Flexibility, interoperability and the number of adapters/connectors that come with the product are key differentiating strengths in my opinion.
Many IDM /IAM products require a database, directory server, web application server and other middleware components to function. Some of them require (or strongly recommend) those components to be made and sold by the same vendor. This is not the case with Tivoli. I've seen it work on Windows, AIX, Linux, Oracle, DB2, Sun ONE Directory Server, ITDS, WebLogic, WebSphere, etc., and it supports many other vendor products for OS, Database, Application Server and Directory server.
Connectors are plentiful, partly due to how long the product has been on the market, and developed by IBM instead of by 3rd parties.
Improvements to My Organization
I don't use the product at my company because it only makes sense to do so in a mid-to-large corporate environment. Having said that, in my own opinion, the main benefits are, in order:-
- Better compliance posture
- Stronger account security; and
- Automation of identity management processes
Room for Improvement
For 5.1 version (older version) of Tivoli the user interfaces were not as user-friendly as other products on the market at that time. They were functional, but sometimes required extra clicks to get to the right spot. This tended to result in customers building their own custom user interfaces and integrate with Tivoli via API. However, this was (and probably still is) a lot more complex than it sounds in most cases. Speaking in general, building a custom UI for an identity management product is not a good idea. This makes upgrading to a new version of the product later very challenging, while making the costs of deployment and support higher.
Use of Solution
Four years. I have not worked with the more recent iterations of the product. So everything below is related to the 5.1 version which I came to know very well.
Yes, minor issues that were resolved with IBM support.
Customer Service and Technical Support
9/10 Technical Support
I deployed Sun Identity Manager for clients, but switched it was acquired by Oracle.
Setup is very complex and should be left to professionals with at least a couple of years of full time experience in deploying the product. This is probably doubly true for Tivoli, but the same concept applies to other IAM products made by other vendors. They are very complex and someone with extensive technical and developer background will NOT be able to figure Tivoli out on their own without prior experience. Documentation and training only helps a little.
I was the vendor who implemented the product for others.
Other Solutions Considered
I helped clients evaluate IBM against Oracle, Microsoft, SAP, Novell and CA, among others.
Make sure you have a strong implementation team that knows the product inside and out. Make sure you have a good transition plan for post go-live support and a capable support team. Avoid the temptation to develop a custom UI. As a general advice for any IAM implementation, have a strong governance model in place, keep stakeholders engaged throughout the process, use the opportunity to design new processes that are simple and effective rather than automating the same old broken IAM processes that used to be performed manually.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jan 19 2015