It's not difficult, however, eventually, you need the right expertise to implement the solution. You need the right consultant who has knowledge of the applications, the knowledge surrounding security, and can handle in-depth logging processes that are taking place. Basically, you need the right people to implement it. It's not easy. I would prefer to have a consultant who has the development knowledge.

The size of the team you need to implement the product depends on the size and the scope of the project. For a simple two or three applications, we needed only one consultant to implement. However, if it is a massive implementation with multiple products, multiple web servers, web applications, et cetera, eventually its scope varies and timelines vary, and you will require a couple of engineers to implement it.

The setup was complex because we customized the entire implementation process. Although, I doubt any other customer would use it in a similar way.

I was involved in the initial setup process for some of our clients.

For SSO and its setup, the process was straightforward.

The installation process was complex. There are a lot of different moving pieces, and the main complaint is that it's hard to automate any of it. There are so many disparate pieces, and it's not built on top of micro services, neither is it API driven.

The deployment process and initial setup is kind of complex, especially if you want to do a migration from an older version to a new version. There are a lot of manual steps that you need to perform, and if you are doing a pipeline-based deployment, then there are a few hard codings that you need to do. It requires planning. 

The number of people you will need depends on how complex the environment is. I worked on it for multiple clients, so for some, we were just a team of two or three, but for others, we had a team of ten and it still took a lot of time and effort to perform the migration. 

Like any other product, it's complex in setting up. You have to architect it properly and know how you want to set the product up and use it going forward, what platforms you want to run on. It does take time, but like any other major product like that, if it's done right it will work well for you.

It was simple. Documentation has been more than satisfactory, and we’re happy with that. The changes are very well communicated. Even the point releases haven’t given us any problems.

I wasn't involved in the initial setup for our current environment, but I'm involved with a project that is setting up the upgrade environment. It's pretty straightforward.

For the most part, the installation and setup of it with SiteMinder for the policy server aspect of it is fairly easy. For the web agent aspect of it, we've run into issues and have had to call support or refer to old notes from prior installations. For the most part, the setup is between easy and medium difficulty.

It was already in production when I joined.

I was not involved in the initial setup but we were involved in most of the migrations after the initial setup. The migrations are not very complex; it is moderate and not simple, either.

Engineers need to go through the documentation to fix some of those issues. One of the struggles was to create some of the indexes on their pre-server that we didn't know how to do. At that time, maybe, we were a few of the first customers who were doing this. So, we ran into some issues which were not even known to the CA support team.

I started using it six years ago when it was very complex. Now they have given a lot of UI features and simplified it as well.

It's complex. Because of the complexity of the application, you're going to need to involve professional services. You're going to need to bring in a lot of outside resources if you've never done it before. It's not an out-of-the-box, point-and-click, now-you-have-SiteMinder situation. It's going to take a lot longer than that and I think the complexity is often hidden. People are going to stumble upon these challenges in their enterprise after they start it.

We actually used CA Professional Services. There were some challenges on some aspects of it, but on the base product, not at all.

I wasn't in on the initial setup, but I have been installing a lot of the newer versions. Compared to six, seven years ago, now it is very, very smooth.

I was involved in the initial setup process. The initial setup was neither straightforward nor complex. It is medium, depending on the implementations. It was a bit complicated because of the number of components that we had to install, based on our setup.

With the default set up, there is always a limitation on the number of connections that you can have under your policy servers. We didn't know this and it wasn't something that we were informed of, during implementation. As a result, as soon as we hit the maximum limit we started experiencing issues. It probably took us about a month to figure out the solution, which ended up being rather simple but that was a big bump in the road for us and hurt us in the initial stages itself.

It’s fairly complex as it has lots of pieces. We’re in the process of upgrading and we’re building a mirrored environment and then moving everything over to it.

The initial setup seems straightforward, but we're curious about the aspect of SSO for SQL servers. We're also investigating from the net side to see what requirements are needed. We haven't implemented or deployed it yet.

Complex, painful. But that is to be expected of any new setup. When you're a big bank like us, any kind of migration to a new product is hard. I expect it to be painful, and it was painful. But it's not something that you can avoid.

I wouldn’t say it was overly complex but there's complexity in it. One of the reasons we are here today is also to understand what features there are in the future. I think for me as an architect, I look at what the emerging trends are. We have a lot of new requirements; mobility is a big one for us. Bring your own device, being able to authenticate on mobile devices securely, being able to make use of multiple applications right on that mobile device. Being able to integrate with containers for example Citrix, also with the changing old pricing models we have, a lot of outsourcing, a lot of software as a service, we need to be able to improve how we have authentication to the cloud, federation capabilities and that sort of thing. There is a lot that we can do to go forward.

Yes it can be complex, I think that's one area we have already given feedback to the product management, that is a little complex to get the set up and get it going and the upgrade process is very complex. Again it takes time to get but I think once the product is installed and it's there then definitely the stability is there. The complexity is the number of components involved in the overall installation and the education part. Like if we don't have skilled team members definitely it needs people with proper skills set to understand the product, different components, the app layer, the database layer all those components makes it little bit complex too to install.

The initial setup was straightforward. Also, we have been doing upgrades, in place upgrades, as well as cloning infrastructure, which has been pretty straightforward. 

However, the documentation is very unclear. It is painful to go through the actual documentation and get the information which we need. 

I opened up a ticket a couple of weeks ago. It was on strong authentication where we wanted to upgrade from an older version to a newer version. I had to go through three documents and open up a ticket to understand how the upgrade process should happen. It was so confusing. In one document, they say something, and in another document, they say another thing. I actually had to open up a ticket for this. I wanted to delegate the work to somebody else, and when they asked me the question, I did not have the answer, because it was distributed across three documents.

Even during my initial deployment of strong authentication, this was the older six stack two version, if I would have gone through the document to build it, I would not have done it. We had professional services sitting with me, because I was doing a PoC. At that time, we went through the installation, and I was able to receive some help.

But for everything, I cannot go to professional services. If the documentation was straightforward, then I do not have to refer to professional services. That is one thing that I have noticed, the documentation is really unclear.

It was initially complex because we had many directories. Upgrades, however, are simple. But there's no way to downgrade. You have to uninstall and reinstall the previous version.

I wasn't involved in the initial setup.

I was not involved in the initial setup, but I am involved in building a parallel platform right now for an upgrade. 

The upgrade is a very straightforward setup, easy to install and run. A little bit complex to set up rules, but that is why you want engineers around.

If you compare it on a spectrum of really easy products to deploy – like single-clicks that can maybe even automate themselves and push out their own instances of themselves – versus, here's a big book of steps that you have to go through, I think CA SSO is kind of on the left side of that spectrum.

Initial setup is pretty straightforward. There were no major problems there. Some of the use cases we are doing are a little complicated – that's where the nuance came in – but, from a high level, as a 'ready-to-go out-of-the-box' solution. It's been fun.

The initial setup was not straightforward. It definitely has its learning curve.

I’ve been running SiteMinder since v4, the first time I had to learn everything. It’s easy to export the policy to the policy store, which is your most valuable thing. It’s on v12 now, and I haven’t had to update for two years. We’re no longer handling the server admin, that’s another team, but we’re handling all the policy configurations. We can take that and go from version to version with no problem.

It was already in production when I joined.

I wasn’t really involved with the initial setup. Most of it we basically do ourselves with the tools and the documentation that CA provides.

It's one of most complex requirements as explained earlier.

With the initial setup, there was some complexity and some straightforward things.

I came 2 or 3 months after the initial setup, so I wasn't part of that. We had a third-party company help us with our development and deployment, so they pretty much took the ball and ran with it. I don't know how complex it was for them. When they presented it to us at deployment time, we were ready to go.

With the setup, obviously, with a large organization, there are quite a number of things to be done. There is some complexity involved, but generally, I would say that it's been quite successful.

Since I've been doing it for years, it's hard for me to say it was complex. You have to set up the realms, domains, ACOs, access control, configure the objects, and set up the databases. Speaking as a technical person, I think it could be a little more simplistic, but on a technical level, it's about even with the other solutions available.

Although it is straightforward, for someone new to access management, it is always a challenge to understand what is done and why. That is where I struggled initially, since I was very new to the domain. Domain knowledge is more important when you are new to a product.

The setup was not straightforward. I would give it a 7/10 rating - 1 being simple and 10 being complex. So, it was quite complex.

I wasn't involved in this initial decision to bring it in, but I was brought onto the team fairly soon thereafter.

I wasn't involved in the setup.

When I started two years, it was already setup. Now, I am reengineering it. I am doing a different setup to eliminate any customization for CA to support us better. The process is straightforward.

The initial setup was very easy and straightforward.

We converted from DMS, which was SiteMinder before CA bought it. I think it was relatively straightforward. From what I heard, there was a roles conversion process. We went from the old way of doing tasks to access roles. This required some work, but at that point, we didn't have that many web applications; so it wasn't a huge deal. It sounded like it was pretty smooth.

When I came to the company we used v5, I believe, but I did two major migrations, a migration to v6 and then to v12. It's a very straightforward and smooth transition from version to version.

I wasn't involved in the setup, but I will be involved in future releases, in particular our roll-out to different regions of the world.

It was complex. There are a number of concepts you have to understand to use the product, and the concepts are mostly specific to this particular product.

The initial setup was not a problem. I would rate the difficulty a seven out of ten.

We have a large network with several servers and it took more than six months for the initial implementation.

We had a team of three engineers to deploy this solution on-premises. They were responsible for the administration of the single sign-on.

It's not user friendly, but it's very customizable. It's important to have customized developments integrated with CA SSO.

I’ve been doing it for a long time, I can say it's medium-level complexity. The policy store configuration, and tuning the policy store is a bit complex in ensuring it does not corrupt.

It was complex. The Federation part of CA Single Sign On, it's a bit complex to implement because it involves the SSL certificates, exchange of certificates, and lot of technical details. The documentation misses some important parts of this, so that's the reason it took some time for us to go live.

It was already in production when I joined the company.

It was complex and not at all straightforward. They really need to work on this.