CA SSO Review

Out-of-the-box authentication for a majority of apps. REST APIs are not easy to deploy, and more mature ideas for the Cloud are needed.

What is most valuable?

SSO provides out-of-the-box authentication for the majority of the apps; and it provides a holistic solution for the company. Right now, we are using an on-premise solution. If we want to move to the Cloud, CA has that solution as well. So we’re positioned quite well to move into the Cloud as well.

They take the authentication and the core screen authorization out of application code. They also integrate with other security products very well.

How has it helped my organization?

SSO has impacted security on the whole. It has provided a very good user experience. We have recently moved from an experience in which users had to log in multiple times. Now they love it because they don't even have to have a log in because we integrated certain functionality from the CA side, like integrated Windows authentication. Users love it for certain applications where they had to log in a number of times during the day.

What needs improvement?

CA has come up with and has talked about Cloud-based solutions. I would like to see more mature ideas than what they're providing. I'm sure they have that on their roadmap. There are certain integration points that can be leveraged and made more easy to deploy, like the REST APIs and things like that. That is an opportunity to make deployment easier for any employer or for any company. They are talking about it. It’s going in the right direction. That’s for certain.

What do I think about the stability of the solution?

The stability of the solution depends on how you implement it. It's stable. There are no known issues. If there are patches required, CA provides patches regularly. Overall, it is pretty good.

What do I think about the scalability of the solution?

There's really no limit to scalability if you have the right hardware and right architecture. I wouldn't put it on the product. It's how you deploy the product. Thousands and millions of authentications are done in seconds and milliseconds, so scalability is not an issue at all.

How is customer service and technical support?

The company has used technical support. It's usually used if they need upgrades. If they need some help, they have it. The technical support is on par with the current level of support in the industry.

Which solutions did we use previously?

This happened before my time, so they actually had either a home-grown product, or they had some legacy systems for provisioning or for authentication. They had a different product which wasn't doing exactly the same thing, but this a very mature product. This has been there for a long, long time, for the past 20 years now.

Which other solutions did I evaluate?

They evaluated other options before choosing this one way before I was there. However, for example, there are other security and security engineering products that they're currently evaluating. Some of them are from CA, and some of the others are in-house. For example, privileged access is an important one and the company's talking to CA about Privileged Access. They have a product which is not really meeting their requirements today. Hopefully, the Privilege Access one will take care of that.

In choosing a vendor, the relationship is one of the most important factors. In today's world, everybody has the same features, so it’s the relationship that matters. It's not a vendor. It's a partnership. You develop that, and you're pretty much covered.

What other advice do I have?

It depends on what requirement is the most important to them. Is the Cloud the most important thing to them; or is in-house important to them? The main consideration is what issue are they trying to address? If they're trying to address the user experience, everything holistically: CA, Oracle, RSA, they're all, again – it all depends on the relationship and what CA provides.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Sign Up with Email