Most Helpful Review
You can quickly deploy the entire product with a basic config. However, the GUIs are not very clear.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
The most valuable feature is that it meets the requirements of the customer. You have a lot of features in the product. Every product has them, but the question is, are these products going to meet the requirement of the customer?
I liked the debugging part. There are only two files (trace file and log file) that you need to look into while performing debugging, and the logs give you the exact info on where and what needs to be fixed.
You can quickly deploy the entire product with a basic config within couple of hours.
It has considerably reduced the amount of time that new users would take to join into the organization. Previously, it was a lengthy, manual process because it's a very secure environment, where they need to verify the user before they can actually grant him a user-ID and password. Integrating with the built-in custom application, and exposing CA Single Sign On to the internet, we were able to get the employees onboard. The time that we gained was: previously it would generally take from four to eight weeks for each employee, we brought it to one to two days.
The most valuable feature is the Federation part of Single Sign On, which is customizable and is easily integrated with any customer application or any third party application.
Federation is valuable, for sure, because we have a lot of third-party vendors that we need to integrate with, and this is a turnkey solution in some ways.
The Directory is secure. It's our user store, and it's important to keep our members safe. The product does well with that.
If you look at our organization, and really all financial institutions, we have a lot of legacy apps. So it really helps to get Single Sign-On.
The provisioning and deprovisioning saves a lot of time and skips a lot of errors.
It gives us attribute-level control and the AD management features work very well.
It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool.
The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see.
It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system.
CA has reporting at the moment. With the reporting, every particular segmented product has a reporting engine. I would like to see centralized reporting for all of them together.
The GUIs are not very clear, especially when integrating with other products from CA.
The Federation part of CA Single Sign On, it's a bit complex to implement because it involves the SSL certificates, exchange of certificates, and lot of technical details. The documentation misses some important parts of this, so that's the reason it took some time for us to go live.
I think they need to integrate some of the newer types of authentication into the product. I'm not seeing the innovation when it comes to biometrics in the product.
They need to make configurations easier, and not have the engineer having to guess what will happen when he changes a particular setting.
The initial setup was complex, painful. But that is to be expected of any new setup. When you're a big bank like us, any kind of migration to a new product is hard. I expect it to be painful, and it was painful. But it's not something that you can avoid.
I would like to see a move towards the newer technologies, which is what we are doing right now. I think that's in the roadmap that's coming, in the 12.8 and 14 releases, but we would like to have it sooner than later.
The main thing is we do not have the traceability and good monitoring that CA can provide us to capture problems when they occur.
For the AAD management feature, it needs to improve the objects that we can manage and the security.
Most of the time it just works.
It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch.
For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript.
Pricing and Cost Advice
CA solutions are generally expensive but for the customer the ROI is big.
I recommend conducting a PoC on every available product before choose one.
The price is quite comparable to the other enterprise-level solutions in that market.
The licensing model is a simple user-based model, not that much complicated.
out of 22 in Access Management
Average Words per Review
out of 22 in Access Management
Average Words per Review
Compared 56% of the time.
Compared 9% of the time.
Compared 6% of the time.
Compared 33% of the time.
Compared 25% of the time.
Compared 11% of the time.
Also Known As
|Single Sign-On, SiteMinder||Quest Active Roles|
|CA Technologies||One Identity|
CA Single Sign-On provides secure single sign-on and flexible access management to applications and Web services on-premise, in the cloud, from a mobile device or a partner’s site. For over a decade, CA Single Sign-On has been a leader in enterprise-class secure Web single sign-on and identity federation, providing a comprehensive solution that addresses access to applications and cloud services. CA Single Sign-On delivers unparalleled reliability, availability, scalability and manageability.
Active Roles is a single, unified and rich tool to automate the most troublesome user and group management tasks. With One Identity Active Roles, you can streamline user and group administration, solve security issues – and meet those never-ending compliance requirements by managing and securing on-prem, and cloud AD resources simply and efficiently with a single, intuitive solution.
Learn more about CA SSO
Learn more about One Identity Active Roles
|British Telecom, CoreBlox, DBS, HMS, Itera ASA and Simeo||City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies|