IBM Tivoli Access Manager [EOL] Review

SSO capabilities over various technologies is a strength of this product but the federation capabilites are very limited

Valuable Features

Centralized policy management and reverse proxy-based architecture make it very flexible in terms of deployment, adoption, and implementation. SSO capabilities over various technologies is another strength of this product.

Improvements to My Organization

This product enhanced the overall security at perimeter and improved user experience via SSO. A central place for policy and credentials simplifies the authentication over application landscape.

Room for Improvement

The product has not been updated with emerging technologies over the years specifically around AJAX, REST and Mobile app integration. Also the federation capabilites are very limited.

Use of Solution

I have deployed this product at various clients over the last 10 years.

Deployment Issues

Initial deployment of the product is always critical and issues do come up but not due to limitation in the product. Most of the issues were around bad planning or incorrect deployment.

Stability Issues

No, there were bugs identified many times but mostly they were fixed via patch release or a workaround was offered.

Scalability Issues

No, if deployed correctly it is highly scalable product.

Customer Service and Technical Support

Customer Service:

Fantastic customer service from IBM.

Technical Support:

Technical support is good as you can raise issue any time and based on criticality of the issue IBM can provide support immediately. In some cases even on-premise support is also available.

Previous Solutions

A home grown solution was replaced by ISAM to change and configure SSO quickly for applications and at the same time using a scalable product was other major consideration.

Initial Setup

The initial setup is always complex due to number of applications and user base involved. As the product is a front door for all applications this is very critical and complex setup. Also due to internal and external users and multiple authentication mechanisms involved for different type of users it gets complicated.

Implementation Team

IBM team was used for the initial deployment and support and the support provided by them was fantastic. They offer quality consultants all across the globe with short notice.

Other Solutions Considered

Yes, it was compared with Siteminde.

Other Advice

This is a great product with proven history. A little better planning is required before deploying it. Given the change in web technologies and SSO protocols it might be better to check other products in market too.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Shijo JoseReal UserTOP 20

It is true Tivoli Access manager does not have federation capabilities, but there is TFIM exclusively for federation. It supports over a dozen federation protocols, easy to configure and works well with Tivoli Access manager.

09 April 15
Technical Lead at a tech services company with 10,001+ employeesConsultant

The SSO capabilities are great, but it is not evolving with a speed of the changes outside the realm of an organization. There are applications usually on HTML5 and Java script using angular scripts which are becoming too complicated to have SSO capabilities when using ISAM. One example is C7 application from Fujitsu.

04 July 16
Systems Analyst/Team Lead at a tech services companyReal User

Could you give some information on alternate products in the market provide similar features as TAM WeSEAL especially the high performance reverse proxy web server. Also do you have any comparisons.

05 September 16
Shijo JoseReal UserTOP 20

CA site-minder used to be he major competitor. With ISAM 9 IBM products still lead the market.

Products that supports newer technologies mainly OAuth2, SAML2 are likely to be popular in future.

If you do not need reverse proxy it is also possible to configure Apache HTTP server (free) with some LDAP (may be free available) and configure J2EE authorization from application server.

Reverse proxies add lot of features and flexibility and comes will a huge price tag.

05 September 16
Sign Up with Email