Symantec Identity Governance and Administration Room for Improvement
YC
reviewer2142495
Manager at a computer software company with 501-1,000 employees
Other products offer more features.
Symantec is only on-premises, not on the cloud.
There are not a lot of connectors or integrations available out of the box.
It doesn't do edge cases well.
The connectivity options are limited.
Reporting and monitoring are not very good or well organized.
It needs more approval of workflows or modification options.
View full review »I saw some of the presentations here at CA world about the new interface for users to go in and request access and have their portal look really good. It's just a matter of us upgrading to that. The new user interface on the user side looks good, apparently it's not quite there yet on the admin side. To see something like that on the admin side would be amazing.
If we were to add a new active directory group for someone to request access to, we have to build account templates and things like that for it. It's a very manual process that needs to be done ahead of time. With the newer version, you can actually go from the requester view. The requester can type in the name of the AD group he wants access to, and it will add that to the system in real time. Then it'll go through whatever approval we've setup saying that if you add a new AD group you would get managed professionally.
MW
reviewer2183661
Managing Director at a consultancy with 1-10 employees
The product's technical support could be better. The integration project requires a lot of technical details, so we need to find it quickly and easily. There was a large community of knowledge in the past. We kept it together and got the results. The community that works around the particular technical issue is shrinking. It used to be a specialized community that would help with the process. These particular areas need improvement.
Broadcom is still using a hybrid cloud model, with some workloads on-premises and some in the cloud. They must start with the cloud adoption and move as many workloads to the cloud as possible. The on-premises environment is becoming stable. They need to rebuild that cost and the software. The product's pre-sales, technical support, and installation could also improve.
View full review »Buyer's Guide
Symantec Identity Governance and Administration
March 2024
Learn what your peers think about Symantec Identity Governance and Administration. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,415 professionals have used our research since 2012.
VM
PrincipalSecArch140
Principal Security Architect II at a engineering company with 1,001-5,000 employees
I'd like to see the user interface be a little bit better as far as deploying the infrastructure, the back end, but I hear that it's coming.
Most of the troubleshooting workflow is based on logs, so if the logs were consolidated we would need to just look at one particular log for all the servers to figure out what going on.
For example, if you get a fail when provisioning a user, you determine where it fails, and go to the logs to see where specifically the process stopped and what tasks were not completed.
View full review »CA technologies must improve IHM for a better user-friendly approach.
View full review »DS
DarwinSolano
Solutions Architect at MAINT
The product could be improved. I think when you work with this kind of solution, you have to work with endpoints, and not always do you have the input you need. Sometimes, it's necessary to develop the connector to some kind of endpoint. The development process to create this connector is not as easy as I would like. It's sometimes a little bit complicated. This process involves code that we need to develop to get that connector.
View full review »AS
Alfredo Silva
ALiBS Solutions at ALiBS Solutions
All software has room for improvement. There are some features that could be added to make it even more user-friendly.
Integration capabilities with other solutions and formats, including JSON, could be improved. Integration is not easy at all.
View full review »- Security information
- Human resource onboarding/offboarding processes
- All areas in organization that required account functionality in applications of the company
Keeping up with the market and support for functionality and other core endpoints like Active Directory and Exchange that right now seems to be missing. So it needs a little more work around keeping up with what the industry is going.
View full review »AS
Alfredo Silva
ALiBS Solutions at ALiBS Solutions
There is no preferable feature. It works well in general.
The performance could be better. Sometimes there is a problem with performance. There are times that it takes too long to generate reports and to run the assessment tools to collect the information. It could be faster.
The administrative part is not very intuitive. Actually I think it is because it requires specialization and knowledge in what is done.
I found an option to import specific information, but the functionality was non-existent so they have to update the documentation or remove it from the menu (import from ITIM). Improve release updates when there is an obsolete function or it is not still supported.
PS
LeadSolu4b96
Lead Solution Advisor at a financial services firm with 10,001+ employees
It needs to be connected to major HR systems. That is a major thing. And if they can connect it to GRC systems, that's good to have in an identity product.
Something to help us migrate our code between environments from QA to UA to production in an easier way. That would probably be the big one.
View full review »We've met with the product development folks, and as far as improvements, we're really looking at them from a user experience. While all the key components are there to make the product work very well, what we're looking at is enhancing the product to have much more of a more modern approach and look and feel.
There are several areas for improvement in Symantec Identity Governance and Administration. They have no proper documentation on how to do backups. They also have a lengthy workflow process where we have to make some configurations to manage automation in the rules and in our tasks which takes time. We have to manually configure all the configuration files, and we cannot export users because there's no export system in Symantec Identity Governance and Administration.
What we'd like to see in the next release of the solution is for them to make configuration and integration with other systems their top priorities. We have many API systems to manage, so hopefully, if they make these enhancements shortly, we can directly connect with our API systems when using Symantec Identity Governance and Administration.
View full review »MB
MostafaBasha
Operation Risk Senior Manager/CRO at I-SCORE
As far as improvements, the first thing I think CA needs to do is redesign the user interface. The functionality is good but the interface itself is not that user-friendly.
I think also that there are some issues with the privileges of service accounts. For working with Oracle, we need some kind of service account with administrative privileges. Access works when we give the user account administrative privilege. But in some cases, particular access needs to work for user roles that have less than administrative privileges and these users and rules need to be stored in the database. I need the ability to directly configure users and rules store on databases.
Maybe it is more complicated and related to Oracle services — I do not know the database side as well. But we need to read and write on the rules table and the users tables and store that data in the database.
Otherwise, the product has good performance and it is a very capable solution. I can automate a lot of processes related to provisioning users and identity management, but the controls can be even more flexible with these few changes.
The deployment cannot be pushed through the management console when you define the credentials for a user that can connect to the endpoint. It would be easier for deployment if the service could look at the endpoint or data center and detect what is needed to push this deployment based on the application version or based on whatever the operating system is. Things like that can make a difference at times.
If they can customize by the customer, it means that if someone upgraded their environment, the client does not have to go back and request the version of an executable for a new OS. The result is that the correct executable will be deployed by the agent.
View full review »It has a large footprint which you'd expect to be much, much smaller. Just to run basic services, we have 10 different servers. Also, if it were easier to manage, that'd be useful.
View full review »My team doesn’t have much experience, so we need to hire a professional to work with us on site every day. This is difficult. I have 2700 servers and we have another project when 90% is obligated to use them but only 10% is a physical server.
View full review »There are actually quite a few nice things on the CA roadmap in the future. I think to have ability to enable our customers to have different roles, because we have customers that they can be a private customer, they can be part of an organization or a corporation and they need to have different roles. I think that's still something we will see in the future. We have some basic product to do that and we are starting to implement it but it will take us some time to get there.
View full review »Customer reporting. One of the big things we had asked for is for the Identity tool to actually do more kinds of reporting for audit purposes. It doesn't really track any of the metrics that are useful to us, at this point.
The areas of this product which requires improvement are as follows:
- The User Interface (UI)
The User Interface has been improving over time and there are products such as IDMLogic Sigma that improves upon the user UI experience. - Its delegation model
While IDM has the capability to delegate, the delegation process is not intuitive or forthcoming to the clients. The delegation model is present but it’s not a straight forward model to design against.
These two areas are the ones that stand out, as I probably developed a tolerance over the years for any other if others do exist.
View full review »SM
Subrata Mallick
CEO at Next Generation Technocom Pvt Ltd
The product works slowly while accessing cloud-native solutions. They should work on their ability to integrate with third-party vendors. Additionally, cloud networking features and Azure, AWS, and GCP integration are needed.
View full review »PD
reviewer1663482
Delivery consultant at a computer software company with 10,001+ employees
The interfaces need to be revamped. They are too antiquated. This is the biggest issue I can think of.
I rate the support as a solid C. Of primary concern is that there are not too many people employed nowadays with the requisite support knowledge. Since we are talking about an increasingly antiquated product, it is likely neither easy, nor desirable, to train support staff with the requisite knowledge. The support at the moment is not very efficient.
It would be nice to see a size version of the solution, a cloud version.
The solution is not the best or the fastest available.
The solution is rather stable, but not remarkably so, as there are certain persistent bugs which tend to be present from one version to the next.
The initial setup is rather complex. While they've made efforts to improve this and there's a separate version that comes with a pre-package model, the process remains, nevertheless, complex.
View full review »RK
Rahul KS
Technologist at a healthcare company with 10,001+ employees
Policy writing and provisioning are easy, but should be improved. Provisioning has a dependency on Windows.
View full review »We would like to see integration with analytics. Also, for them to be more efficient regarding discovering and implementing new rules.
View full review »I think CA Identity Manager could improve in the following areas:
- Usability
- Stability
- It's complex
- The reporting functions
I'd like to see it better integrated with the other CA security products.
View full review »We are actually looking at something to make it easier from a user front end. The helpdesk does a lot of work today, so we're looking at another product from CA. I think it's called the Identity Suite.
Make the maintenance and the updates easier. As well as a more intuitive interface.
The only issue we have is that sometimes we have an issue related to the Microsoft integration. That impacts Identity Manager's performance, and it's something we need.
View full review »With the new age products such as Dell, Forgerock, and Ping, and the change in demands of the customer, CA needs to do a lot more. For example, Dell IM provides built-in features with governance in mind, although they also provide a separate product called IM with governance edition.
The GUI in CA is more complicated where a user might have to drill down more into the menu to find the real form. Also, during configuration for a new person it's a tough deal to drill into the menus to find the place to actually setup.
CA came up with SIGMA to be better on GUI and scalability, but it had a lot of issues and poor scalability in both versions. I lost one bid purely based more on the poorer GUI provided by CA, and due to the fact that SIGMA did not provide things which were asked by the customer and did not provide scope of much customization either, so I did not understand the use of the product. I am not aware if SIGMA is officially launched now or not.
View full review »I'm happy with the features that are in the current release.
We have IDM integrated with Provisioning, SiteMinder, and CA Directory as our IAM solution. When we embark on an upgrade initiative for one of these components we quickly find that newer versions of IDM are not supported with the other exisiting components. This results in a much larger project to upgrade SiteMinder, IDM, Provisioning, Directory, and the OS which results in Senior management abandoning our upgrade project. I would like to see IDM supported with a larger version footprint in relation to the other required components in our IAM application framework.
The provisioning manager could use improvements.
View full review »UA
Umair Akhlaque
Enterprise Solutions & Services Head at Duroob Technology
The directory has room for improvement. Also, the dashboards and, in particular, the KPI dashboard that shows the current user’s information needs reworking.
It would be ideal if they could consolidate the workflow. Right now, because everything is on a different workflow engine, seamless integration cannot happen. If the solution offers a single workflow engine and a single reporting engine for all security targets, that would be ideal.
View full review »DS
DarwinSolano
Solutions Architect at MAINT
They provide a framework to develop your own connectors. A connector is a piece of software that integrates with the solutions that are not a part of the support matrix. Currently, it is difficult to create these connectors in this solution. Other solutions, such as NetIQ Identity, provide a better way to create your own connector.
Currently, there is no cloud version. It should have a full cloud version.
View full review »A better information display for the approvals within the workflow would give them more information and the ability to comment back on a request as to why they're rejecting it. We've been telling them we'd like this improvement, and we hope to see it.
View full review »An improvement that we would like to see in a later version is taking it to the cloud. We have it on-premise and we foresee a lot of scalability challenges so taking it to the cloud might be a very good option for us.
View full review »The technical support for this particular product is really poor and needs a lot of work.
View full review »Because it's software on our network, there are sometimes load-balancing issues or latency delays.
View full review »WA
WaelAbdelwahab
Technical Support Manager at Future systems
They should easier and better integration with other software. It's hard to create custom integration rules with other software, like Oracle. This needs to be improved to give the customer an easier way to integrate.
View full review »The interface is modern, but could have been made even easier to use for the customers.
View full review »RC
Solution110c
Solution Architect with 1-10 employees
The product has a lot of need for improvement. Our issues are being raised back to the vendor as enhancements.
View full review »User interface and usability are mainly the features that need improvement.
I'm not sure if the new release includes 508 compliance for blind and deaf users. That would be a nice feature to include, especially for the government space.
It should be better when doing custom connections.
View full review »Custom connector, web service configuration and use.
View full review »We’re in the middle of an upgrade with IM to 12.6. Once that’s done, we will get a better feel for what’s available; they’re deprecating some of the functionality in their provisioning manager product.
It would be nice to have someone at CA that can handle some of the more technical questions we have.
View full review »It would be great if they could enable social media identities. That’s the one thing we would like to have.
View full review »Lack of a comprehensive attestation component/product and easy to use workflow that supports both attestation and provisioning. However, currently CA does have a product for attestation.
View full review »FM
reviewer780990
Senior Manager at a tech services company with 501-1,000 employees
I would like to have differential campaigns. In the next release, there should be the provisioning of your certifications. When you remove access or grant extra access to someone, it would be good to have direct provisioning to different sources.
View full review »- Installation and upgrading is complex
- User Interface
Identity Manager has a lack of entitlement support, unlike other products that I have worked with. Other products have a focus on the entitlement that a user has, where you can pick and choose access as an entitlement, and add it to the user or remove from the user. With CA it is all role-based, that is kind of a sticking point with me, so we have to work around that.
View full review »An out of the box way to control when a policy executes.
View full review »GUI/Web interface
View full review »Better recovery for the application server with the DB connectivity.
View full review »AS
Amlan Sahoo
Systems-Engineer at a tech services company with 10,001+ employees
I find the API boring. I also faced issues while integrating with CA SSO.
View full review »Been quite a while since I worked on it so I can't really comment on how far the product has come in the past 2-3 years.
View full review »Workflow engine and workflow configuration. Also, the user interface has a lot of room for improvement.
View full review »
• Cost is the only demerit of Identity Manager because it requires updates of software and technology as users keep multiplying. Identity Manager is also prone to hackers and therefore needs to be regularly checked for security threats and intrusions.
• Users must be trained to use the system.
View full review »
Yes, we found that if you create a certification with a high number of objects, the portal runs slowly. We are working with CA to manage this situation.
View full review »- Cloud integration
- More flexibility and interoperability - how components interact with each other and external components
Reporting could be improved.
View full review »
Identity manager is very complex and you must have the knowledge and skills required to use it. It is also a bit expensive, but its benefits outweigh all these cons.
View full review »
Buyer's Guide
Symantec Identity Governance and Administration
March 2024
Learn what your peers think about Symantec Identity Governance and Administration. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,415 professionals have used our research since 2012.