IBM Tivoli Identity Manager [EOL] Review

Make sure you have a strong implementation team that knows the product inside and out.

Valuable Features

Flexibility, interoperability and the number of adapters/connectors that come with the product are key differentiating strengths in my opinion.

The product allows for extensive customization, particularly for things like workflow and policy configurations, which can get complex in a large IAM environment. Configuration is UI-driven, but the same can be accomplished in a more powerful and direct manner by writing scripts, which are based on JavaScript syntax. This is in contrast to products like Sun IDM, which rely on a proprietary language for product configuration.

Many IDM /IAM products require a database, directory server, web application server and other middleware components to function. Some of them require (or strongly recommend) those components to be made and sold by the same vendor. This is not the case with Tivoli. I've seen it work on Windows, AIX, Linux, Oracle, DB2, Sun ONE Directory Server, ITDS, WebLogic, WebSphere, etc., and it supports many other vendor products for OS, Database, Application Server and Directory server.

Connectors are plentiful, partly due to how long the product has been on the market, and developed by IBM instead of by 3rd parties.

Improvements to My Organization

I don't use the product at my company because it only makes sense to do so in a mid-to-large corporate environment. Having said that, in my own opinion, the main benefits are, in order:-

  1. Better compliance posture
  2. Stronger account security; and
  3. Automation of identity management processes

Room for Improvement

For 5.1 version (older version) of Tivoli the user interfaces were not as user-friendly as other products on the market at that time. They were functional, but sometimes required extra clicks to get to the right spot. This tended to result in customers building their own custom user interfaces and integrate with Tivoli via API. However, this was (and probably still is) a lot more complex than it sounds in most cases. Speaking in general, building a custom UI for an identity management product is not a good idea. This makes upgrading to a new version of the product later very challenging, while making the costs of deployment and support higher.

Use of Solution

Four years. I have not worked with the more recent iterations of the product. So everything below is related to the 5.1 version which I came to know very well.

Deployment Issues

Yes, minor issues that were resolved with IBM support.

Stability Issues

No issues encountered.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service:


Technical Support:


Previous Solutions

I deployed Sun Identity Manager for clients, but switched it was acquired by Oracle.

Initial Setup

Setup is very complex and should be left to professionals with at least a couple of years of full time experience in deploying the product. This is probably doubly true for Tivoli, but the same concept applies to other IAM products made by other vendors. They are very complex and someone with extensive technical and developer background will NOT be able to figure Tivoli out on their own without prior experience. Documentation and training only helps a little.

Implementation Team

I was the vendor who implemented the product for others.

Other Solutions Considered

I helped clients evaluate IBM against Oracle, Microsoft, SAP, Novell and CA, among others.

Other Advice

Make sure you have a strong implementation team that knows the product inside and out. Make sure you have a good transition plan for post go-live support and a capable support team. Avoid the temptation to develop a custom UI. As a general advice for any IAM implementation, have a strong governance model in place, keep stakeholders engaged throughout the process, use the opportunity to design new processes that are simple and effective rather than automating the same old broken IAM processes that used to be performed manually.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email