What is most valuable?
Automation of access provisioning, maintenance, and de-provisioning based on HR employment status. The ability to add in different applications for proper lifecycle management was critical to a successful and streamlined business operation. The self-service functionality for password/access management reduced our need for manual intervention.
How has it helped my organization?
It reduced manual effort for on/off-boarding staff and removed need for manual password management of some critical systems.
What needs improvement?
This is based off using Account Courier and Password Courier exclusively, and may not be indicative of more recent features included in the platform. The entire provisioning and management process needed to be driven by manually developed SSIS packages for moving data to the correct locations on the database. This would then require either XMLAO requests to workflow endpoints or configuration of a request service. Configuration of the service was already prohibitive due to existing issues.
The product could be significantly improved if customers were able to ingest data feeds (using standard JDBC connectors), set provisioning rules, and let the product handle this automatically. However, provisioning logic within the application was composed of "macros" (SQL queries executed by the platform via a service account).
For how long have I used the solution?
I have been using Courion Access Assurance Suite for three years.
What do I think about the stability of the solution?
Stability was a constant concern. The application was plagued with memory leak issues from initial installation and through multiple major/minor version upgrades. The only solution required downtime to restart application services during off-hours. The need to manually write and maintain queries for provisioning macros resulted in an inability for the application to handle data consistency issues (standard problems such as escaping non-UTF8 characters). There was little support for this offered, other than to upgrade to the next version and see if the issue resolved itself.
What do I think about the scalability of the solution?
Courion AAS is by no accounts scalable. Though it is possible to run multiple web-application servers in parallel, there are issues that prevent true high availability. For example, links between web and application servers must be hardcoded in a 1:1 relationship, meaning that the web and app tiers are not fully distributed and balanced. This would also require custom development to include "health check" workflows which would validate the functionality of application servers.
How is customer service and technical support?
Prior to their acquisition, Courion's technical support went above and beyond the call of duty any time I had an interaction with them. I cannot speak for this after their acquisition, as I no longer use their services.
Which solutions did we use previously?
No solution was used previously.
How was the initial setup?
Initial setup was handled by outside contractors. However, in the process of performing an upgrade, we built out a new installation using a later version. The process of exporting and importing configuration is cumbersome and error prone, as their tooling frequently encounters errors which are uncaught.
What's my experience with pricing, setup cost, and licensing?
Licensing is higher than expected, but negotiable. However, this is a very high-pressure sales organization.
Which other solutions did I evaluate?
This was chosen prior to my involvement. If given the option to replace, SailPoint would be the likely choice. At one point an RFP was performed between Courion, SailPoint, and several other industry leaders.
What other advice do I have?
Research heavily into current customers and ask for references if possible. The product itself works well when configured, but setup, installation, configuration, and development are prohibitively complicated and undocumented. Though the support team is superb, it is not enough to work through the process of developing workflows and configuring services. The training provided (at cost) does not touch on the configuration required to make the application work. There are other products available which accomplish the same functionality with less configuration, and provide features not currently available (such as SSO).
Regarding the organization itself (again, prior to acquisition), the sales team had a very high-pressure mentality and would force themselves up the organization wherever possible. There is little desire to interact with the engineers responsible for building out the tools. As we have worked with both their internal development team as well as multiple third parties, it seems there is a significant lack of best practice standardization across the board. A single task can be approached many ways depending on who is asked in the same organization, with wildly different opinions on which solution is "optimal".
Simply put, the simplicity of other options available outweigh any perceived benefits of using this solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jun 28 2017