What is most valuable?
Ease of deployment: no need to keep up with physical devices for multi-factor authentication; no software to deploy on end-user computers requiring administrative rights.
The delivery of multi-factor authentication using a SaaS model keeps us from having to keep our servers/infrastructure updated. It also helped us roll out the service much faster than building it out ourselves.
How has it helped my organization?
My team migrated away from RSA SecurID hard tokens to the digital certificate-based authentication.
What needs improvement?
It would be nice to have some level of integration with a separate user store (i.e., Active Directory integration) such that the user name would stay the same across identity management platforms. I would like some level of integration with AD to avoid having two separate user stores. We only want one user store to maintain.
For how long have I used the solution?
We deployed it in October 2015; I have used it for approximately one year.
What do I think about the stability of the solution?
I have not encountered any stability issues.
What do I think about the scalability of the solution?
To date, I have not encountered any scalability issues.
How are customer service and technical support?
Technical support is very good. (I give it a 4 out of 5.)
Which solution did I use previously and why did I switch?
RSA SecurID: Our service was coming up to being “end of support” and we decided to switch platforms rather than paying to upgrade our platform.
How was the initial setup?
The support of the user interaction was the only issue. The only issue we had with the initial setup was configuring the certificate-based SAML integration between our SSL VPN service and the CA Advanced Authentication service. There was a minor issue that we were able to resolve in about 30 minutes of troubleshooting.
Other than that, the initial setup went very smooth. Getting users to self-enroll in the service was the next challenge but it was overcome with good communications to the field and the service desk where users would call in trouble tickets.
What's my experience with pricing, setup cost, and licensing?
The initial setup of the tenant is a big cost element of the service and we were doing multiple tenants for our customer. Given that structure, the costs for building additional tenants seemed exorbitant given that the business rules and portal setup work effort was very easy after the initial setup. CA should price additional tenants much less than the first tenant for a single customer.
Which other solutions did I evaluate?
Before choosing this product, we evaluated Gemalto soft token-based, two-factor authentication.
What other advice do I have?
Make sure you understand the up-front costs and the ongoing cost structure. Users are billed when they are built into the portal, so also make sure your users enroll right away.
Disclosure: My company has a business relationship with this vendor other than being a customer: My company uses CA tools internally as well as in a resale model.
Jan 16 2017