• Several SSO methods are supported out of box.
• Federation based SSO (SAML / Oauth / OpenID etc) setup is easy.
• Very good performance and scalability.
• The internal STS token service can be used for custom SSO tokens.
• It is highly scalable and can meet high loads and performances.
• Reverse proxy sits in front of the application and applications need only minimal changes to support SSO with ISAM.

View full review »

WebSEAL is a reverse proxy web server that performs authentication and authorizations. It is similar to CA SiteMinder Secure Proxy Server. The advantage of WebSEAL is that WebSEAL supports SPNEGO protocol and Kerberos authentication to support Windows desktop single sign-on. Actually, Apache HTTP server supports SPNEGO protocol, as well. However, TAM can map a user account in a domain controller to a web application's user account that has a different ID, in collaboration with IBM Tivoli Identity Manager (TIM).

View full review »

Tivoli Access Manager's proxy product (WebSEAL) is extremely fast. The configuration options are mysterious and old-school, but they are a rich and small enough set that you can comprehend them and get it working right. The auth and policy product has a reasonable LDAP implementation.

View full review »

Some of the valuable features are:

• Reverse proxy
• Protected object space
• Ease of integration
• Multiple and robust AuthN and AuthZ mechanisms built-in
• No single point of failure (SPOF)

View full review »

Since a couple of versions back, the product moved to a different “mentality” I would say. Compared to when it was deployed as a software package, things are now much smoother in that direction. The product is coming as an appliance (either hardware either virtual). This method simplifies the management a lot, and the deployment as well. It provides SSO across applications, together with risk-based access and strong multi-factor authentication. Very flexible and scalable.

View full review »

• Password management
• Single sign on
• Provisioning and de-provisioning of account
• Unified Directory Server

View full review »

A number of new features, such as application firewall and load balancer, were added to this solution. These features are no longer available as a software version, but only as an appliance (virtual or hard).

The same appliance firmware allows you to enable more features, such as advanced access control and federation, for all of the components.

View full review »

The SSO, URL-based access control, OAuth 2 and OIDC are the most valuable features.

The URL-based access control has become more important due to the paradigm shift towards RESTful APIs, i.e., where URLs uniquely represent the resources to be protected. IBM TAM has a rich authorization model which simulates the system/environment to be protected by its protected object space. This makes it easy to visualize the hierarchical model of the end system and to attach ACLs/policies and customized rules, to the objects to be protected.

OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server.

OIDC is fast becoming equally or more popular than SAML and is certainly the modern developers choice for SSO, i.e., for both the cloud/on-prem apps. The newer version of the IBM TAM supports OIDC, which can act as the OIDC provider.

View full review »

Flexibility to connect with different environments and product stability are the best features.

• Connection: There are a number of players in the market and most of them have challenges with being able to connect seamlessly without customization to various data providers, such as queues or databases. Since IBM's Identity and Access management has been in the market for a long time, the connectivity has improved over time.
• Stability: An application that is not stable enough will never succeed in the market. I have seen less down time.

View full review »

I like the primary function of this product allowing the administration of user/network accounts with a fair amount of ease.

View full review »

Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites. These are heavily customizable and can fully integrate with in-house provisioning systems.

View full review »

From my experience, most of the product features are meant for specific purpose(s) of its own demand and need. Implementing the feature depends on case to case, considering the organization's enterprise/middleware infrastructure design.

TAM component integration and their SSO capabilities and transparency are the most valuable features I have found.

View full review »

Centralized policy management and reverse proxy-based architecture make it very flexible in terms of deployment, adoption, and implementation. SSO capabilities over various technologies is another strength of this product.

View full review »

• Authentication
• Authorization
• Risk Profile
• MFA
• Federation
• Oath
• SAML 2.0

View full review »

Some valuable features in this product are: webSEAL policy, proxy servers, LDAP server (IBM TDS).

The modularity with which each component may run on a different host is valuable. In addition, multiple instances per component might be installed with load balancers. It provides good scalability and reliability, not to mention the overall availability of the service.

View full review »

Identity management

View full review »

Protection of web applications

View full review »

It’s a very flexible and customizable product.

View full review »

Scalability and the easy integration with existing web applications with no or minimal change to applications.

View full review »

Tivoli Access Manager (or IBM Security Access Manager) is a fully featured web authentication, sso and authorization product.The product supports multiple user information repositories and also integrates with a variety of strong authentication solutions.Supports reverse proxy as well as adapters placed directly on web servers and app servers.Later product versions supports fine grained authorization as well as XACML based authorization configuration. The DP integration provides support for authn and authz for web services. View full review »

Reverse proxy is the most valuable feature as it provides central control over authentication and authorization. The integration effort with the end application is quite straightforward and easy.

View full review »

• Simplified architecture
• Security

View full review »

The single sign-on configurations are unique to the product. They support multiple types of SSO configurations, including FSSO, HTTP, SAML. The most robust functionality for SSO is its EAI (External Authentication Interface) option. EAI allows customers to customize their authentication mechanisms as per their needs.

Access management for web resources is simple to configure but highly impenetrable. It can search all the resources in the protected system and allows you to manage user access with a few clicks.

View full review »

Web security.

View full review »

Reverse proxy component, known as WebSEAL. It provides large number of authentication options that are out of the box.

View full review »

• The Verify feature: A push method which customers are going for
• “Password-less” solution
• A very good demo to look at
• A very good solution to take to customers
• Solves a lot of the problems with help desk calls and password resets
• A very secure solution

View full review »

• Junctions access control
• Transparency to the user

View full review »

• WebSEAL
• SSO

View full review »

Tivoli access manager enables integration with user session management and Web Sphere Data Power in web services and web 2.0 environments.Authentication and authorization management for online business initiatives and portals implementations are centralized.Access controls for .NET, Java, Exchange servers and Microsoft Share point implementations are also centralized.Capabilities of advanced security are enhanced to support strong, flexible authentifications and authentications based on risks as well as critical internet vulnerabilities.Malicious, fraudulent, accidental behavior by staff and internal users are high level security threats that are prevented by Tivoli access manager.It also delivers Web SSO that is consistent with users on heterogeneous systems. View full review »