Symantec Identity Governance and Administration Review

While IDM has the capability to delegate, the process is not intuitive.

What is most valuable?

The most valuable features of this product are the following:

  1. Policy Xpress
    Allows for the ability to build policies triggered off of events in a codeless manner.
  2. Separation of Duty (SOD) policies
    Gives the ability to create roles and/or policies with a criteria for removal or addition of a role, policy, or an entitlement based on the user’s title as an example.
  3. Connectors
    IDM has a rich set of connectors that covers traditional on premise, SAAS related, or custom resources. IDM provides the ability to create a custom connector through its Connector Xpress module. The module itself allows one to build a connector to any resource that is either LDAP or database driven. Once again this process involves no coding for the task.

How has it helped my organization?

I'm an integrator, and as a result I deploy solutions in behalf of an organization. IDM improves the organizations ability to govern the life cycle of an end user. The life cycle starts with the on-boarding of an individual to the organization, whether it’s a contractor, consultant, employee (full or part time), or a partner. The life cycle ends with the departure of the individual from the organization. Everything in between is about managing the user's access, permissions, profile, and evolution from an identity stand point. We (Mycroft) advise and implement the necessary user cases that drives the successful central management of identities for an organization. Plain and simple, IDM provides the automation that allows the IT and respective business department(s) to focus in on other pressing needs while IDM standardizes the identity practice.

What needs improvement?

The areas of this product which requires improvement are as follows:

  1. The User Interface (UI)
    The User Interface has been improving over time and there are products such as IDMLogic Sigma that improves upon the user UI experience.
  2. Its delegation model
    While IDM has the capability to delegate, the delegation process is not intuitive or forthcoming to the clients. The delegation model is present but it’s not a straight forward model to design against.

These two areas are the ones that stand out, as I probably developed a tolerance over the years for any other if others do exist.

For how long have I used the solution?

Eight years.

What was my experience with deployment of the solution?

Yes, but deployment issues are hardly product installations, but rather retro-fitting the installation to the core principals of the organization. Anyone can install the product within a 20 minute window in an ideal scenario. Each organization has environmental complexities and business policies that at times causes issues with the deployment.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability. Typically deployments are done with an assumption that an organization will grow by a certain percentage in the foreseeable future. As a result the architecture will adhere to the growth plans accordingly.

How are customer service and technical support?

Technical support has drastically improved over the years, as a result I would rate them at 7.5 and climbing.

Which solution did I use previously and why did I switch?

While I implement solutions for organizations, I witness switches for the following reasons:

  • Staff are no longer knowledgeable on the solution as a result of staff turnover over time
  • Product configuration has not been maintained to support needs of the business over time
  • Vendor Support and direction
  • Cost model
  • The direction of the organization and its relationship with other vendors

How was the initial setup?

In my experience, the posture of the setup has a direct correlation to the use case mapped to the feature set and functionality. There are numerous ways to implement a solution, but the level of complexity stems from the ability to simplify the requirements and work with the business on compromises. All organizations have security and business policies that they mandate by or govern towards. As a result, the initial setup or configuration is a direct by-product of how the use case is socialized into the product. At times, some business processes should not be subjected to IDM at all. unless there are compromises to how the business flow is managed. Understanding this basic idea and product limitations go hand in hand.

What was our ROI?

The ROI on CA IDM is a result of the following 3 areas:

  1. Employee productivity
    Faster onboarding process and provisioning. The ability for end user to perform self-service password resets and utilize an access requests system.
  2. IT cost savings
    The ability to focus less on traditional cost areas around password resets, user on-boarding, and essentially the whole user life cycle allows IT to spend on other technical areas wisely. Cost savings to IT is not only how to save but also how to re-purpose the funds to other needed areas.
  3. Cost avoidance.
    Potentially recovering from security breaches or violations and the cost to recover from them. Centralized management introduces efficiency that leads to shared resources not redundant work throughout an organization.
**Disclosure: My company has a business relationship with this vendor other than being a customer: strategic partner
More Symantec Identity Governance and Administration reviews from users
...who work at a Financial Services Firm
...who compared it with NetIQ Identity Governance
Find out what your peers are saying about Broadcom, SailPoint, ForgeRock and others in Identity Management (IM). Updated: February 2021.
464,655 professionals have used our research since 2012.
Add a Comment