it used to come back to the IT department, and finally, they do their security check and they create the ID and give it to them in an envelope. That was a kind of long procedure that sometimes took 2-4 months to create the ID; just an ID for a person. It was a challenge for the customer for the last 20 years.

We were doing that project and during that project, we found that the project owner wasn’t trusted. The project sponsor wasn’t trusted to just change this overall but they had this security constraint. What they actually wanted was that when they create the ID, they want this person to be authenticated. Generally, this is not the case in any organization, that somebody joins an office and he doesn't have any ID. So, how are you going to authenticate it?

What happened was that what we've been told, “Will you guys do this? Authenticate through a national database? We want, when a person is going to join us and he will request an ID, he should be authenticated through a biometric and that fingerprint will take him to the national database, where he will check in and it will come back to their IDP, their identity provider. They have it internally, and then, we will pass it through our system.”

Now, this was a challenge because in CA Identity Management, when you have a self-user registration page, this page was open so anybody could go and open it. We needed to protect that page, and on top of that, this information had to be protected to a third party. What we did is, we brought a couple of products in the middle of it: CA Federation, CA Single Sign-On, and CA Identity Management.

What happened when the user got authenticated with his fingerprint, it comes to the IDP, we have federation through CA Federation and then, once it passes through it, we have CA SSO, which is protecting the identity management page. Once it gets past this information, it comes to the self-user registration page, but here's another challenge: You've been authenticated but now you have a page which is open. I can authenticate myself and put someone else through the system. That could be a possibility, so we had a problem.

What we did is, we just pulled the data out from the third-party, national database and brought them to the CA identity page, to the self-user registration page, and all his names, IDs, and phone numbers, come in automatically. Then, it goes through several approval processes. Finally, the ID is transmitted over his mobile number that is in the national database.

That kind of work we have done. There are other challenges, as well.

The most valuable feature is that it meets the requirements of the customer. You have a lot of features in the product. Every product has them, but the question is, are these products going to meet the requirement of the customer? Because, if you meet the requirements of the customer, then it's way too easy to get inside the customer. We met the requirements of the customer and that's why I believe that this product has value.

I think the future release is, if you ask me, I think they have done a lot in the new release, especially the front end. The front end was not as good. CA did a good job in doing it, especially when I look at the new identity suite. They have done a good job in changing the overall look and feel. This is actually what the customer was looking for. The look and feel was not good in the earlier product. It's a journey, so we just completed one of the requirements for the customer.

CA has reporting at the moment. With the reporting, every particular segmented product has a reporting engine. I would like to see centralized reporting for all of them together. If an enterprise customer has all of these three or four modules for security, he will get consolidated reporting.

A problem we had with the customer was, at the moment, we were asked, “Are you able to integrate these products together?” Were we able to get the requirement done for the customer, as a business requirement? The reporting side we were unable to do it out-of-the-box. If CA consolidates the reporting for all three together, it may be easier. I'm not sure, but it may be easier.

No at all.

We are changing the architecture to scale it.

Customer Service:

An eight out of 10.

Technical Support:

A seven out of 10

No.

It's one of most complex requirements as explained earlier.

CA Partner implemented it

Time value and money.

CA solutions.. Are generally expensive but for the customer the ROI is big.

Yes

When you are looking for a security solution, products are there in the market, but you really don't want to go for a product that looks very beautiful from the front but has very bad stuff in the back end. One good thing is that CA has, I believe, that is has an edge. It allows me do a lot of what the customer is looking for, beyond the customer; beyond the product boundaries. They are certain things that we would not be able to do if this CA solution didn’t have this flexibility, and it's highly secure. It is a highly reliable solution to work with.

We implemented the solution almost a year and a half ago and up until now, there has been no downtime. It is reliable; it is good; it is open for customization; it is open for integration.

From my experience working with CA for almost 13 years, it’s a company. I'm not saying it’s specific to a solution. I'm talking about CA in general. It's a company with a solution and the company with the right solutions.

I have explained the journey of how these solutions (not specifically CA SSO only, but their entire security suite, including Federated Identity Management) met the requirements:

• The customer was looking to have a self registration and password reset portal for their organization but they don't want to leave this portal open and accessible to everyone without been authenticated. This was only challenge, which I have mentioned it.
• Second solution, open for customization for security from different datasources.
• Thirdly, localization of this solution. Eventually, if these solutions have only listed features and it works only what they present. For sure, we wouldn't be able to achieve it.

There are critics and these critics help CA to build their good solutions.

Extraordinary product; extraordinary flexibility to explore and meet the requirements of the customer.

The security and single sign-on (SSO) features are the most valuable.

It's one login. You log in once and you can access all of the applications that have been integrated into SSO. That's the main advantage that we have seen in the organization.

I would like to see more usability; more customer usability.

Stability is good. The security by CA is good. It's a great company. In England, CA is very good.

Scalability is also good.

We always use technical support when using these solutions. It's okay, with response time, for example. If you have any issues, you open a ticket to support and there are some very good support technicians. I know most of them. However, I do know quite a few of them that are not that knowledgeable. That's where the frustration comes in, when you really need an answer. When the ticket is assigned to that tech, you cannot be switched and start over. That's the only thing I faced. Other than that, if it goes to the right tech that knows the product, boom!

With the initial setup, there was some complexity and some straightforward things.

Cost is the most important criteria when selecting a vendor.

I think the most valuable features are handling user authentication and integration with the other applications within the suite, like Single Sign-On.

Multiple users with multiple applications can be authenticated in a single location.

I really can't answer this right now. We have so many other products that serve our needs. There are other vendors that satisfy some of our requirements, so I'm not exactly sure what CA would be able to provide us with.

For the most part, SSO is very stable. Since deployment, it's been very stable for us. We do very regular metrics on availability and we're in the high, high 90s, 99% I think, so it's a very stable, durable product.

I think there are some drawbacks to the scalability. At a recent conference, we heard that it's going to be a lot easier to scale for larger companies. That's going to be good in the future.

Sometimes technical support is slow to respond, and that’s typical. Normally, the first response is, "send us your logs", so they can review our environment. There are specific people assigned to our account, so they know what our environment is like, but they still want to have the log so they can look at it. Sometimes that slows the process of problem resolution.

This decision was made before my time. I came in when the decision was made to go with CA for identity management. Our company was going through a transition of ownership and all the decisions were made at the time. That was about 7 or 8 years ago.

I came 2 or 3 months after the initial setup, so I wasn't part of that. We had a third-party company help us with our development and deployment, so they pretty much took the ball and ran with it. I don't know how complex it was for them. When they presented it to us at deployment time, we were ready to go.

We were looking for anything that would have satisfied our requirements.

Make sure you know who your support staff is, who your vendor representatives are for your account and really get to know them. Give them the requirements that you need and make sure that they're following through. Build good rapport with them. That way they can help you determine what you need to do and feel free in giving different types of suggestions.

When selecting a vendor, we look for:

• responsiveness
• technical support of the product
• accessibility of the technical support teams
• product knowledge
• ability to train their customers on their product