Symantec Siteminder Reviews

• Simplified federation
• Integrated Windows Authentication (IWA)

Our customer had two requirements:

• Authentication without any challenges
• Access to the partner's application without any additional login required

The first requirement got covered by IWA. The second requirement was covered by simplified federation.

IWA is an out-of-the-box feature. The SAML-based federation is standard for all tools. However, CA Single Sign-On has made the federation configuration way too simple and handy to set up and use.

Updates as on 09/21/2017

CA SSO is helping us a lot in providing the access solution to the customers. The enhanced features in the Simplified federation and the support for a number of different User store types allow us to support almost anything that customer needs. Very pleased with the new Reporting tool from CA that has ut of the bx integration capabilities with CA SSO and is an excellent tool for simplified and useful reports.

My customer is able to get seamless authentication done using IWA and straight access to the partner's application without any further authentication.

Reporting an auditing was one of the most needed requirements that was fulfilled very easily by CA SSO.

The upgrade/migration process can be simplified further.

If the reporting feature can be integrated into SSO itself that will be an icing on the cake.

I have used this solution for almost eight years.

Not until now form CA SSO side. Only one time we had to deviate from requirement because CA SSO does not support Oauth as a token provider and need additional tools to achieve this.

We have never experienced any stability issues.

Up until now, there were no scalability issues. We are able to manage around 25K users without any issues.

Good customer service for the support and comfort to the customer.

The technical support team is not very proactive. CA can improve in this area. I would give them a rating of 5/10.

This is the first solution that we have tried.

The initial setup was very easy and straightforward.

In house implementation

It is a good return on investment and we are able to deliver SSO as a service.

The price is quite comparable to the other enterprise-level solutions in that market. Since it has a user-based license, one should plan in advance regarding the scope in scalability.

We looked at similar solutions from Oracle and IBM. However, CA was much better, in terms of its user-friendly nature and the cost.

The major focus should be on planning, design, scope, and scalability. The rest is a piece of cake.

The most valuable feature is that it enables us to integrate multiple applications and give our users a true single sign-on experience when they go from one app to another app. From the user experience point of view, it definitely adds value to the company.

It's one of the leading products in the market today. Everybody likes it.

It definitely reduces the amount of time the user needs to access each application. They don't need to go through the login process to access individual apps. CA SSO does help us provide our users with a single sign-on experience.

We are definitely looking forward to versions 12.6 and higher because they are based on a 64-bit framework. We are looking forward to leveraging this to get better performance out of the product.

We have been using CA SSO for more than ten years and we don’t see any issues in terms of stability. It is a good product.

We do leverage technical support for any questions about new features; or if there are bugs in existing functionality, we benefit from their help with the fixes.

I wasn’t really involved with the initial setup. Most of it we basically do ourselves with the tools and the documentation that CA provides.

We have two business units: wireless and wireline. Wireline was already using Single Sign-On, so that's why we decided to stay with the same product on the wireless side.

CA SSO is a good product with a lot of features. CA is continuously evolving that product by adding new features. It will definitely help any company achieve their single sign on goal.

When we select a vendor, our most important criteria are the number of features they provide, how those features fit into our ecosystem, and the amount of time users spend to do what they want to do.

The most valuable feature is that it's a rock-solid enterprise solution. It's the de facto standard. It works. It does what we need it to do in those circumstances, and it does it at scale.

It presents a standard pattern for people to secure their applications. In that regard, along with the tooling that we've built around the product, but the product itself as well facilitates app teams being able to do their application development, and then let security be layered on in the front of that. Given that we are a bank and we have significant issues around strong authentication, etc., that means, we can take care of that. The app teams don't need to keep up to date with whatever is new and current. They can just keep deploying applications. We deal with the security.

I think our questions, from me and our team, relate potentially to other products in the CA portfolio. There are other things such as strong authentication, risk-based authentication, and especially API management, which all represent a portfolio that could be integrated. Our interest is knowing the roadmap for making those part of a more seamless offering. If you like, it's the aggregation of the features of all those products, and how they come together.

It's very stable. I don't know that we've ever had it go down on us. It's occasionally gone really slow, but I don't think we've ever had a complete and utter outage that was the result of the product.

It scales. You have to pay attention to its dependencies on the rest of the ecosystem, and especially the directory. That's what's bitten us before; make sure that your directory is responsive, near, and is scaled appropriately for CA SSO.

We use technical support. It's not the best feature of CA. Lots of enterprise product companies have variable support offerings. CA are not the worst, but they're not the best. They're okay.

I wasn't necessarily involved in the decision to invest in a solution like CA SSO . I was brought on post that decision, but it can really be summarized as: The previous solution was a combination, a kind of hybrid, of a third-party vendor who we fell out with, and some home-produced stuff that was clearly not fit for purpose. There were commodity products out there that could do it, and SiteMinder, CA SSO as it is now known, was the best and most scalable one at the time. We have a large enterprise, so it was the obvious choice.

I believe the one that we had fallen out with, a big third-party vendor, was still on the list but for nontechnical reasons, they were not really considered. I think there were two other vendors in the frame.

It's difficult to name the most important criteria when selecting a vendor like CA. In our minds, CA is a product company and not so much of a solution company. I think they have aspirations to be a solution company. Delivery of a solution, working with us on the requirements is quite important; understanding our problem and our space. Price is actually quite an issue with us. The new, modern world, cost constraints, especially in the financial services sector; we're all looking to improve margins in a tough climate. Cost is an important issue as well.

You definitely need to consider CA SSO but you need to be mindful of the new ways of developing applications, and possibly look at the CA API Gateway product or some hybrid solution as well. You definitely need to consider CA SSO.

It is quite solid. It's never really gone down. It's a well-understood and reliable piece of our enterprise. The only reason I didn't rate it higher is that it's becoming a little less appropriate for the more modern styles of web application development, which is why I am curious about CA API Gateway and leveraging that. I think that represents all the features that are missing from CA SSO.

Clearly, we can go and buy the new product set and I guess CA would love that, but there needs to be a story about how the two live next to each other. It seems like that story is worked on in the SSO world, and it's worked on in the Layer 7 world, in the API Gateway world. I don't know if it's being worked on as a consolidated whole; a solution. That brings me back to the point I made elsewhere about solutions vs products.

The biggest value for us is being able to use SSO as a service that we can expose to all of our customers. For all of our customers, the idea is to have a single sign on where one account is created to access all of our systems.

It really improved the speed to market from account creation through provisioning, and onboarding. That's really one of the biggest advantages. Also, as users move from system to system, their account access follows them through it; so you don't need to create new credentials every time. That's one of the biggest benefits for us.

For instance, we have our HR system and our time reporting system. Those are two separate systems, but integrated access is possible using a single profile. It's great. You log in once, and you get that seamless account integration.

I'm not sure that it needs to do any more than it already does. I think as a solution, SSO works pretty well out of the box today. Out-of-the-box integration with other products would be an improvement, like the API Gateway; how we use the SSO in the Cloud organization and Sandbox; those kind of things. I think that's solved in this kind of integrated solution. But it would be if that was supported out-of-the-box.

But I think it's good. We're not in any major problems right now, so things are good.

It has been very stable.

We haven't had to scale really far out yet, but that's coming. We're probably going to double our usage in the next 12 months. That remains to be seen, but we don't really foresee any major problems there.

Technical support has been great. We do rely on them quite a bit. The organization is small, so having the ability to reach out to some really qualified people on the team helps. They've stepped up and really helped us through some of our implementation problems early on; but we're all good now.

Initial setup is pretty straightforward. There were no major problems there. Some of the use cases we are doing are a little complicated – that's where the nuance came in – but, from a high level, as a 'ready-to-go out-of-the-box' solution. It's been fun.

We looked at some of the Microsoft tools, ADFS and those pieces. We also looked at Azure and all those; but ultimately, we wanted something one per miss. We wanted it to be a service so that we could expand. We wanted to be able to scale up at our pace; and that's really where the SSO product fit right in.

From our experience, start with a focus group first. Understand what the problem is, and what the needs are. Get those initial users in, and then focus on your long-term objective. If you have a very large set of people, you need to get into the system. Don't try to get them all at once. start small. Go to that business case, get the proof of concept. Take that pattern and evolve it.

The ability to easily manage user accounts is great.

Segregation duties is another great benefit. It has allowed us to automate the process of creating user accounts really well.

I can't think of any additional features I'd like to see, as it does everything we need.

We've been using it for around two years.

It’s been very stable so far and hasn't gone down at all.

It’s scaled up as far as we've needed so far. We're a midsize customer with about 2000 users, and it's been totally fine.

They get us answers, but often they’re too slow. It could take us as long as two weeks to get the answers we need. While sometimes it's quick, it has often been slower than ideal.

We’ve always been using this, and beforehand we used a homegrown solution. We switched because it had insufficient automation and our homegrown solution was just too inflexible.

I wasn't involved in the initial setup.

I always look for quality of services. CA have been OK so far, but not a slam dunk. We had one problem where they took forever to get back with us, but they eventually solved the problem fast.

My company also looked at IBM and Oracle, and I don't know why they chose CA.

Check how many endpoint systems it supports. We chose this because of the amount of endpoints, you can automate the creation of endpoint systems, and it has the ability to create custom connectors. It supports the connectors out of the box and this is faster and easier than doing it yourself.

We use Siteminder to protect our portal site subscribers. In our case, this refers to people who have dental insurance.

We're a dental insurance company and we've got millions of subscribers.

We have thousands of dentists. We have millions of subscribers who use our dental insurance. There are a couple hundred thousand providers (dentists) in the network. 

SSO affords us the opportunity to have a federated connection between our members, groups, and companies. 

We have a trusting partnership with everyone involved. This solution helps us in that aspect. In summary, it protects our applications, relating to benefits and eligibility, etc. 

It gives providers (or dentists, in our case) the ability to transpose across the different Delta Dentals without having to authenticate more than once. With Siteminder, We don't have to log into every site with a different user name and password — It's one identity for all sites.

Some of the new protocols, like OAuth 2.0, could be improved.

It would be nice to see a better cloud-based solution that's both easy and accessible for all organizations.

I have been using Siteminder since 2011.

Symantec Siteminder Is both scalable and stable. If you need to add more groups of members, it's just a matter of adding another web agent. It's very scalable.

I work with the technical support guys all of the time. They are excellent. 

Since I've been doing it for years, it's hard for me to say it was complex. You have to set up the realms, domains, ACOs, access control, configure the objects, and set up the databases. Speaking as a technical person, I think it could be a little more simplistic, but on a technical level, it's about even with the other solutions available.

Symantec Siteminder is expensive; they could definitely do better on the price.

If you're thinking about implementing this solution, make sure you have the proper infrastructure. Also, try to negotiate the cost.

On a scale from one to ten, I would give Symantec Siteminder a rating of eight. If they fixed some of the issues I mentioned, I would give them a higher rating. There's a lot of players out there that are only doing half of what Siteminder does, but they do it with the more advanced protocols.

It's flexible, powerful, and superperforming, I'd say. It performs very well on the road.

We can secure many access points, whether they are local apps, or on-premise, or in the clouds with third parties, with partners, or with customers. It manages user profiles and identities so we can secure and standardize our web access management.

The admin UI needs to be more stable. They should bundle more of the products and get rid of a lot of the small pieces which we need to configure on the top of the initial setup. Examples of this are the SM Console and the registry.

It should be easier to implement and deploy; and it should support more platforms, such as more operating systems.

It is much more stable than it was before. Now it is getting to be very stable, especially when you tweak it properly and follow CA best practices.

It's very scalable. Right now we're on the 32-bit version. We need to add more servers and more capacity to handle the loads. I hope the next version will be even better than it is now.

Technical support is above average. It used to be below average, but they improved a lot over the past year and a half.

• We needed to implement secure access. CA is a leader in this area, so we went naturally with the best. We also chose CA because of the way they interact with customers, pitch new features to us, ask us for feedback, and provide us with support.
• The product itself is easy to implement.
• The login is super-responsive so that there is no lag before you can access the system. This provides a positive user experience. It is flawless. I log in once to my portal, and that's it. CA Single Sign-On takes care of everything else.

You need to know exactly what you need to do. So you need to know your use cases, your needs. Just go ahead, contact CA, and see what comes out of it. It's a great product, so just use it. Try it out.

The most valuable feature is that it allows a user the ability use the same credentials for different secured parts of a website. From a user-experience perspective, that's important because you don't want to have to remember or write down several sets of credentials. When a user comes into our website, they just want to go about their business, not spend half and hour trying to figure out how to log in.

SSO has been able to bring together many different pieces for authentications -- directories, databases, networks, etc. It's able to, for example, authenticate against ten different directories to give people just one set of credentials.

It seems that when there's a new version, patch, or service pack, we find bugs. There have been times where we've had to revert versions because of bugs. It has gotten better, however, and we used to have a lot more issues. There is still a lot of room for improvement in this area.

We've had no issues with deployment.

The stability issues we've experienced have some with new versions, patches, and service packs.

We have it built way above what we need. We have more servers than we need so that we're not impacted if one goes down. We've built in redundancies as well so that there's no single point of failure. We have a highly available system.

Technical support has gotten a lot better. We have a pretty complex environment and we used to have to explain it every time we opened a support ticket. Now the support engineers know our environment.

I'm actually impressed with technical support now because we have many different pieces to our SSO environment with lots of custom modules. They have their resources and can get back to us with answers.

It was initially complex because we had many directories. Upgrades, however, are simple. But there's no way to downgrade. You have to uninstall and reinstall the previous version.

My advice would be to set up several environments, including a sandbox where you can test upgrades and products without impacting users. Then have a dev environment for some users to test.