CA Identity Manager (CA IAM) Review

While IDM has the capability to delegate, the process is not intuitive.


Valuable Features

The most valuable features of this product are the following:

  1. Policy Xpress
    Allows for the ability to build policies triggered off of events in a codeless manner.
  2. Separation of Duty (SOD) policies
    Gives the ability to create roles and/or policies with a criteria for removal or addition of a role, policy, or an entitlement based on the user’s title as an example.
  3. Connectors
    IDM has a rich set of connectors that covers traditional on premise, SAAS related, or custom resources. IDM provides the ability to create a custom connector through its Connector Xpress module. The module itself allows one to build a connector to any resource that is either LDAP or database driven. Once again this process involves no coding for the task.

Improvements to My Organization

I'm an integrator, and as a result I deploy solutions in behalf of an organization. IDM improves the organizations ability to govern the life cycle of an end user. The life cycle starts with the on-boarding of an individual to the organization, whether it’s a contractor, consultant, employee (full or part time), or a partner. The life cycle ends with the departure of the individual from the organization. Everything in between is about managing the user's access, permissions, profile, and evolution from an identity stand point. We (Mycroft) advise and implement the necessary user cases that drives the successful central management of identities for an organization. Plain and simple, IDM provides the automation that allows the IT and respective business department(s) to focus in on other pressing needs while IDM standardizes the identity practice.

Room for Improvement

The areas of this product which requires improvement are as follows:

  1. The User Interface (UI)
    The User Interface has been improving over time and there are products such as IDMLogic Sigma that improves upon the user UI experience.
  2. Its delegation model
    While IDM has the capability to delegate, the delegation process is not intuitive or forthcoming to the clients. The delegation model is present but it’s not a straight forward model to design against.

These two areas are the ones that stand out, as I probably developed a tolerance over the years for any other if others do exist.

Use of Solution

Eight years.

Deployment Issues

Yes, but deployment issues are hardly product installations, but rather retro-fitting the installation to the core principals of the organization. Anyone can install the product within a 20 minute window in an ideal scenario. Each organization has environmental complexities and business policies that at times causes issues with the deployment.

Stability Issues

No issues with stability.

Scalability Issues

No issues with scalability. Typically deployments are done with an assumption that an organization will grow by a certain percentage in the foreseeable future. As a result the architecture will adhere to the growth plans accordingly.

Customer Service and Technical Support

Technical support has drastically improved over the years, as a result I would rate them at 7.5 and climbing.

Previous Solutions

While I implement solutions for organizations, I witness switches for the following reasons:

  • Staff are no longer knowledgeable on the solution as a result of staff turnover over time
  • Product configuration has not been maintained to support needs of the business over time
  • Vendor Support and direction
  • Cost model
  • The direction of the organization and its relationship with other vendors

Initial Setup

In my experience, the posture of the setup has a direct correlation to the use case mapped to the feature set and functionality. There are numerous ways to implement a solution, but the level of complexity stems from the ability to simplify the requirements and work with the business on compromises. All organizations have security and business policies that they mandate by or govern towards. As a result, the initial setup or configuration is a direct by-product of how the use case is socialized into the product. At times, some business processes should not be subjected to IDM at all. unless there are compromises to how the business flow is managed. Understanding this basic idea and product limitations go hand in hand.

ROI

The ROI on CA IDM is a result of the following 3 areas:

  1. Employee productivity
    Faster onboarding process and provisioning. The ability for end user to perform self-service password resets and utilize an access requests system.
  2. IT cost savings
    The ability to focus less on traditional cost areas around password resets, user on-boarding, and essentially the whole user life cycle allows IT to spend on other technical areas wisely. Cost savings to IT is not only how to save but also how to re-purpose the funds to other needed areas.
  3. Cost avoidance.
    Potentially recovering from security breaches or violations and the cost to recover from them. Centralized management introduces efficiency that leads to shared resources not redundant work throughout an organization.
Disclosure: My company has a business relationship with this vendor other than being a customer: strategic partner
Add a Comment
Guest

Sign Up with Email