The best feature would be single sign-on across multiple applications for our customer-facing sites. We don't want our customers to have to enter their user ID and password multiple times. We have a suite of a dozen or so sites as well as about 200 external sites that we federate with. Single sign-on is important, and federation is important.
We have a standardized way of integrating with applications so the application owners don't have to handle authentication or security. We handle that for them, so we use the burden from other application owners.
Improvements to My Organization
It puts the expertise around authentication and security on our organization where it belongs. The company doesn't have to depend on each individual application to maintain their own security. This allows us to really maintain control over the security aspect of it.
It's also enabled a quicker time-to-market for new applications that have to handle user ID and password security.
Room for Improvement
A more modern management interface would be nice. The existing interface feels like it's about 10 years old.
Use of Solution
It's been probably about 10 years since we integrated with it.
We've had no issues deploying it.
It's been stable for the last 4-5 years, though we had some significant issues early on. We had some performance-related issues that caused some outages. Outages actually happened pretty frequently back then. If one centralized authentication mechanism went down, all the applications that depend on it were also unavailable. We've gotten past that, so we're much more of a reliable, robust platform now.
We serve about 10 million users all over the country in the US. Scaling it is not a problem as we just add more servers at that point. The one good thing about SiteMinder is that to scale you basically just add more servers. You can piggyback, use the same basic architecture, and just add more.
Customer Service and Technical Support
We have support contracts with CA, but it's hit or miss. We have to have an escalation path with a direct red phone to senior management support because of the nature of our contracts. We had to utilize that frequently, rather than go through the lower-tier support. Our infrastructure is different enough than CA's reference infrastructure that we take a lot of time to bring somebody new up to speed. We have a direct line to people who really know our implementation pretty well, and have been working with us for a number of years, so it helps.
Other Solutions Considered
Some years ago we had some other vendors early on. But we've got a pretty well-established build out with CA right now, so if we have some significant new functionality in the future, we'll certainly look at other vendors too.
There's a lot of manual work that has to go through transferring a configuration from a lower environment to an upper environment production, so be prepared for that.