IBM Tivoli Access Manager [EOL] Review

SSO capabilities over various technologies is a strength of this product but the federation capabilites are very limited

What is most valuable?

Centralized policy management and reverse proxy-based architecture make it very flexible in terms of deployment, adoption, and implementation. SSO capabilities over various technologies is another strength of this product.

How has it helped my organization?

This product enhanced the overall security at perimeter and improved user experience via SSO. A central place for policy and credentials simplifies the authentication over application landscape.

What needs improvement?

The product has not been updated with emerging technologies over the years specifically around AJAX, REST and Mobile app integration. Also the federation capabilites are very limited.

For how long have I used the solution?

I have deployed this product at various clients over the last 10 years.

What was my experience with deployment of the solution?

Initial deployment of the product is always critical and issues do come up but not due to limitation in the product. Most of the issues were around bad planning or incorrect deployment.

What do I think about the stability of the solution?

No, there were bugs identified many times but mostly they were fixed via patch release or a workaround was offered.

What do I think about the scalability of the solution?

No, if deployed correctly it is highly scalable product.

How are customer service and technical support?

Customer Service:

Fantastic customer service from IBM.

Technical Support:

Technical support is good as you can raise issue any time and based on criticality of the issue IBM can provide support immediately. In some cases even on-premise support is also available.

Which solution did I use previously and why did I switch?

A home grown solution was replaced by ISAM to change and configure SSO quickly for applications and at the same time using a scalable product was other major consideration.

How was the initial setup?

The initial setup is always complex due to number of applications and user base involved. As the product is a front door for all applications this is very critical and complex setup. Also due to internal and external users and multiple authentication mechanisms involved for different type of users it gets complicated.

What about the implementation team?

IBM team was used for the initial deployment and support and the support provided by them was fantastic. They offer quality consultants all across the globe with short notice.

Which other solutions did I evaluate?

Yes, it was compared with Siteminde.

What other advice do I have?

This is a great product with proven history. A little better planning is required before deploying it. Given the change in web technologies and SSO protocols it might be better to check other products in market too.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More IBM Tivoli Access Manager [EOL] reviews from users
...who work at a Insurance Company
Add a Comment

author avatarit_user177240 (Tivoli Access Manager SME at a government with 1,001-5,000 employees)
Real User

It is true Tivoli Access manager does not have federation capabilities, but there is TFIM exclusively for federation. It supports over a dozen federation protocols, easy to configure and works well with Tivoli Access manager.

author avatarit_user182007 (Technical Lead at a tech services company with 10,001+ employees)

The SSO capabilities are great, but it is not evolving with a speed of the changes outside the realm of an organization. There are applications usually on HTML5 and Java script using angular scripts which are becoming too complicated to have SSO capabilities when using ISAM. One example is C7 application from Fujitsu.

author avatarit_user343233 (Systems Analyst/Team Lead at a tech services company)

Could you give some information on alternate products in the market provide similar features as TAM WeSEAL especially the high performance reverse proxy web server. Also do you have any comparisons.

author avatarit_user177240 (Tivoli Access Manager SME at a government with 1,001-5,000 employees)
Real User

CA site-minder used to be he major competitor. With ISAM 9 IBM products still lead the market.

Products that supports newer technologies mainly OAuth2, SAML2 are likely to be popular in future.

If you do not need reverse proxy it is also possible to configure Apache HTTP server (free) with some LDAP (may be free available) and configure J2EE authorization from application server.

Reverse proxies add lot of features and flexibility and comes will a huge price tag.