Most Helpful Review
You can quickly deploy the entire product with a basic config. However, the GUIs are not very clear.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
The most valuable feature is that it meets the requirements of the customer. You have a lot of features in the product. Every product has them, but the question is, are these products going to meet the requirement of the customer?
I liked the debugging part. There are only two files (trace file and log file) that you need to look into while performing debugging, and the logs give you the exact info on where and what needs to be fixed.
You can quickly deploy the entire product with a basic config within couple of hours.
It has considerably reduced the amount of time that new users would take to join into the organization. Previously, it was a lengthy, manual process because it's a very secure environment, where they need to verify the user before they can actually grant him a user-ID and password. Integrating with the built-in custom application, and exposing CA Single Sign On to the internet, we were able to get the employees onboard. The time that we gained was: previously it would generally take from four to eight weeks for each employee, we brought it to one to two days.
The most valuable feature is the Federation part of Single Sign On, which is customizable and is easily integrated with any customer application or any third party application.
Federation is valuable, for sure, because we have a lot of third-party vendors that we need to integrate with, and this is a turnkey solution in some ways.
The Directory is secure. It's our user store, and it's important to keep our members safe. The product does well with that.
If you look at our organization, and really all financial institutions, we have a lot of legacy apps. So it really helps to get Single Sign-On.
It's improved security; we don't have to worry about people storing password loosely and secure them.
The most valuable feature is the liberty of keeping encrypted passwords and elevated information in a sealed vault.
The initial setup for this process is straightforward and extremely easy. It just works.
Until now, I haven't found anything like the dashboard. It gives you a security score. I find that to be really great. The Sharing Center is really great as well. And the Security Challenge is really great too.
It's always hard to put a value on return on investment. You avoid one breach and it's paid for a million times over. We got a penetration test company internally, just to see how secure our network is, and there happened to be one bit of software that had been overlooked by an external company that managed it. It hadn't been upgraded so that managed to get them into the network. They would've been able to access through the test thing a file that we had previously. If that was a real-life scenario they would have been able to get into our network and get full access to our organization's passwords. If they did get in, they would have gotten access to the cloud. The ROI we see is that we are completely secured compared to what we had previously where there was a vulnerability.
The stability has been rock solid. A couple of years ago, they were breached. However, if you had two-factor authentication enabled, it didn't affect you. We did, so it has been good.
This product helps keep us secure.
Tech support has been good. We haven't needed it much, because it is not a complex application. There is not that much you have to do with it.
CA has reporting at the moment. With the reporting, every particular segmented product has a reporting engine. I would like to see centralized reporting for all of them together.
The GUIs are not very clear, especially when integrating with other products from CA.
The Federation part of CA Single Sign On, it's a bit complex to implement because it involves the SSL certificates, exchange of certificates, and lot of technical details. The documentation misses some important parts of this, so that's the reason it took some time for us to go live.
I think they need to integrate some of the newer types of authentication into the product. I'm not seeing the innovation when it comes to biometrics in the product.
They need to make configurations easier, and not have the engineer having to guess what will happen when he changes a particular setting.
The initial setup was complex, painful. But that is to be expected of any new setup. When you're a big bank like us, any kind of migration to a new product is hard. I expect it to be painful, and it was painful. But it's not something that you can avoid.
I would like to see a move towards the newer technologies, which is what we are doing right now. I think that's in the roadmap that's coming, in the 12.8 and 14 releases, but we would like to have it sooner than later.
The main thing is we do not have the traceability and good monitoring that CA can provide us to capture problems when they occur.
I would like to be able to reduce the log out time of the session.
Right now we have two products; there is the password manager and there is the authenticator app. Ideally, these should be fully integrated and support better handling of two-factor authentication or any other authenticator data.
One thing I wish LastPass had is an integration with Active Directory, not for synchronizing users but to actually manage, in some way, privileged accounts by replacing the password of LastPass itself.
I also don't like the add-in for Internet Explorer and Google Chrome, because when you do the add-in, you can actually save that to your credentials in your IE, and the problem is, if I left my screen open, or any of the IT people leave their screen open someone could come up and access all their credentials in LastPass without having to put a password in within your own network. I don't like that functionality. We've banned that from any of our staff adding that as an add-in because we see that as a security risk.
It is not super feature laden. It does not stand out versus the competition.
The biggest thing is there is no good way to have LastPass rotate passwords without human intervention. Right now, we have to go into each folder, then rotate and manually update each password. It can be done it by loading a bunch of passwords into a spreadsheet, but this makes the whole process insecure because then the passwords have been noted into a spreadsheet which have to be upload. We have to go into 40 to 50 applications and manually update passwords, because we don't view their solution of writing a bunch of passwords on a spreadsheet, then uploading them as a secure solution. This should be done internally within LastPass.
We have issues from time to time where, for some reason, it just keeps auto logging-out the user and then, the next day, they'll come in and it will work just fine.
The ability to set up an account expiration limit/date would be very useful.
Pricing and Cost Advice
CA solutions are generally expensive but for the customer the ROI is big.
I recommend conducting a PoC on every available product before choose one.
The price is quite comparable to the other enterprise-level solutions in that market.
The subscription model is rated at a fair price.
In terms of pricing, my feeling is that they are all roughly the same. LastPass is in line with its competitors, plus or minute a dollar or two per month.
I have been involved with many password managers. Passportal, Secret Server, CyberArk, and BeyondTrust. I chose LastPass for our organization because of the pricing. The organization didn't want to implement something really expensive. LastPass, for what it's offering, for the price that it's offering the service, is unbeatable.
LastPass was cheap as chips. It was very cheap, hence one of the reasons we went with it. If you're a small organization and you're after something that'll do 90% of your requirements, it's very good. Licensing and all that was really cheap and simple to understand.
It would be nice to do a quarterly true-up process with them versus having to buy 50 licenses at a time when we realize we're out, then we have to buy more. So far, they have been nice about letting us exceed our allotment and just letting us true-up on our own, but a more robust quarterly true-up process would be good.
The pricing and licensing are okay. Basically, at the last contract negotiation, they attempted to jack the rate up and we just said, "No." We still did negotiations with them, but they bumped everything up quite a bit.
The previous pricing was of good value. I don't really know, as of now, whether the new pricing is. The Enterprise license is $48 per license per year now. That is a steep increase of $24, which is what it was when we first signed up.
You do not have to purchase licenses for your entire organization. You can scale as adoption grows.
out of 31 in Single Sign-On (SSO)
Average Words per Review
out of 31 in Single Sign-On (SSO)
Average Words per Review
Compared 57% of the time.
Compared 9% of the time.
Compared 6% of the time.
Compared 18% of the time.
Compared 17% of the time.
Compared 13% of the time.
Also Known As
|Single Sign-On, SiteMinder|
CA Single Sign-On provides secure single sign-on and flexible access management to applications and Web services on-premise, in the cloud, from a mobile device or a partner’s site. For over a decade, CA Single Sign-On has been a leader in enterprise-class secure Web single sign-on and identity federation, providing a comprehensive solution that addresses access to applications and cloud services. CA Single Sign-On delivers unparalleled reliability, availability, scalability and manageability.
LastPass Enterprise is a complete login solution, designed for security. It secures your business and centralizes control of employee passwords and applications with Single Sign-On, a one-click access to every site and tool. LastPass Enterprise provides password management, directory integration which synchronizes users with Active Directory, LDAP and custom APIs. It also provides access to shared accounts, for users inside and outside the organization without losing accountability.
Learn more about CA SSO
See it in Action
Start a Free 14 Day Trial
|British Telecom, CoreBlox, DBS, HMS, Itera ASA and Simeo||Hootsuite, Truenorthlogic, Zirtual, CashStar, GoodData, Mainstream Technologies|